From owner-freebsd-current@FreeBSD.ORG Wed Dec 3 01:22:18 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D08F116A4CE for ; Wed, 3 Dec 2003 01:22:18 -0800 (PST) Received: from doriath.saers.com (doriath.religion.no [193.156.192.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id F25DB43F3F for ; Wed, 3 Dec 2003 01:22:17 -0800 (PST) (envelope-from niklasmls@doriath.saers.com) Received: by doriath.saers.com (Postfix, from userid 1001) id 561A43FC1; Wed, 3 Dec 2003 10:22:16 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by doriath.saers.com (Postfix) with ESMTP id 4E8EA3EAE for ; Wed, 3 Dec 2003 10:22:16 +0100 (CET) Date: Wed, 3 Dec 2003 10:22:16 +0100 (CET) From: Niklas Saers Mailinglistaccount To: current@FreeBSD.ORG Message-ID: <20031203101335.D11863@doriath.saers.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: jail and emulators/linux_base X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2003 09:22:18 -0000 Hi all, I'm running CURRENT and set up a jail where I want to install SUN JDK 1.4.2. In the process, linux emulation needs to be installed. While installing emulators/linux_base, I get the following: ===> Installing for linux_base-7.1_5 Un-mounting linprocfs... umount: retrying using path instead of file system ID ===> Generating temporary packing list ===> Checking if emulators/linux_base already installed mknod: /compat/linux/dev/null: Operation not permitted *** Error code 1 While Linux-emulation is already up and running on the host-machine, it seems the jail is not allowed to create what it needs to run it. I understand allowing mknod(8) within a jail is dangerous in the case where you allow untrusted users to be root. Is there some way to either say "I don't let untrusted users be root" thus allowing this or to compile emulators/linux_base more jail-friendly, possibly setting things up from outside the jail? About compiles, btw, they seem to drag out forever in a jail. Especially configure takes ridiculous long time. I was under the impression that the overhead of running a jail should be very small, yet compiling shells/bash2 in a fresh jail took 8 minutes and 8.6 seconds while compiling it on the host system took 54.9 seconds. Are there options that may affect jail-performance I can tune? Cheers Niklas Saers