Date: Thu, 21 Feb 2008 05:22:06 -0800 (PST) From: Tommy Pham <tommyhp2@yahoo.com> To: freebsd-jail@freebsd.org Subject: Re: restrictions between host and jail Message-ID: <624466.76178.qm@web38202.mail.mud.yahoo.com> In-Reply-To: <47BD784A.5090804@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Miroslav Lachman <000.fbsd@quip.cz> wrote: > Tommy Pham wrote: > > Hi, > > > > Could someone please explain to me the difference between host and > jail > > when the security.jail settings are as follow: > > > > security.jail.mount_allowed: 1 > > security.jail.chflags_allowed: 1 > > security.jail.allow_raw_sockets: 1 > > security.jail.enforce_statfs: 2 > > security.jail.sysvipc_allowed: 1 > > security.jail.socket_unixiproute_only: 1 > > security.jail.set_hostname_allowed: 1 > > > > I also have devfs (with various rulesets), fdescfs, procfs enabled > for > > the jail. > > > > I'm trying to run glassfish inside the jail but I'm having a > problem > > about it being delayed at start-up. I don't have this problem in > the > > host environment. I've post a about glassfish resource requirement > at > > glassfish's forum but I didn't get any response. > > > > I've tried running glassfish with all variations of configurations > in > > security.jail and jail's filesystem (devfs, procfs, fdescfs) and > still > > unable to find the cause in the delayed start-up. Glassfish takes > less > > 30 seconds to start in host while in jail, takes 5+ minutes. When > I > > run asadmin list-domains, I get "Unauthorized access" in jail > > environment. I didn't get this error in host. > > I don't know glassfish, but can it be caused by some problems with > domain name resolution? (empty or wrong /etc/resolv.conf or > /etc/hosts > in jail) > > Miroslav Lachman > Hi Miroslav, Thanks for the reply. That's what I thought at first too but I can do nslookup by host and IP properly. The files are set correctly. Funny thing is that the initial glassfish startup after build is ok (within 30 secs) regardless of security.jail and fs settings in rc.conf. I've tested just just about every case scenario for weeks now :(... Thanks, Tommy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?624466.76178.qm>