From owner-freebsd-jail@FreeBSD.ORG Thu Feb 21 13:22:07 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 822E516A401 for ; Thu, 21 Feb 2008 13:22:07 +0000 (UTC) (envelope-from tommyhp2@yahoo.com) Received: from web38202.mail.mud.yahoo.com (web38202.mail.mud.yahoo.com [209.191.124.145]) by mx1.freebsd.org (Postfix) with SMTP id 48C0813C4D1 for ; Thu, 21 Feb 2008 13:22:07 +0000 (UTC) (envelope-from tommyhp2@yahoo.com) Received: (qmail 77814 invoked by uid 60001); 21 Feb 2008 13:22:06 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=r3gKFYKalPpimXvSauCODzc1b9mAssSEBiY+NN9Q1aYOl6M3X66MShRMRi6h3L+7h4oqZ3xLEO0jhKSq7CkeEKL4tqafKRB/5VtO6/0vcU1fhBeMWegzpXw6x3oVC9Omm5LKoVPpAJkgoYji/zULmNwY78U8uSOLSwHeWMg+sp8=; X-YMail-OSG: J2TqHvsVM1myQAEIOn0uI848tE74jvxpKvwVaSZuyLen.zRIJ3m5AVNOpyK8WEcw5U6dMASm8A-- Received: from [74.229.174.93] by web38202.mail.mud.yahoo.com via HTTP; Thu, 21 Feb 2008 05:22:06 PST Date: Thu, 21 Feb 2008 05:22:06 -0800 (PST) From: Tommy Pham To: freebsd-jail@freebsd.org In-Reply-To: <47BD784A.5090804@quip.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <624466.76178.qm@web38202.mail.mud.yahoo.com> Subject: Re: restrictions between host and jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Feb 2008 13:22:07 -0000 --- Miroslav Lachman <000.fbsd@quip.cz> wrote: > Tommy Pham wrote: > > Hi, > > > > Could someone please explain to me the difference between host and > jail > > when the security.jail settings are as follow: > > > > security.jail.mount_allowed: 1 > > security.jail.chflags_allowed: 1 > > security.jail.allow_raw_sockets: 1 > > security.jail.enforce_statfs: 2 > > security.jail.sysvipc_allowed: 1 > > security.jail.socket_unixiproute_only: 1 > > security.jail.set_hostname_allowed: 1 > > > > I also have devfs (with various rulesets), fdescfs, procfs enabled > for > > the jail. > > > > I'm trying to run glassfish inside the jail but I'm having a > problem > > about it being delayed at start-up. I don't have this problem in > the > > host environment. I've post a about glassfish resource requirement > at > > glassfish's forum but I didn't get any response. > > > > I've tried running glassfish with all variations of configurations > in > > security.jail and jail's filesystem (devfs, procfs, fdescfs) and > still > > unable to find the cause in the delayed start-up. Glassfish takes > less > > 30 seconds to start in host while in jail, takes 5+ minutes. When > I > > run asadmin list-domains, I get "Unauthorized access" in jail > > environment. I didn't get this error in host. > > I don't know glassfish, but can it be caused by some problems with > domain name resolution? (empty or wrong /etc/resolv.conf or > /etc/hosts > in jail) > > Miroslav Lachman > Hi Miroslav, Thanks for the reply. That's what I thought at first too but I can do nslookup by host and IP properly. The files are set correctly. Funny thing is that the initial glassfish startup after build is ok (within 30 secs) regardless of security.jail and fs settings in rc.conf. I've tested just just about every case scenario for weeks now :(... Thanks, Tommy