From owner-freebsd-jail@freebsd.org Thu Aug 13 00:50:06 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9CC989B7BE5 for ; Thu, 13 Aug 2015 00:50:06 +0000 (UTC) (envelope-from ari@ish.com.au) Received: from mail16.tpgi.com.au (smtp-out16.tpgi.com.au [220.244.226.126]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.tpg.com.au", Issuer "RapidSSL SHA256 CA - G3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1CB961F5 for ; Thu, 13 Aug 2015 00:50:04 +0000 (UTC) (envelope-from ari@ish.com.au) X-TPG-Junk-Checked: Yes X-TPG-Junk-Status: score=1.3 tests=RDNS_NONE X-TPG-Junk-Level: * X-TPG-Antivirus: Passed X-TPG-Abuse: host=[202.161.115.54]; ip=202.161.115.54; date=Thu, 13 Aug 2015 10:28:50 +1000 Received: from fish.ish.com.au (202-161-115-54.static.tpgi.com.au [202.161.115.54] (may be forged)) by mail16.tpgi.com.au (envelope-from ari@ish.com.au) (8.14.3/8.14.3) with ESMTP id t7D0Sm89013469 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 13 Aug 2015 10:28:50 +1000 Received: from ip-136.ish.com.au ([203.29.62.136]:59209) by fish.ish.com.au with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.82_1-5b7a7c0-XX) (envelope-from ) id 1ZPgNx-0007Uf-1K for freebsd-jail@freebsd.org; Thu, 13 Aug 2015 10:28:45 +1000 X-CTCH-RefID: str=0001.0A150207.55CBE4BD.00F2:SCFSTAT29393324, ss=1, re=-4.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 To: freebsd-jail From: Aristedes Maniatis Subject: lots of semaphores in jails X-Enigmail-Draft-Status: N1110 Message-ID: <55CBE4BB.6070605@ish.com.au> Date: Thu, 13 Aug 2015 10:28:43 +1000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Thunderbird/40.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="m27WuD2nOqsv7N4o20uo3KJL1dpPWbtdu" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 00:50:06 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --m27WuD2nOqsv7N4o20uo3KJL1dpPWbtdu Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I'm running a monitoring application called zabbix in each of about 32 ja= ils on a single host and running into a problem... zabbix_agentd [78335]: cannot create Semaphore: [28] No space left on dev= ice zabbix_agentd [78335]: unable to create mutex for log file Now, typically the solution to this problem is documented here: https://w= ww.zabbix.org/wiki/How_to/configure_shared_memory Basically we bump up some ipc settings: kern.ipc.shmall=3D409600 kern.ipc.shmmax=3D204800000 and allow ipc inside the jails: security.jail.sysvipc_allowed=3D1 With these settings I can get about 30 jails running with zabbix, but the= n no more zabbix instances will start. I guess I'm hitting some sort of l= imit, but I'm at a loss to understand what. Here is the output of ipcs an= d all the sysctls: https://gist.github.com/ari/a0a8b540f2ef832c41d2 How do I correlate my maximum settings with the data I'm seeing from ipcs= ? What limit am I hitting? Cheers Ari --=20 --------------------------> Aristedes Maniatis ish http://www.ish.com.au Level 1, 30 Wilson Street Newtown 2042 Australia phone +61 2 9550 5001 fax +61 2 9550 4001 GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A --m27WuD2nOqsv7N4o20uo3KJL1dpPWbtdu Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iEYEARECAAYFAlXL5LsACgkQ72p9Lj5JECpSrACffG0eUx1R87DHMQq+j8Y7blTZ HPIAniD/KM8l//0s8VP6X8vCq3DUtfZH =5pEs -----END PGP SIGNATURE----- --m27WuD2nOqsv7N4o20uo3KJL1dpPWbtdu-- From owner-freebsd-jail@freebsd.org Thu Aug 13 13:55:44 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B048D9B79D3 for ; Thu, 13 Aug 2015 13:55:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9C1958DC for ; Thu, 13 Aug 2015 13:55:44 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t7DDtiWY061698 for ; Thu, 13 Aug 2015 13:55:44 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401 Date: Thu, 13 Aug 2015 13:55:44 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: linimon@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: short_desc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 13:55:44 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268 Mark Linimon changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|log in ass root without |[jail] able to log in as |typing the password.FreeBSD |root without typing the |10.1-RELEASE #0 r274401 |password.FreeBSD | |10.1-RELEASE #0 r274401 Assignee|freebsd-bugs@FreeBSD.org |freebsd-jail@FreeBSD.org --- Comment #1 from Mark Linimon --- reclassify. -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-jail@freebsd.org Thu Aug 13 13:58:54 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4FE1B9B7A3E for ; Thu, 13 Aug 2015 13:58:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3C3479E2 for ; Thu, 13 Aug 2015 13:58:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t7DDwsvN064947 for ; Thu, 13 Aug 2015 13:58:54 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401 Date: Thu, 13 Aug 2015 13:58:54 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: allanjude@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 13:58:54 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268 Allan Jude changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |allanjude@FreeBSD.org --- Comment #2 from Allan Jude --- Are you logged into the jail, or the host? -- You are receiving this mail because: You are the assignee for the bug. From owner-freebsd-jail@freebsd.org Thu Aug 13 16:38:52 2015 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5BCC89B8858 for ; Thu, 13 Aug 2015 16:38:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 47F5DCB4 for ; Thu, 13 Aug 2015 16:38:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id t7DGcquM036186 for ; Thu, 13 Aug 2015 16:38:52 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 202268] [jail] able to log in as root without typing the password.FreeBSD 10.1-RELEASE #0 r274401 Date: Thu, 13 Aug 2015 16:38:52 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 10.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: petri8@yahoo.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Aug 2015 16:38:52 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202268 --- Comment #3 from petri8 --- (In reply to Mark Linimon from comment #1) (In reply to Allan Jude from comment #2) When my machine boots up right before appearing of login: it starts the jails one the machine. and when it appears on screen " starting jails:" if u press ctrl + backslash u get into root. this is all. is this a security issue ? -- You are receiving this mail because: You are the assignee for the bug.