From owner-freebsd-jail@FreeBSD.ORG Mon Mar 1 11:07:04 2010 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F33E1065687 for ; Mon, 1 Mar 2010 11:07:04 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 0CF9E8FC26 for ; Mon, 1 Mar 2010 11:07:04 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o21B739m017838 for ; Mon, 1 Mar 2010 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o21B73bt017836 for freebsd-jail@FreeBSD.org; Mon, 1 Mar 2010 11:07:03 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 1 Mar 2010 11:07:03 GMT Message-Id: <201003011107.o21B73bt017836@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2010 11:07:04 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 6 problems total. From owner-freebsd-jail@FreeBSD.ORG Tue Mar 2 09:04:45 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 789761065670 for ; Tue, 2 Mar 2010 09:04:45 +0000 (UTC) (envelope-from christias@gmail.com) Received: from mail-bw0-f216.google.com (mail-bw0-f216.google.com [209.85.218.216]) by mx1.freebsd.org (Postfix) with ESMTP id 0E5898FC13 for ; Tue, 2 Mar 2010 09:04:44 +0000 (UTC) Received: by bwz8 with SMTP id 8so18632bwz.3 for ; Tue, 02 Mar 2010 01:04:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=Dkx1mylPYTADE2Cbhwhnq/9+a49rlOekkVK3P9+qwWQ=; b=S7AnQhoxeHJgac/t7A+NCois12RPJUcl/xPnUP+ZwqPD+GX1l5EMsQ1YFTylp3u2NW AKThqsOU/R5W8zAFtBexVmC0+FJBlvf03Snoru30tkcCg2BRLeaugWIIfb3Hc0g1T7Ek ze8PNouUWiH+yEPRB+w/D4Xpnd2Mj9Xl+sYLk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=GSlR1zWX27VzgWu94dVgRXS72z+sjfWj5sDeVpaGyl80Hf1o4K/JlybiFPL9BS4J3f gHmlm1dIkSRfEluv8shA3+wuoAswcGX7NLw2yDswj2h+hpG6TbGGSAmWOJQb6UHk+a8M 4Z+G24/ew7PMw9inDXHvcmhW5uDbKRe2OWhiY= MIME-Version: 1.0 Received: by 10.204.30.212 with SMTP id v20mr4131939bkc.99.1267519028568; Tue, 02 Mar 2010 00:37:08 -0800 (PST) Date: Tue, 2 Mar 2010 10:37:08 +0200 Message-ID: From: Panagiotis Christias To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: How could a jail learn which is its parent host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 09:04:45 -0000 Hello, I am looking for a simple way so each jail could know at any time in which (physical) server is hosted. Any suggestions? Thanks, Panagiotis From owner-freebsd-jail@FreeBSD.ORG Tue Mar 2 09:32:24 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7D101065670 for ; Tue, 2 Mar 2010 09:32:24 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 766718FC1A for ; Tue, 2 Mar 2010 09:32:24 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id A73B819E023; Tue, 2 Mar 2010 10:32:22 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 566D319E019; Tue, 2 Mar 2010 10:32:20 +0100 (CET) Message-ID: <4B8CDB24.2080400@quip.cz> Date: Tue, 02 Mar 2010 10:32:20 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.8) Gecko/20100205 SeaMonkey/2.0.3 MIME-Version: 1.0 To: Panagiotis Christias References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: How could a jail learn which is its parent host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 09:32:24 -0000 Panagiotis Christias wrote: > Hello, > > I am looking for a simple way so each jail could know at any time in > which (physical) server is hosted. Any suggestions? I am not sure what you need to know about host(s). If you have setup where jails are on NAS/SAN storage and you want to identify real HW, you can do it by MAC address of network card. It is available in jail. Other informations are mostly hidden. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Tue Mar 2 13:26:17 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9BCDC1065674 for ; Tue, 2 Mar 2010 13:26:17 +0000 (UTC) (envelope-from coco@executive-computing.de) Received: from mail.moehre.org (mail.moehre.org [195.96.32.7]) by mx1.freebsd.org (Postfix) with ESMTP id 5ADD28FC21 for ; Tue, 2 Mar 2010 13:26:17 +0000 (UTC) Received: from localhost (unknown [195.96.32.7]) by mail.moehre.org (Postfix) with ESMTP id 1AF93157357E; Tue, 2 Mar 2010 14:26:16 +0100 (CET) X-Spam-Flag: NO X-Spam-Score: -1.371 X-Spam-Level: X-Spam-Status: No, score=-1.371 tagged_above=-999 required=5 tests=[ALL_TRUSTED=-1.44, AWL=0.069] autolearn=ham Received: from mail.moehre.org ([195.96.32.7]) by localhost (mail.moehre.org [195.96.32.7]) (amavisd-new, port 10024) with ESMTP id MRjRRIHlA7MO; Tue, 2 Mar 2010 14:26:09 +0100 (CET) Received: from [192.168.100.30] (p54B0C59B.dip.t-dialin.net [84.176.197.155]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: coco@executive-computing.de) by mail.moehre.org (Postfix) with ESMTP id 2E45C157354E; Tue, 2 Mar 2010 14:26:09 +0100 (CET) Message-ID: <4B8D11ED.7020504@executive-computing.de> Date: Tue, 02 Mar 2010 14:26:05 +0100 From: Marco Steinbach User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Panagiotis Christias References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: How could a jail learn which is its parent host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 13:26:17 -0000 Panagiotis Christias schrieb: > Hello, > > I am looking for a simple way so each jail could know at any time in > which (physical) server is hosted. Any suggestions? Depending on your needs and setup, how about simply having the host create a file within the jail containing all needed information upon jail startup (e.g. by using jail_exec_prestart, see rc.conf(5)) or at regular intervals ? MfG CoCo From owner-freebsd-jail@FreeBSD.ORG Tue Mar 2 14:22:07 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 20B661065670 for ; Tue, 2 Mar 2010 14:22:07 +0000 (UTC) (envelope-from alexey@renatasystems.org) Received: from mx-4.renatasystems.org (mx-4.renatasystems.org [217.16.18.200]) by mx1.freebsd.org (Postfix) with SMTP id 58E568FC1A for ; Tue, 2 Mar 2010 14:22:05 +0000 (UTC) Received: (qmail 27745 invoked by uid 1001); 2 Mar 2010 16:55:22 +0300 Date: Tue, 2 Mar 2010 16:55:22 +0300 From: "Alexey V. Degtyarev" To: Panagiotis Christias Message-ID: <20100302135521.GF23214@hs-4.renatasystems.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 6.2-RELEASE User-Agent: Mutt/1.5.20 (2009-06-14) Cc: freebsd-jail@freebsd.org Subject: Re: How could a jail learn which is its parent host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 14:22:07 -0000 On 10:37 Tue 02 Mar, Panagiotis Christias wrote: > I am looking for a simple way so each jail could know at any time in > which (physical) server is hosted. Any suggestions? You may push a kernel environment on physical server so it will be available from within jail. To achieve it, on the mainhost (physical server) add to /boot/loader.conf: x.mainhost="physical.example.com" after reboot the mainhost server, you can use x.mainhost env from within jail (and mainhost as well): [root@jail1 ~]# kenv x.mainhost physical.example.com Check kenv(1) and loader.conf(5) for details. -- Alexey V. Degtyarev From owner-freebsd-jail@FreeBSD.ORG Tue Mar 2 19:01:17 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCEEC106566C; Tue, 2 Mar 2010 19:01:17 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from ns1.jnielsen.net (ns1.jnielsen.net [69.55.238.237]) by mx1.freebsd.org (Postfix) with ESMTP id A14098FC14; Tue, 2 Mar 2010 19:01:17 +0000 (UTC) Received: from jnielsen.socialserve.com ([12.53.251.10]) (authenticated bits=0) by ns1.jnielsen.net (8.12.9p2/8.12.9) with ESMTP id o22IPXpf092085; Tue, 2 Mar 2010 13:25:33 -0500 (EST) (envelope-from lists@jnielsen.net) From: John Nielsen To: freebsd-emulation@freebsd.org Date: Tue, 2 Mar 2010 13:25:27 -0500 User-Agent: KMail/1.12.4 (Darwin/9.8.0; KDE/4.3.4; i386; ; ) MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201003021325.27197.lists@jnielsen.net> X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on ns1.jnielsen.net X-Virus-Status: Clean Cc: freebsd-jail@freebsd.org Subject: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 19:01:17 -0000 Has anyone tried to run a jail containing only Linux binaries? I need a lightweight VM-ish solution to run an arbitrary number of test/dev/demo servers (apache + python mostly) but would like it to be reasonably close to the "real" servers (running Linux) in terms of software installation and maintenance, etc. (Moving the whole show over to FreeBSD is a battle for another day..) Aside from the logistics of actually making this work, are there any known or obvious show-stoppers/gotchas/pitfalls/etc? Ideally yum and rc+init.d would work normally, though I expect a bit of startup hackery may be necessary (as well as hand-extracting a bunch of RPM's to bootstrap the first jail). If you have attempted something like this I'd love to hear from you. Thanks! JN From owner-freebsd-jail@FreeBSD.ORG Tue Mar 2 19:52:25 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BD27F1065674 for ; Tue, 2 Mar 2010 19:52:25 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from blu0-omc2-s30.blu0.hotmail.com (blu0-omc2-s30.blu0.hotmail.com [65.55.111.105]) by mx1.freebsd.org (Postfix) with ESMTP id 88F418FC38 for ; Tue, 2 Mar 2010 19:52:25 +0000 (UTC) Received: from BLU138-W11 ([65.55.111.72]) by blu0-omc2-s30.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 2 Mar 2010 11:52:24 -0800 Message-ID: X-Originating-IP: [81.174.54.98] From: Andrew Hotlab To: , Date: Tue, 2 Mar 2010 19:52:24 +0000 Importance: Normal Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 02 Mar 2010 19:52:24.0848 (UTC) FILETIME=[E1447100:01CABA41] Cc: freebsd-jail@freebsd.org Subject: RE: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 19:52:25 -0000 ---------------------------------------- > From: lists@jnielsen.net > To: freebsd-emulation@freebsd.org > Date: Tue=2C 2 Mar 2010 13:25:27 -0500 > CC: freebsd-jail@freebsd.org > Subject: linux-only jail possible? > > Has anyone tried to run a jail containing only Linux binaries? I need a > lightweight VM-ish solution to run an arbitrary number of test/dev/demo > servers (apache + python mostly) but would like it to be reasonably close= to > the "real" servers (running Linux) in terms of software installation and > maintenance=2C etc. (Moving the whole show over to FreeBSD is a battle fo= r > another day..) > > If you have attempted something like this I'd love to hear from you. > I didn't attempt that but=2C if I can make a suggestion=2C I would never sp= end time in making a Linux userland run on a BSD kernel while I can run Lin= ux binaries directly on FreeBSD using the Linux ABI (http://www.freebsd.org= /handbook/linuxemu.html). I heard about a project that aims to do what you are looking for (http://ww= w.debian.org/ports/kfreebsd-gnu)=2C but I do not know at what stage it is. My genuine suggestion is to spend time to advocate BSD and persuade your co= mpany to "move the whole show on it"! ... please note that this suggestion= is coming from a multi-certified Microsoft specialist! =3B) Sincerely. Andrew =20 _________________________________________________________________ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=3D60969= From owner-freebsd-jail@FreeBSD.ORG Tue Mar 2 20:06:04 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CDD83106566B; Tue, 2 Mar 2010 20:06:04 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from ns1.jnielsen.net (ns1.jnielsen.net [69.55.238.237]) by mx1.freebsd.org (Postfix) with ESMTP id 98B028FC27; Tue, 2 Mar 2010 20:06:04 +0000 (UTC) Received: from jnielsen.socialserve.com ([12.53.251.10]) (authenticated bits=0) by ns1.jnielsen.net (8.12.9p2/8.12.9) with ESMTP id o22K63pf013402; Tue, 2 Mar 2010 15:06:03 -0500 (EST) (envelope-from lists@jnielsen.net) From: John Nielsen To: Andrew Hotlab Date: Tue, 2 Mar 2010 15:05:57 -0500 User-Agent: KMail/1.12.4 (Darwin/9.8.0; KDE/4.3.4; i386; ; ) References: In-Reply-To: MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201003021505.57820.lists@jnielsen.net> X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on ns1.jnielsen.net X-Virus-Status: Clean Cc: freebsd-emulation@freebsd.org, freebsd-jail@freebsd.org Subject: Re: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 20:06:04 -0000 On Tuesday 02 March 2010 14:52:24 Andrew Hotlab wrote: > ---------------------------------------- > > > From: lists@jnielsen.net > > To: freebsd-emulation@freebsd.org > > Date: Tue, 2 Mar 2010 13:25:27 -0500 > > CC: freebsd-jail@freebsd.org > > Subject: linux-only jail possible? > > > > Has anyone tried to run a jail containing only Linux binaries? I need a > > lightweight VM-ish solution to run an arbitrary number of test/dev/demo > > servers (apache + python mostly) but would like it to be reasonably > > close to the "real" servers (running Linux) in terms of software > > installation and maintenance, etc. (Moving the whole show over to > > FreeBSD is a battle for another day..) > > > > If you have attempted something like this I'd love to hear from you. > > I didn't attempt that but, if I can make a suggestion, I would never > spend time in making a Linux userland run on a BSD kernel while I can > run Linux binaries directly on FreeBSD using the Linux ABI > (http://www.freebsd.org/handbook/linuxemu.html). I heard about a project > that aims to do what you are looking for > (http://www.debian.org/ports/kfreebsd-gnu), but I do not know at what > stage it is. My plan IS to run Linux binaries directly on FreeBSD using the Linux ABI. I just want to do it in jails. Since all the software I plan to run in the jails will be Linux, I'm wondering if I can get away without using anything else. The debian port is something else. Even if it has jails support it's not mature enough for what I have in mind and I'd like the FreeBSD host to be real FreeBSD. > My genuine suggestion is to spend time to advocate BSD and persuade your > company to "move the whole show on it"! ... please note that this > suggestion is coming from a multi-certified Microsoft specialist! ;) My boss is actually a proponent of FreeBSD as well, but there are many man- hours invested in getting the current infrastructure to work smoothly (which it does), and we don't have the time or the motivation to do a wholesale switchover at this point. A gradual switch is more likely, especially once some things like SUJ have time to mature in the tree. R, JN From owner-freebsd-jail@FreeBSD.ORG Tue Mar 2 20:26:31 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 765331065670 for ; Tue, 2 Mar 2010 20:26:31 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 33B128FC1D for ; Tue, 2 Mar 2010 20:26:30 +0000 (UTC) Received: from elsa.codelab.cz (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id DD19E19E027; Tue, 2 Mar 2010 21:26:28 +0100 (CET) Received: from [192.168.1.2] (r5bb235.net.upc.cz [86.49.61.235]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 89D3919E023; Tue, 2 Mar 2010 21:26:26 +0100 (CET) Message-ID: <4B8D7471.5060006@quip.cz> Date: Tue, 02 Mar 2010 21:26:25 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.8) Gecko/20100205 SeaMonkey/2.0.3 MIME-Version: 1.0 To: John Nielsen References: <201003021325.27197.lists@jnielsen.net> In-Reply-To: <201003021325.27197.lists@jnielsen.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-emulation@freebsd.org, freebsd-jail@freebsd.org Subject: Re: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 20:26:31 -0000 John Nielsen wrote: > Has anyone tried to run a jail containing only Linux binaries? I need a > lightweight VM-ish solution to run an arbitrary number of test/dev/demo > servers (apache + python mostly) but would like it to be reasonably close to > the "real" servers (running Linux) in terms of software installation and > maintenance, etc. (Moving the whole show over to FreeBSD is a battle for > another day..) > > Aside from the logistics of actually making this work, are there any known > or obvious show-stoppers/gotchas/pitfalls/etc? > > Ideally yum and rc+init.d would work normally, though I expect a bit of > startup hackery may be necessary (as well as hand-extracting a bunch of > RPM's to bootstrap the first jail). > > If you have attempted something like this I'd love to hear from you. I don't think it is possible to emulate full Linux environment and behavior in FreeBSD jail. You can use linux binaries with Linux ABI in jail, but it will be controlled by FreeBSD rc.d scripts, sw will be installed by ports system etc. Maybe you can have FreeBSD host system and start jail installed as copy of Debian GNU/kFreeBSD instead of classic FreeBSD jail + linux_base port. All in all, it will be a lot of work and experiments. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Tue Mar 2 23:18:52 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C1731065674 for ; Tue, 2 Mar 2010 23:18:52 +0000 (UTC) (envelope-from christias@gmail.com) Received: from mail-bw0-f216.google.com (mail-bw0-f216.google.com [209.85.218.216]) by mx1.freebsd.org (Postfix) with ESMTP id B4D388FC1B for ; Tue, 2 Mar 2010 23:18:51 +0000 (UTC) Received: by bwz8 with SMTP id 8so768189bwz.3 for ; Tue, 02 Mar 2010 15:18:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=90xn9pSxswy8tqnaHmT7ylvXcT7O05KzTOnIYmD1l74=; b=EUPuMPW1QoR0TcE9EPaeBo9nf0UB1AM5wRr0Kwh8A7DFgpBnYCrwl86rbLTKi5eXjF vrRAkgMo/MnAK19hHXIjyZcSw9XhK7Dju3bL6YylcWXAOEXXyV5fvT9IOjDeToBEuw/l xKGaBW+1/rm6wn9qU0bXjlrALOYwIbS7EEOFg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=ZmApBcopZoU8MaqGcROe+3UEUyL1Zhd33rcnJFuTBwoMcbqrvwcKShT9Omafawzi2W ToI3WwglCWhaKSQJ8mPHQ8hRDkO7xHWheCEpDGmX1BLoqd/C2afhYLGLBojxunanCgDz Lo1m2vcpamG2pyNMIzx4klAkm/DcOFTkU2ZOU= MIME-Version: 1.0 Received: by 10.204.38.77 with SMTP id a13mr5236373bke.26.1267571924299; Tue, 02 Mar 2010 15:18:44 -0800 (PST) In-Reply-To: <20100302135521.GF23214@hs-4.renatasystems.org> References: <20100302135521.GF23214@hs-4.renatasystems.org> Date: Wed, 3 Mar 2010 01:18:44 +0200 Message-ID: From: Panagiotis Christias To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: How could a jail learn which is its parent host? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2010 23:18:52 -0000 On Tue, Mar 2, 2010 at 3:55 PM, Alexey V. Degtyarev wrote: > > On 10:37 Tue 02 Mar, Panagiotis Christias wrote: > >> I am looking for a simple way so each jail could know at any time in >> which (physical) server is hosted. Any suggestions? > > You may push a kernel environment on physical server so it will be > available from within jail. To achieve it, on the mainhost (physical > server) add to /boot/loader.conf: > > x.mainhost="physical.example.com" > > after reboot the mainhost server, you can use x.mainhost env from within > jail (and mainhost as well): > > [root@jail1 ~]# kenv x.mainhost > physical.example.com > > Check kenv(1) and loader.conf(5) for details. Thanks all for your suggestions. Kenv looks like the clearest way to go, although jail_exec_prestart and jail_exec_afterstart can be really useful too. Regards, Panagiotis From owner-freebsd-jail@FreeBSD.ORG Wed Mar 3 07:08:56 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B84A106564A for ; Wed, 3 Mar 2010 07:08:56 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-bw0-f224.google.com (mail-bw0-f224.google.com [209.85.218.224]) by mx1.freebsd.org (Postfix) with ESMTP id ACBD08FC0A for ; Wed, 3 Mar 2010 07:08:55 +0000 (UTC) Received: by bwz24 with SMTP id 24so1104481bwz.13 for ; Tue, 02 Mar 2010 23:08:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:date:from:to:subject :message-id:mime-version:content-type:content-disposition:user-agent; bh=CP05h5zF/q+MKCWfyMy6/7lfJL+ZTjN3ufQzA3Zvu7w=; b=BqHudhdm6XHTmF1K3iT9Le7/uTsoQIuCKQQTcTl1/k8UqcaoklfW8I1Zo0rOrzRfDC ZnRdgFn2X2RBEEPb3wVg2Y+xej3qGNp5s/IwEW8iLxD5OrUPMEggcpDQDD9em5a+oJLL 12pow+xBSIDg+DS1pVWFRBWRSRenMhzT6eHR4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=P9xVE4vEF+CG6XDXR0nqg2c7ZxZB4vi+Re6T9c9jBRStCSNFriVGsVXVsWwaUcffOn ULW9pzX7JaXhFxnuypbeBgaaQR4U4wgNmJmPe2iAOkhiDXtlKyDBgWupDIKaDhO0y0fV Xnmb5+XGcaFtTzuZv1PQccloToSTQGm1+bGl0= Received: by 10.204.11.11 with SMTP id r11mr5657297bkr.12.1267598546057; Tue, 02 Mar 2010 22:42:26 -0800 (PST) Received: from wicklow.lan (stc92-3-82-245-249-89.fbx.proxad.net [82.245.249.89]) by mx.google.com with ESMTPS id g18sm328880bkw.19.2010.03.02.22.42.25 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 02 Mar 2010 22:42:25 -0800 (PST) Received: from bapt (uid 1001) (envelope-from baptiste.daroussin@gmail.com) id 2d2d6 by wicklow.lan (DragonFly Mail Agent) Wed, 03 Mar 2010 07:37:57 +0100 Date: Wed, 3 Mar 2010 07:37:57 +0100 From: Baptiste Daroussin To: freebsd-jail@freebsd.org Message-ID: <20100303063757.GA20246@wicklow.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Linux-only jail: yes it is possible X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2010 07:08:56 -0000 Hi, I'm new to the list I just want to testify that linux-only jails are possible. I just (a few days ago) managed to have Debian GNU/Linux Lenny in a jail on FreeBSD 8-STABLE (last update should be january). It is not perfect but it works. For now I've been able to make work ssh, apache, xinetd, cron. The only tested thing that currently fail is ssysklogd because of tries entries in /dev. Explaination in french are available here: http://blog.etoilebsd.net/post/Emprisonner_une_debian_dans_un_FreeBSD Here is a fast translation: 1/ Create the jail skeleton: # mkdir /home/jails/debian # mkdir /home/jails/debian/dev # mkdir /home/jails/debian/proc # mkdir /home/jails/debian/sys 2/ Load the linuxulator modules # kldload linux # kldload linprocfs # kldload linsysfs # kldload lindev 3/ Mount the requiered FS # mount -t devfs none /home/jails/debian/dev # mount -t linprocfs none /home/jails/debian/proc # mount -t linsysfs none /home/jails/debian/sys (note: I'm note sure lindev is important or not) I use and OpenVZ debian image for my setup because I'm lazy 4/ fetch it # fetch http://download.openvz.org/template/precreated/debian-5.0-x86.tar.gz 5/ unpack it # tar xvfp debian-5.0-x86.tar.gz -C debian --exclude dev* --exclude proc* \ --exclude sys* now to be able to start the jail normally we only need one process to run (I didn't really try to make it persistant with the persist keyword) To take care of my lasyness, I created a /etc/rc and /etc/rc.shutdown on the debian to be sure it can work with the jails init script ootb. # echo "/etc/init.d/cron start" > /home/jails/debian/etc/rc # chmod 755 /home/jails/debian/etc/rc # echo "/etc/init.d/cron stop" > /home/jails/debian/etc/rc.shutdown # chmod 755 /home/jails/debian/etc/rc.shutdown in the rc.conf : jail_debian_rootdir=/home/jails/debian jail_debian_hostname="debian" jail_debian_ip="192.168.1.3" jail_debian_interface="nfe0" jail_debian_devfs_enable="YES" jail_debian_devfs_ruleset="devfsrules_jail" jail_debian_flags="-n debian" # /etc/rc.d/jail start debian # to start it Here is the magic: #jls JID IP Address Hostname Path 15 192.168.1.3 debian /home/jails/debian #jexec debian uname -a Linux debian 2.6.16 FreeBSD 8.0-STABLE #3: Sun Jan 10 20:39:38 CET 2010 i686 GNU/Linux #jexec debian cat /etc/debian_version 5.0.4 my main usage is to be able to test my own C code on linux. Hope it can help. regards, ----- Bapt From owner-freebsd-jail@FreeBSD.ORG Wed Mar 3 08:17:46 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F0FB9106566C for ; Wed, 3 Mar 2010 08:17:46 +0000 (UTC) (envelope-from rdivacky@vlk.vlakno.cz) Received: from vlakno.cz (77-93-215-190.static.masterinter.net [77.93.215.190]) by mx1.freebsd.org (Postfix) with ESMTP id AEA378FC13 for ; Wed, 3 Mar 2010 08:17:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by vlakno.cz (Postfix) with ESMTP id 5D2839CB488; Wed, 3 Mar 2010 09:00:53 +0100 (CET) X-Virus-Scanned: amavisd-new at vlakno.cz Received: from vlakno.cz ([127.0.0.1]) by localhost (lev.vlakno.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z2pRXbB4yXQR; Wed, 3 Mar 2010 09:00:51 +0100 (CET) Received: from vlk.vlakno.cz (localhost [127.0.0.1]) by vlakno.cz (Postfix) with ESMTP id 1EE6C9CB498; Wed, 3 Mar 2010 09:00:51 +0100 (CET) Received: (from rdivacky@localhost) by vlk.vlakno.cz (8.14.3/8.14.3/Submit) id o2380oPt022545; Wed, 3 Mar 2010 09:00:50 +0100 (CET) (envelope-from rdivacky) Date: Wed, 3 Mar 2010 09:00:50 +0100 From: Roman Divacky To: John Nielsen Message-ID: <20100303080050.GA22322@freebsd.org> References: <201003021325.27197.lists@jnielsen.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201003021325.27197.lists@jnielsen.net> User-Agent: Mutt/1.4.2.3i Cc: freebsd-emulation@freebsd.org, freebsd-jail@freebsd.org Subject: Re: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2010 08:17:47 -0000 I succesfully ran chroot of linux environment on freebsd back in 2007/2008. I firmly believe jail should work fine too On Tue, Mar 02, 2010 at 01:25:27PM -0500, John Nielsen wrote: > Has anyone tried to run a jail containing only Linux binaries? I need a > lightweight VM-ish solution to run an arbitrary number of test/dev/demo > servers (apache + python mostly) but would like it to be reasonably close to > the "real" servers (running Linux) in terms of software installation and > maintenance, etc. (Moving the whole show over to FreeBSD is a battle for > another day..) > > Aside from the logistics of actually making this work, are there any known > or obvious show-stoppers/gotchas/pitfalls/etc? > > Ideally yum and rc+init.d would work normally, though I expect a bit of > startup hackery may be necessary (as well as hand-extracting a bunch of > RPM's to bootstrap the first jail). > > If you have attempted something like this I'd love to hear from you. > > Thanks! > > JN > _______________________________________________ > freebsd-emulation@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-emulation > To unsubscribe, send any mail to "freebsd-emulation-unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Wed Mar 3 16:59:56 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7229A106566B; Wed, 3 Mar 2010 16:59:56 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from ns1.jnielsen.net (ns1.jnielsen.net [69.55.238.237]) by mx1.freebsd.org (Postfix) with ESMTP id 384238FC1E; Wed, 3 Mar 2010 16:59:55 +0000 (UTC) Received: from jnielsen.socialserve.com ([12.53.251.10]) (authenticated bits=0) by ns1.jnielsen.net (8.12.9p2/8.12.9) with ESMTP id o23Gxtpf068696; Wed, 3 Mar 2010 11:59:55 -0500 (EST) (envelope-from lists@jnielsen.net) From: John Nielsen To: Roman Divacky Date: Wed, 3 Mar 2010 11:59:49 -0500 User-Agent: KMail/1.12.4 (Darwin/9.8.0; KDE/4.3.4; i386; ; ) References: <201003021325.27197.lists@jnielsen.net> <20100303080050.GA22322@freebsd.org> In-Reply-To: <20100303080050.GA22322@freebsd.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201003031159.49694.lists@jnielsen.net> X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on ns1.jnielsen.net X-Virus-Status: Clean Cc: freebsd-emulation@freebsd.org, freebsd-jail@freebsd.org Subject: Re: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2010 16:59:56 -0000 On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote: > I succesfully ran chroot of linux environment on freebsd back in > 2007/2008. I firmly believe jail should work fine too Good to know, thanks! Would you mind sharing some more details? (Off-list is fine if you prefer.) Was it a more or less complete environment? What distro / version of Linux? JN From owner-freebsd-jail@FreeBSD.ORG Wed Mar 3 17:10:10 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 12FCE1065675 for ; Wed, 3 Mar 2010 17:10:10 +0000 (UTC) (envelope-from baptiste.daroussin@gmail.com) Received: from mail-fx0-f223.google.com (mail-fx0-f223.google.com [209.85.220.223]) by mx1.freebsd.org (Postfix) with ESMTP id 9C48D8FC1D for ; Wed, 3 Mar 2010 17:10:09 +0000 (UTC) Received: by fxm23 with SMTP id 23so251442fxm.3 for ; Wed, 03 Mar 2010 09:10:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=wHiJpuBs4u5EDqQudWwAhWN1NWF4u5wieNL8Qco2PBM=; b=vOAzxJKrzk/zi4O46Bzduf70kdPm9JpjsuLmqPiINzjqjb/Kph7gRqJBzKgbD+eT5S SqNLpkL2l2oJc3lx74/SCHzVw53vMzBFQvCmdCrfxdQ9kdNUCpXjLGerrIWm2q8fcmLM NQ5Yp9kjy7B37/1lgUOz0XwEsmOVtpSnhlr04= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=QrJMjQEsVTCPfAjrd32y/O0v/85i6r6EKQ1NU4jxWeKk95dtflhPVfdrm8ME6Z/IF9 mRVgMeGxlWX4/oFRB8ZqtSIKHKLD7KE9sQffkDDiLKiTxg2M9xMMfNpjcOB2/W0nnG+D BJ1trVgnchg1UVa6nNhf5YQjS8m959zV234wE= MIME-Version: 1.0 Received: by 10.87.72.8 with SMTP id z8mr2157321fgk.37.1267636203900; Wed, 03 Mar 2010 09:10:03 -0800 (PST) In-Reply-To: <2ad0f9f61003030906s27f90f25m6ae6e7f99bed5df@mail.gmail.com> References: <20100303063757.GA20246@wicklow.lan> <2ad0f9f61003030906s27f90f25m6ae6e7f99bed5df@mail.gmail.com> Date: Wed, 3 Mar 2010 17:10:03 +0000 Message-ID: From: Baptiste Daroussin To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: Linux-only jail: yes it is possible X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2010 17:10:10 -0000 2010/3/3 Jack Carrozzo > So you're running a linux 'world' (binaries and dir structure) inside a > jail'd BSD kernel? Or did you do some insane code to somehow run a linux > kernel... > > Linux world inside on jail on a freebsd host, IE linux-only jail :) no linux kernel cheers, Bapt From owner-freebsd-jail@FreeBSD.ORG Wed Mar 3 17:10:23 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73E1A106564A for ; Wed, 3 Mar 2010 17:10:23 +0000 (UTC) (envelope-from askjuise@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.27]) by mx1.freebsd.org (Postfix) with ESMTP id 296AE8FC30 for ; Wed, 3 Mar 2010 17:10:22 +0000 (UTC) Received: by qw-out-2122.google.com with SMTP id 8so231035qwh.7 for ; Wed, 03 Mar 2010 09:10:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=fDAqcfnDp5KwOm5ggFIKNdOXolVg4CXQu/2ya/WeDkc=; b=gNGwE7xymRet7ocq5fPSsHL0c23D7gJWd84ltj+j5T4CFXNjukokPU2Kw3AWs6JEP5 Sj6LuN2aXd0GUbZIhTOCUyKfB4VPAttAFqexadg7Ku90IWs140mWCVeSvmgv+Xzg3QKV lBxeO57BEfVDef0VjXQ+ETefGfXDB58BDWgIw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=VFBgkGn8LtXeypjqWpT1wMIg395rd/RxMfCV7un8G4spOdhB0kbl+15B+l91GB42/R r0iXoVJub+7pA6Psyo3HPnSpfCCPqG71+oCEIyFiy1zuYbgWzEZY9f1jJuL3+eICJ4fy w+57ycGK5D2XbKGEjlBilgmofJTivK8kravVM= MIME-Version: 1.0 Received: by 10.229.88.193 with SMTP id b1mr13346qcm.27.1267636219763; Wed, 03 Mar 2010 09:10:19 -0800 (PST) In-Reply-To: <201003031159.49694.lists@jnielsen.net> References: <201003021325.27197.lists@jnielsen.net> <20100303080050.GA22322@freebsd.org> <201003031159.49694.lists@jnielsen.net> Date: Thu, 4 Mar 2010 01:10:19 +0800 Message-ID: <2ec071a81003030910t77f7876epbb0475fd75eedc74@mail.gmail.com> From: Alexander Petrovsky To: freebsd-jail@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2010 17:10:23 -0000 Hello! I think you find something like this - http://phaq.phunsites.net/2007/01/06/debian-gnukfreebsd-inside-native-freeb= sd-jail/ 2010/3/4 John Nielsen > On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote: > > I succesfully ran chroot of linux environment on freebsd back in > > 2007/2008. I firmly believe jail should work fine too > > Good to know, thanks! Would you mind sharing some more details? (Off-list > is > fine if you prefer.) Was it a more or less complete environment? What > distro > / version of Linux? > > JN > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > --=20 =D0=9F=D0=B5=D1=82=D1=80=D0=BE=D0=B2=D1=81=D0=BA=D0=B8=D0=B9 =D0=90=D0=BB= =D0=B5=D0=BA=D1=81=D0=B0=D0=BD=D0=B4=D1=80 / Alexander Petrovsky, ICQ: 350342118 Jabber: juise@jabber.ru Phone: +7 914 8 820 815 From owner-freebsd-jail@FreeBSD.ORG Wed Mar 3 17:33:01 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9461D1065676 for ; Wed, 3 Mar 2010 17:33:01 +0000 (UTC) (envelope-from jack@crepinc.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 23F458FC2E for ; Wed, 3 Mar 2010 17:33:00 +0000 (UTC) Received: by wyb32 with SMTP id 32so929116wyb.13 for ; Wed, 03 Mar 2010 09:32:54 -0800 (PST) MIME-Version: 1.0 Received: by 10.216.90.70 with SMTP id d48mr1251376wef.199.1267636017717; Wed, 03 Mar 2010 09:06:57 -0800 (PST) In-Reply-To: <20100303063757.GA20246@wicklow.lan> References: <20100303063757.GA20246@wicklow.lan> Date: Wed, 3 Mar 2010 12:06:57 -0500 Message-ID: <2ad0f9f61003030906s27f90f25m6ae6e7f99bed5df@mail.gmail.com> From: Jack Carrozzo To: Baptiste Daroussin Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org Subject: Re: Linux-only jail: yes it is possible X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2010 17:33:01 -0000 So you're running a linux 'world' (binaries and dir structure) inside a jail'd BSD kernel? Or did you do some insane code to somehow run a linux kernel... -Jack Carrozzo On Wed, Mar 3, 2010 at 1:37 AM, Baptiste Daroussin < baptiste.daroussin@gmail.com> wrote: > Hi, > > I'm new to the list I just want to testify that linux-only jails are > possible. > > I just (a few days ago) managed to have Debian GNU/Linux Lenny in a jail on > FreeBSD 8-STABLE (last update should be january). It is not perfect but it > works. For now I've been able to make work ssh, apache, xinetd, cron. The > only > tested thing that currently fail is ssysklogd because of tries entries in > /dev. > > Explaination in french are available here: > http://blog.etoilebsd.net/post/Emprisonner_une_debian_dans_un_FreeBSD > > Here is a fast translation: > > 1/ Create the jail skeleton: > # mkdir /home/jails/debian > # mkdir /home/jails/debian/dev > # mkdir /home/jails/debian/proc > # mkdir /home/jails/debian/sys > > 2/ Load the linuxulator modules > # kldload linux > # kldload linprocfs > # kldload linsysfs > # kldload lindev > > 3/ Mount the requiered FS > # mount -t devfs none /home/jails/debian/dev > # mount -t linprocfs none /home/jails/debian/proc > # mount -t linsysfs none /home/jails/debian/sys > > (note: I'm note sure lindev is important or not) > > I use and OpenVZ debian image for my setup because I'm lazy > 4/ fetch it > # fetch > http://download.openvz.org/template/precreated/debian-5.0-x86.tar.gz > > 5/ unpack it > # tar xvfp debian-5.0-x86.tar.gz -C debian --exclude dev* --exclude proc* \ > --exclude sys* > > now to be able to start the jail normally we only need one process to run > (I > didn't really try to make it persistant with the persist keyword) > > To take care of my lasyness, I created a /etc/rc and /etc/rc.shutdown on > the > debian to be sure it can work with the jails init script ootb. > > # echo "/etc/init.d/cron start" > /home/jails/debian/etc/rc > # chmod 755 /home/jails/debian/etc/rc > # echo "/etc/init.d/cron stop" > /home/jails/debian/etc/rc.shutdown > # chmod 755 /home/jails/debian/etc/rc.shutdown > > in the rc.conf : > jail_debian_rootdir=/home/jails/debian > jail_debian_hostname="debian" > jail_debian_ip="192.168.1.3" > jail_debian_interface="nfe0" > jail_debian_devfs_enable="YES" > jail_debian_devfs_ruleset="devfsrules_jail" > jail_debian_flags="-n debian" > > # /etc/rc.d/jail start debian # to start it > > Here is the magic: > #jls > JID IP Address Hostname Path > 15 192.168.1.3 debian /home/jails/debian > #jexec debian uname -a > Linux debian 2.6.16 FreeBSD 8.0-STABLE #3: Sun Jan 10 20:39:38 > CET 2010 i686 GNU/Linux > #jexec debian cat /etc/debian_version > 5.0.4 > > my main usage is to be able to test my own C code on linux. > > Hope it can help. > > regards, > ----- > Bapt > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Wed Mar 3 18:07:47 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A5C481065676; Wed, 3 Mar 2010 18:07:47 +0000 (UTC) (envelope-from rdivacky@vlk.vlakno.cz) Received: from vlakno.cz (77-93-215-190.static.masterinter.net [77.93.215.190]) by mx1.freebsd.org (Postfix) with ESMTP id 601588FC14; Wed, 3 Mar 2010 18:07:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by vlakno.cz (Postfix) with ESMTP id BCCC29CB0DA; Wed, 3 Mar 2010 19:06:38 +0100 (CET) X-Virus-Scanned: amavisd-new at vlakno.cz Received: from vlakno.cz ([127.0.0.1]) by localhost (lev.vlakno.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nraoPPACi5uN; Wed, 3 Mar 2010 19:06:36 +0100 (CET) Received: from vlk.vlakno.cz (localhost [127.0.0.1]) by vlakno.cz (Postfix) with ESMTP id 74E8A9CB1FB; Wed, 3 Mar 2010 19:06:36 +0100 (CET) Received: (from rdivacky@localhost) by vlk.vlakno.cz (8.14.3/8.14.3/Submit) id o23I6aEe031681; Wed, 3 Mar 2010 19:06:36 +0100 (CET) (envelope-from rdivacky) Date: Wed, 3 Mar 2010 19:06:36 +0100 From: Roman Divacky To: John Nielsen Message-ID: <20100303180636.GA31551@freebsd.org> References: <201003021325.27197.lists@jnielsen.net> <20100303080050.GA22322@freebsd.org> <201003031159.49694.lists@jnielsen.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201003031159.49694.lists@jnielsen.net> User-Agent: Mutt/1.4.2.3i Cc: freebsd-emulation@freebsd.org, freebsd-jail@freebsd.org Subject: Re: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2010 18:07:47 -0000 On Wed, Mar 03, 2010 at 11:59:49AM -0500, John Nielsen wrote: > On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote: > > I succesfully ran chroot of linux environment on freebsd back in > > 2007/2008. I firmly believe jail should work fine too > > Good to know, thanks! Would you mind sharing some more details? (Off-list is > fine if you prefer.) Was it a more or less complete environment? What distro > / version of Linux? I downloaded gentoo 2007 untarred it into /compat/linux and chroot /compat/linux /bin/bash it just worked - nothing special was necessary dont remember much details but I had no problems with that setup From owner-freebsd-jail@FreeBSD.ORG Thu Mar 4 10:41:05 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79FD31065677; Thu, 4 Mar 2010 10:41:05 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 2EAC88FC1B; Thu, 4 Mar 2010 10:41:04 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2D51E.dip.t-dialin.net [217.226.213.30]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 53909844587; Thu, 4 Mar 2010 11:40:57 +0100 (CET) Received: from unknown (unknown [192.168.2.110]) by outgoing.leidinger.net (Postfix) with ESMTP id 0410511FE41; Thu, 4 Mar 2010 11:40:52 +0100 (CET) Date: Thu, 4 Mar 2010 11:40:50 +0100 From: Alexander Leidinger To: freebsd-jail@freebsd.org, John Nielsen Message-ID: <20100304114050.00007a59@unknown> In-Reply-To: <20100303180636.GA31551@freebsd.org> References: <201003021325.27197.lists@jnielsen.net> <20100303080050.GA22322@freebsd.org> <201003031159.49694.lists@jnielsen.net> <20100303180636.GA31551@freebsd.org> X-Mailer: Claws Mail 3.7.2cvs15 (GTK+ 2.16.0; i586-pc-mingw32msvc) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 53909844587.CEBB0 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-1.363, required 6, autolearn=disabled, ALL_TRUSTED -1.44, TW_ZJ 0.08) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1268304060.06661@72Lk7ITEybmcxBOwmSwNVw X-EBL-Spam-Status: No Cc: rdivacky@freebsd.org Subject: Re: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2010 10:41:05 -0000 On Wed, 3 Mar 2010 19:06:36 +0100 Roman Divacky wrote: > On Wed, Mar 03, 2010 at 11:59:49AM -0500, John Nielsen wrote: > > On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote: > > > I succesfully ran chroot of linux environment on freebsd back in > > > 2007/2008. I firmly believe jail should work fine too > > > > Good to know, thanks! Would you mind sharing some more details? > > (Off-list is fine if you prefer.) Was it a more or less complete > > environment? What distro / version of Linux? > > I downloaded gentoo 2007 untarred it into /compat/linux and > chroot /compat/linux /bin/bash > > it just worked - nothing special was necessary > > dont remember much details but I had no problems with that setup It does not need to be in this directory off course. You can install the gentoo-dist ports (not the gentoo-baase port). After that you can copy all the files to the place where you want to have the jail. Now you just need to configure a jail. It does not matter much if you use the jail stuff in the base system or a framework like ezjail or similar, as long as you configure an appropriate startup script in the linux-jail. The linux-startup part you need to do yourself, I do not think the default linux startup stuff is approrpiate. I suggest to start at least a sshd before you start the software you want to use. This way you can login into the linux-jail and investigate issues like it is a real system. I suggest to monitor the kernel messages on the FreeBSD host. There may be linux-syscalls which are not implemented (e.g. epoll stuff). There is currently no effort to implement those. There may be partial implementations for some sysctls (Roman has something somewhere), but nothing is in FreeBSD and no efforts are on the way to bring them in. If your software needs something like this, you either need to implement them yourself, switch the software to not use this (maybe by changing the linux emulation to 2.4 instead of 2.6), or to forget about using FreeBSD for this. emulation@ is a good address to ask questions regarding the status of things, http://wiki.freebsd.org/linux-kernel has some infos too. Bye, Alexander. From owner-freebsd-jail@FreeBSD.ORG Thu Mar 4 18:23:05 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EE558106566B; Thu, 4 Mar 2010 18:23:05 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from ns1.jnielsen.net (ns1.jnielsen.net [69.55.238.237]) by mx1.freebsd.org (Postfix) with ESMTP id C7E778FC21; Thu, 4 Mar 2010 18:23:05 +0000 (UTC) Received: from jnielsen.socialserve.com ([12.53.251.10]) (authenticated bits=0) by ns1.jnielsen.net (8.12.9p2/8.12.9) with ESMTP id o24IN4pf080893; Thu, 4 Mar 2010 13:23:04 -0500 (EST) (envelope-from lists@jnielsen.net) From: John Nielsen To: Alexander Leidinger Date: Thu, 4 Mar 2010 13:22:57 -0500 User-Agent: KMail/1.12.4 (Darwin/9.8.0; KDE/4.3.4; i386; ; ) References: <201003021325.27197.lists@jnielsen.net> <20100303180636.GA31551@freebsd.org> <20100304114050.00007a59@unknown> In-Reply-To: <20100304114050.00007a59@unknown> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201003041322.57875.lists@jnielsen.net> X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on ns1.jnielsen.net X-Virus-Status: Clean Cc: rdivacky@freebsd.org, freebsd-jail@freebsd.org, freebsd-emulation@freebsd.org Subject: Re: linux-only jail possible? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2010 18:23:06 -0000 I went ahead and gave this a try with some encouraging results. Comments below. On Thursday 04 March 2010 05:40:50 Alexander Leidinger wrote: > On Wed, 3 Mar 2010 19:06:36 +0100 Roman Divacky > > wrote: > > On Wed, Mar 03, 2010 at 11:59:49AM -0500, John Nielsen wrote: > > > On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote: > > > > I succesfully ran chroot of linux environment on freebsd back in > > > > 2007/2008. I firmly believe jail should work fine too > > > > > > Good to know, thanks! Would you mind sharing some more details? > > > (Off-list is fine if you prefer.) Was it a more or less complete > > > environment? What distro / version of Linux? > > > > I downloaded gentoo 2007 untarred it into /compat/linux and > > chroot /compat/linux /bin/bash > > > > it just worked - nothing special was necessary > > > > dont remember much details but I had no problems with that setup > > It does not need to be in this directory off course. You can install > the gentoo-dist ports (not the gentoo-baase port). After that you can > copy all the files to the place where you want to have the jail. I went with CentOS 5.4 as that's the native environment I'm trying to match. I didn't use ports at all, just manually extracted enough RPM's from the DVD image to bootstrap the environment enough to run bash and rpm. From there I did a chroot into the environment and ran (Linux) bash. Running rpm natively I was able to get yum up and running and from there installing everything else I wanted was relatively easy. > Now you just need to configure a jail. It does not matter much if you > use the jail stuff in the base system or a framework like ezjail or > similar, as long as you configure an appropriate startup script in the > linux-jail. The linux-startup part you need to do yourself, I do not > think the default linux startup stuff is approrpiate. I suggest to > start at least a sshd before you start the software you want to > use. This way you can login into the linux-jail and investigate issues > like it is a real system. I actually did install the init scripts, etc. I was pleasantly surprised to find (after reading through them) that rc.sysinit can be skipped entirely while rc itself will do the right thing for the rest of the init scripts (starting services, etc). Here's what I'm using: jail_centos_exec_start="/bin/sh /etc/rc.d/rc 3" jail_centos_exec_stop="/bin/sh /etc/rc.d/rc 0" > I suggest to monitor the kernel messages on the FreeBSD host. There may > be linux-syscalls which are not implemented (e.g. epoll stuff). Thanks, I had forgotten about that. So far nothing seems to have blown up too terribly. The "consoletype" utility runs despite this message: linux: pid 2100 (consoletype): ioctl fd=0, cmd=0x541c ('T',28) is not implemented And sshd and crond both run despite this one: linux: pid 2221 (sshd): syscall keyctl not implemented linux: pid 2240 (crond): syscall keyctl not implemented Syslogd ran without complaint as well but didn't actually log anything. I had to run it with "-p /var/run/log" (inside the jail via /etc/sysconfig/syslog) and create a symlink to the socket in the jail's /dev/log (outside the jail via exec_poststart). That's not ideal since there's a period of time between when syslogd starts in the jail and the symlink is created, but it works after that. It would be better in the exec_prestart RC knob but the jail's devfs isn't necessarily mounted at that point. My current hurdle is sshd: Mar 3 22:20:51 centos sshd[88836]: fatal: openpty returns device for which ttyname fails. Apparently the Linux sshd isn't using /dev/ptmx appropriately. I'll probably just have to replace it with one that does.. I haven't gotten as far as actually running Apache or our application yet but Python runs just fine (as evidenced by yum working) and I'm encouraged by my success thus far. > There > is currently no effort to implement those. There may be partial > implementations for some sysctls (Roman has something somewhere), but > nothing is in FreeBSD and no efforts are on the way to bring them in. > If your software needs something like this, you either need to > implement them yourself, switch the software to not use this (maybe > by changing the linux emulation to 2.4 instead of 2.6), or to forget > about using FreeBSD for this. emulation@ is a good address to ask > questions regarding the status of things, > http://wiki.freebsd.org/linux-kernel has some infos too. I seem to have lucked out in this aspect. You and Roman are just too on-the- ball it would seem (and my software needs aren't that extravagant..). Thanks again to all who have replied for the feedback and encouragement. I'll follow up if I manage to get sshd and apache running happily. JN From owner-freebsd-jail@FreeBSD.ORG Thu Mar 4 23:38:41 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 96291106564A; Thu, 4 Mar 2010 23:38:41 +0000 (UTC) (envelope-from wolfgang@riegler.homeip.net) Received: from mail-out.m-online.net (mail-out.m-online.net [212.18.0.10]) by mx1.freebsd.org (Postfix) with ESMTP id 44B988FC13; Thu, 4 Mar 2010 23:38:40 +0000 (UTC) Received: from mail01.m-online.net (mail.m-online.net [192.168.3.149]) by mail-out.m-online.net (Postfix) with ESMTP id 67D7C1C001D4; Fri, 5 Mar 2010 00:19:22 +0100 (CET) Received: from localhost (dynscan2.mnet-online.de [192.168.6.166]) by mail.m-online.net (Postfix) with ESMTP id 5E73590189; Fri, 5 Mar 2010 00:19:22 +0100 (CET) X-Virus-Scanned: amavisd-new at mnet-online.de Received: from smtp-auth.mnet-online.de ([192.168.3.149]) by localhost (dynscan2.mnet-online.de [192.168.6.166]) (amavisd-new, port 10024) with ESMTP id s02rwpDWvoBN; Fri, 5 Mar 2010 00:19:21 +0100 (CET) Received: from phenom2.riegler.homeip.net (ppp-93-104-62-120.dynamic.mnet-online.de [93.104.62.120]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-auth.mnet-online.de (Postfix) with ESMTP; Fri, 5 Mar 2010 00:19:21 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by phenom2.riegler.homeip.net (Postfix) with ESMTP id 7714CAED; Fri, 5 Mar 2010 00:19:12 +0100 (CET) Received: from phenom2.riegler.homeip.net ([127.0.0.1]) by localhost (phenom2.riegler.homeip.net [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 52986-01; Fri, 5 Mar 2010 00:19:07 +0100 (CET) Received: from phenom2.riegler.homeip.net (phenom2.riegler.homeip.net [192.168.0.1]) (Authenticated sender: wolfgang@riegler.homeip.net) by phenom2.riegler.homeip.net (Postfix) with ESMTPA id F27C5AEC; Fri, 5 Mar 2010 00:19:06 +0100 (CET) From: Wolfgang Riegler To: freebsd-virtualization@freebsd.org Date: Fri, 5 Mar 2010 00:19:06 +0100 User-Agent: KMail/1.12.4 (FreeBSD/8.0-RELEASE-p2; KDE/4.3.5; amd64; ; ) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201003050019.06366.wolfgang@riegler.homeip.net> X-Virus-Scanned: Maia Mailguard 1.0.2a Cc: freebsd-emulation@freebsd.org, freebsd-jail@freebsd.org Subject: VirtualBox Headless inside a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Mar 2010 23:38:41 -0000 Hi, I would like to setup VirtualBox headless with the VNC-patch and vboxweb inside a jail. Is this possible? I use FreeBSD 8.0-p2 amd64. regards Wolfgang From owner-freebsd-jail@FreeBSD.ORG Fri Mar 5 03:01:45 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53CA21065673; Fri, 5 Mar 2010 03:01:45 +0000 (UTC) (envelope-from julian@elischer.org) Received: from out-0.mx.aerioconnect.net (out-0-4.mx.aerioconnect.net [216.240.47.64]) by mx1.freebsd.org (Postfix) with ESMTP id 0852B8FC27; Fri, 5 Mar 2010 03:01:44 +0000 (UTC) Received: from idiom.com (postfix@mx0.idiom.com [216.240.32.160]) by out-0.mx.aerioconnect.net (8.13.8/8.13.8) with ESMTP id o252c4ni022434; Thu, 4 Mar 2010 18:38:04 -0800 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (h-67-100-89-137.snfccasy.static.covad.net [67.100.89.137]) by idiom.com (Postfix) with ESMTP id 9D9A22D6013; Thu, 4 Mar 2010 18:38:03 -0800 (PST) Message-ID: <4B906E8A.9010908@elischer.org> Date: Thu, 04 Mar 2010 18:38:02 -0800 From: Julian Elischer User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: Wolfgang Riegler References: <201003050019.06366.wolfgang@riegler.homeip.net> In-Reply-To: <201003050019.06366.wolfgang@riegler.homeip.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.67 on 216.240.47.51 Cc: freebsd-emulation@freebsd.org, freebsd-jail@freebsd.org, freebsd-virtualization@freebsd.org Subject: Re: VirtualBox Headless inside a jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2010 03:01:45 -0000 Wolfgang Riegler wrote: > Hi, > > I would like to setup VirtualBox headless with the VNC-patch and vboxweb > inside a jail. Is this possible? I use FreeBSD 8.0-p2 amd64. > > regards > > Wolfgang > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@freebsd.org" I doubt it has been tried, but I can not see why not in theory.. if you made it a vnet jail with it's own firewall etc, it should limit the virtual machine as to what it can do.. (I don't know if you can run multiple virtualBox at once but you could limit each differently using this scheme.) From owner-freebsd-jail@FreeBSD.ORG Fri Mar 5 12:06:13 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 394F0106566C for ; Fri, 5 Mar 2010 12:06:13 +0000 (UTC) (envelope-from freebsd+jail@dohd.org) Received: from nala.dohd.org (tunnel74.ipv6.xs4all.nl [IPv6:2001:888:10:4a::2]) by mx1.freebsd.org (Postfix) with ESMTP id BA31C8FC13 for ; Fri, 5 Mar 2010 12:06:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by nala.dohd.org (Postfix) with ESMTP id 6276C56433 for ; Fri, 5 Mar 2010 13:06:11 +0100 (CET) X-Virus-Scanned: amavisd-new at dohd.org Received: from nala.dohd.org ([127.0.0.1]) by localhost (eeyore.local.dohd.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id kgs--3KqA4kb for ; Fri, 5 Mar 2010 13:06:10 +0100 (CET) Received: from [IPv6:2001:888:104a:2:2ce3:6403:917f:4fcc] (unknown [IPv6:2001:888:104a:2:2ce3:6403:917f:4fcc]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "Mark Huizer", Issuer "CA Cert Signing Authority" (verified OK)) by nala.dohd.org (Postfix) with ESMTPS id 6BCCA56420 for ; Fri, 5 Mar 2010 13:06:10 +0100 (CET) Message-ID: <4B90F3B2.9010901@dohd.org> Date: Fri, 05 Mar 2010 13:06:10 +0100 From: Mark Huizer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100216 Thunderbird/3.0.2 MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <4B581A74.5060000@quip.cz> In-Reply-To: <4B581A74.5060000@quip.cz> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: 32-bit jails on a 64-bit system? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2010 12:06:13 -0000 On 1/21/2010 10:12, Miroslav Lachman wrote: > > I think it is nothing new to 8.0, it is the same as release note for 7.2. > > I didn't test it, but I think you can install (copy) i386 jail (or > whole system) in to amd64 host and just run it as any other jail. > Actually, that's what I tried, since I want to move a server to new hardware, but with serious time constraints on my side :-( So my plan is/was: "rsync the entire machine, build a script that fixes IP addresses here and there in the copy, run the jail". I did have to fix a few little things, stuff like copy a few binaries over (netstat, ps, ifconfig, w, top, ldd, ldd32) and of course the ld* files in /libexec. Furthermore I moved /usr/lib to /usr/lib32 and copied /usr/lib from the amd64 install. So far so good, I start jail, I see ssh, apache etc running, I start to get happy. But... a few things don't seem to work as intended, although I haven't checked each and every detail: * cronolog seems to ignore part of the arguments, so if you tell it to log to /data/logs/%Y/%m/%d/access.log it will log to /data/logs/access.log ; didn't investigate yet * postfix won't start. This I looked at a little more, but without success. On the count of postfix: # ldd /usr/local/sbin/postfix /usr/local/sbin/postfix: libpcre.so.0 => /usr/local/lib/libpcre.so.0 (0x2809d000) libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x280cf000) libpam.so.5 => not found (0x0) libcrypt.so.5 => /usr/lib32/libcrypt.so.5 (0x280e6000) libssl.so.6 => not found (0x0) libcrypto.so.6 => /usr/lib32/libcrypto.so.6 (0x280ff000) libc.so.7 => /usr/lib32/libc.so.7 (0x2825a000) # ls -la /usr/lib*/libpam.so.5 -r--r--r-- 1 root wheel 35848 Mar 3 23:31 /usr/lib/libpam.so.5 -r--r--r-- 1 root wheel 28296 Mar 3 23:33 /usr/lib32/libpam.so.5 You'd say it should work, but it doesn't. The best I've got so far is not copy /usr/lib from the amd64 host but make it a symlink to /usr/lib32. Then postfix works, but netstat etc won't, of course. While typing this, this brought me to another idea. - make /usr/lib symlink to /usr/lib32, mkdir /usr/lib64 filled with the libs from the hostmachine's /usr/lib, and then edit /etc/rc.d/ldconfig, change _LDC's /usr/lib to /usr/lib64, restart, and presto postfix works. It's dirty but it seems to work for now, time for testing. But I don't really understand why apache etc works, and postfix doesn't. So far I see the issues with libpam and libssl, which both are in /usr/lib, where libc.so.7 is symlinked to /lib. Anyone who can explain the difference to me? And is this intended behaviour? And now off to cronolog's not working %Y :-) mark From owner-freebsd-jail@FreeBSD.ORG Fri Mar 5 13:11:10 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D57C4106566C for ; Fri, 5 Mar 2010 13:11:10 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from mail.zoral.com.ua (mx0.zoral.com.ua [91.193.166.200]) by mx1.freebsd.org (Postfix) with ESMTP id 675238FC17 for ; Fri, 5 Mar 2010 13:11:10 +0000 (UTC) Received: from deviant.kiev.zoral.com.ua (root@deviant.kiev.zoral.com.ua [10.1.1.148]) by mail.zoral.com.ua (8.14.2/8.14.2) with ESMTP id o25CeBGB073010 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 5 Mar 2010 14:40:11 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: from deviant.kiev.zoral.com.ua (kostik@localhost [127.0.0.1]) by deviant.kiev.zoral.com.ua (8.14.4/8.14.4) with ESMTP id o25CeAmN002093; Fri, 5 Mar 2010 14:40:10 +0200 (EET) (envelope-from kostikbel@gmail.com) Received: (from kostik@localhost) by deviant.kiev.zoral.com.ua (8.14.4/8.14.4/Submit) id o25CeACA002092; Fri, 5 Mar 2010 14:40:10 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: deviant.kiev.zoral.com.ua: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 5 Mar 2010 14:40:10 +0200 From: Kostik Belousov To: Mark Huizer Message-ID: <20100305124010.GM2489@deviant.kiev.zoral.com.ua> References: <4B581A74.5060000@quip.cz> <4B90F3B2.9010901@dohd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="CeC2K4acttR/mmFn" Content-Disposition: inline In-Reply-To: <4B90F3B2.9010901@dohd.org> User-Agent: Mutt/1.4.2.3i X-Virus-Scanned: clamav-milter 0.95.2 at skuns.kiev.zoral.com.ua X-Virus-Status: Clean X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on skuns.kiev.zoral.com.ua Cc: freebsd-jail@freebsd.org Subject: Re: 32-bit jails on a 64-bit system? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2010 13:11:10 -0000 --CeC2K4acttR/mmFn Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 05, 2010 at 01:06:10PM +0100, Mark Huizer wrote: > On 1/21/2010 10:12, Miroslav Lachman wrote: > > > >I think it is nothing new to 8.0, it is the same as release note for 7.2. > > > >I didn't test it, but I think you can install (copy) i386 jail (or=20 > >whole system) in to amd64 host and just run it as any other jail. > > >=20 > Actually, that's what I tried, since I want to move a server to new=20 > hardware, but with serious time constraints on my side :-( So my plan=20 > is/was: "rsync the entire machine, build a script that fixes IP=20 > addresses here and there in the copy, run the jail". >=20 > I did have to fix a few little things, stuff like copy a few binaries=20 > over (netstat, ps, ifconfig, w, top, ldd, ldd32) and of course the ld*=20 > files in /libexec. Furthermore I moved /usr/lib to /usr/lib32 and copied= =20 > /usr/lib from the amd64 install. > So far so good, I start jail, I see ssh, apache etc running, I start to= =20 > get happy. My own experience is that just moving 32bit i386 image onto amd64 host is better now then trying to make a hybrid with 32bit binaries and both 32 and 64 bit libraries. You have to disable all management operations in the startup, of course. I do not recommend to touch /libexec. You may put statically linked 64bit ps/top/netstat etc into the jail for convenience. Having amd64 bit kernel that can be configured and managed by 32bit binaries is the long road. On the other hand, user 32bit applications working very good. >=20 > But... a few things don't seem to work as intended, although I haven't=20 > checked each and every detail: >=20 > * cronolog seems to ignore part of the arguments, so if you tell it to=20 > log to /data/logs/%Y/%m/%d/access.log it will log to=20 > /data/logs/access.log ; didn't investigate yet >=20 > * postfix won't start. This I looked at a little more, but without succes= s. >=20 > On the count of postfix: >=20 > # ldd /usr/local/sbin/postfix > /usr/local/sbin/postfix: > libpcre.so.0 =3D> /usr/local/lib/libpcre.so.0 (0x2809d000) > libsasl2.so.2 =3D> /usr/local/lib/libsasl2.so.2 (0x280cf000) > libpam.so.5 =3D> not found (0x0) > libcrypt.so.5 =3D> /usr/lib32/libcrypt.so.5 (0x280e6000) > libssl.so.6 =3D> not found (0x0) > libcrypto.so.6 =3D> /usr/lib32/libcrypto.so.6 (0x280ff000) > libc.so.7 =3D> /usr/lib32/libc.so.7 (0x2825a000) >=20 > # ls -la /usr/lib*/libpam.so.5 > -r--r--r-- 1 root wheel 35848 Mar 3 23:31 /usr/lib/libpam.so.5 > -r--r--r-- 1 root wheel 28296 Mar 3 23:33 /usr/lib32/libpam.so.5 >=20 > You'd say it should work, but it doesn't. The best I've got so far is=20 > not copy /usr/lib from the amd64 host but make it a symlink to=20 > /usr/lib32. Then postfix works, but netstat etc won't, of course. > While typing this, this brought me to another idea. > - make /usr/lib symlink to /usr/lib32, mkdir /usr/lib64 filled with the= =20 > libs from the hostmachine's /usr/lib, and then edit /etc/rc.d/ldconfig,= =20 > change _LDC's /usr/lib to /usr/lib64, restart, and presto postfix works.= =20 > It's dirty but it seems to work for now, time for testing. >=20 > But I don't really understand why apache etc works, and postfix doesn't.= =20 > So far I see the issues with libpam and libssl, which both are in=20 > /usr/lib, where libc.so.7 is symlinked to /lib. Anyone who can explain=20 > the difference to me? And is this intended behaviour? >=20 > And now off to cronolog's not working %Y :-) >=20 > mark >=20 > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" --CeC2K4acttR/mmFn Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkuQ+6kACgkQC3+MBN1Mb4h7TgCfdRqPP9kfaK33VCeNKU+mf3b/ DXIAoOA24x2TIF3tk2P9NRy5pGiF5XSa =3Uiu -----END PGP SIGNATURE----- --CeC2K4acttR/mmFn-- From owner-freebsd-jail@FreeBSD.ORG Fri Mar 5 14:40:17 2010 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17D70106566C; Fri, 5 Mar 2010 14:40:17 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id C3FFB8FC1C; Fri, 5 Mar 2010 14:40:16 +0000 (UTC) Received: from outgoing.leidinger.net (pD9E2D45A.dip.t-dialin.net [217.226.212.90]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 78E9584525A; Fri, 5 Mar 2010 15:40:10 +0100 (CET) Received: from unknown (unknown [192.168.2.110]) by outgoing.leidinger.net (Postfix) with ESMTP id AE3184F5A; Fri, 5 Mar 2010 15:40:07 +0100 (CET) Date: Fri, 5 Mar 2010 15:40:04 +0100 From: Alexander Leidinger To: remko@freebsd.org Message-ID: <20100305154004.00007805@unknown> In-Reply-To: <20100105112447.00005e71@unknown> References: <20091207080353.66241t4vpmnmrilc@webmail.leidinger.net> <20100105112447.00005e71@unknown> X-Mailer: Claws Mail 3.7.2cvs15 (GTK+ 2.16.0; i586-pc-mingw32msvc) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: 78E9584525A.54B4E X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=-1.44, required 6, autolearn=disabled, ALL_TRUSTED -1.44) X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1268404811.63065@8jG2Z4S93T2nSoWDBosqTw X-EBL-Spam-Status: No Cc: jail@freebsd.org Subject: Re: starting jails in the background & dependencies X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2010 14:40:17 -0000 On Tue, 5 Jan 2010 11:24:47 +0100 Alexander Leidinger wrote: > On Mon, 07 Dec 2009 08:03:53 +0100 Alexander Leidinger > wrote: > > > Hi, > > > > now that jails are started in the background (which is good, to > > I just realized yesterday that it also stops in parallel (in the > background). This is bad. It may be the case that a jail is not fully > stopped via the rc scripts when the OS decides to kill the remaining > processes during a shutdown. > > My first reaction is to only allow to start in the background, but > everything else needs to be serialized. I committed now what was discussed in this thread: - no start in the background by default - only start is allowed to happen in background when jail_parallel_start is set to yes in rc.conf - stdin is redirected from /dev/null If someone is not happy about the name of the rc.conf variable: feel free to change it, I do not care about the name. Bye, Alexander. From owner-freebsd-jail@FreeBSD.ORG Fri Mar 5 15:32:01 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0AF4C106566C for ; Fri, 5 Mar 2010 15:32:01 +0000 (UTC) (envelope-from tom@diogunix.com) Received: from mail.kepos.org (mail.kepos.org [85.125.223.249]) by mx1.freebsd.org (Postfix) with ESMTP id 9D3FD8FC19 for ; Fri, 5 Mar 2010 15:32:00 +0000 (UTC) Received: from gyro.localnet (95-90-251-177-dynip.superkabel.de [95.90.251.177]) by mail.kepos.org (mail.kepos.org) with ESMTPSA id B838C514C66 for ; Fri, 5 Mar 2010 16:31:59 +0100 (CET) From: "tom@diogunix.com" To: freebsd-jail@freebsd.org Date: Fri, 5 Mar 2010 16:33:02 +0100 User-Agent: KMail/1.10.4 (Linux/2.6.27-9-generic; KDE/4.1.4; i686; ; ) References: <201003051427.56064.tom@diogunix.com> <201003051035.11733.kubito@gmail.com> In-Reply-To: <201003051035.11733.kubito@gmail.com> MIME-Version: 1.0 Message-Id: <201003051633.02703.tom@diogunix.com> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: [kde-freebsd] okular doesn't open PDFs X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2010 15:32:01 -0000 Raphael, thanks for replying. > > Okular doesn't open pdf files. It says something about not found plugins > > (from which I guess it means poppler). I already checked whether poppler > > was compiled/installed too. Yes, it was - but nonetheless I cannot find > > any options within the Okular settings to make Okular use poppler. The > > only "backend" available there is ghostscript. I guess there must be a > > place where I could tie the two ends of the rope together. But cannot > > find that place. > > The only backend listed in the Backends dialog is Ghostscript here too, > even though poppler support works fine here. > > Did you install poppler-qt4 (or whatever its name was in the ports tree) > before compiling kdegraphics4? Yes, has been available all the time. > Is poppler correctly detected when CMake is > called in kdegraphics4? Did re-compile kdegraphics4 just right now and also Poppler seemed to get recognized while make. Nonetheless, I again get the "Can not find a plugin which is able ..." when trying to open a pdf file with Okular. Also, *.pdf is not amongst the "supported file types". I guess something in the realm of the configuration (done by the make process) is broken. But how can I manually fix that ? Tom From owner-freebsd-jail@FreeBSD.ORG Fri Mar 5 16:12:25 2010 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF9EB106566C for ; Fri, 5 Mar 2010 16:12:25 +0000 (UTC) (envelope-from freebsd+jail@dohd.org) Received: from nala.dohd.org (tunnel74.ipv6.xs4all.nl [IPv6:2001:888:10:4a::2]) by mx1.freebsd.org (Postfix) with ESMTP id A0EB58FC26 for ; Fri, 5 Mar 2010 16:12:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by nala.dohd.org (Postfix) with ESMTP id E0B8D5646F for ; Fri, 5 Mar 2010 17:12:24 +0100 (CET) X-Virus-Scanned: amavisd-new at dohd.org Received: from nala.dohd.org ([127.0.0.1]) by localhost (eeyore.local.dohd.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 27YYvfwdr68y for ; Fri, 5 Mar 2010 17:12:24 +0100 (CET) Received: from [IPv6:2001:888:104a:2:2ce3:6403:917f:4fcc] (unknown [IPv6:2001:888:104a:2:2ce3:6403:917f:4fcc]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "Mark Huizer", Issuer "CA Cert Signing Authority" (verified OK)) by nala.dohd.org (Postfix) with ESMTPS id 418FA5646E for ; Fri, 5 Mar 2010 17:12:24 +0100 (CET) Message-ID: <4B912D68.6080506@dohd.org> Date: Fri, 05 Mar 2010 17:12:24 +0100 From: Mark Huizer User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100216 Thunderbird/3.0.2 MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <4B581A74.5060000@quip.cz> <4B90F3B2.9010901@dohd.org> <20100305124010.GM2489@deviant.kiev.zoral.com.ua> In-Reply-To: <20100305124010.GM2489@deviant.kiev.zoral.com.ua> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: 32-bit jails on a 64-bit system? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2010 16:12:26 -0000 On 3/5/2010 13:40, Kostik Belousov wrote: > On Fri, Mar 05, 2010 at 01:06:10PM +0100, Mark Huizer wrote: > >> On 1/21/2010 10:12, Miroslav Lachman wrote: >> >>> I think it is nothing new to 8.0, it is the same as release note for 7.2. >>> >>> I didn't test it, but I think you can install (copy) i386 jail (or >>> whole system) in to amd64 host and just run it as any other jail. >>> >>> >> Actually, that's what I tried, since I want to move a server to new >> hardware, but with serious time constraints on my side :-( So my plan >> is/was: "rsync the entire machine, build a script that fixes IP >> addresses here and there in the copy, run the jail". >> >> I did have to fix a few little things, stuff like copy a few binaries >> over (netstat, ps, ifconfig, w, top, ldd, ldd32) and of course the ld* >> files in /libexec. Furthermore I moved /usr/lib to /usr/lib32 and copied >> /usr/lib from the amd64 install. >> So far so good, I start jail, I see ssh, apache etc running, I start to >> get happy. >> > My own experience is that just moving 32bit i386 image onto amd64 host > is better now then trying to make a hybrid with 32bit binaries and > both 32 and 64 bit libraries. > > You have to disable all management operations in the startup, of course. > I do not recommend to touch /libexec. You may put statically linked > 64bit ps/top/netstat etc into the jail for convenience. > > Having amd64 bit kernel that can be configured and managed by 32bit > binaries is the long road. On the other hand, user 32bit applications > working very good. > > Well, that is where I started but without success, since ezjail (might be ezjail's problem, who knows) had trouble getting sh to work without amd64 libs present Mark