From owner-freebsd-jail@FreeBSD.ORG  Mon Sep 28 18:13:16 2009
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 38F47106566B
	for <freebsd-jail@FreeBSD.org>; Mon, 28 Sep 2009 18:13:16 +0000 (UTC)
	(envelope-from jamie@FreeBSD.org)
Received: from gritton.org (gritton.org [161.58.222.4])
	by mx1.freebsd.org (Postfix) with ESMTP id 049AA8FC12
	for <freebsd-jail@FreeBSD.org>; Mon, 28 Sep 2009 18:13:15 +0000 (UTC)
Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net
	[198.65.168.24]) (authenticated bits=0)
	by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n8SIDERE079298;
	Mon, 28 Sep 2009 12:13:15 -0600 (MDT)
Message-ID: <4AC0FCB5.2050009@FreeBSD.org>
Date: Mon, 28 Sep 2009 12:13:09 -0600
From: Jamie Gritton <jamie@FreeBSD.org>
User-Agent: Thunderbird 2.0.0.19 (X11/20090109)
MIME-Version: 1.0
To: Edwin Shao <edwin.shao@gmail.com>
References: <cf8a6aa50909280506g63030d9ft423c42e8c61700d@mail.gmail.com>
	<4AC0E5E6.1010700@FreeBSD.org>
	<cf8a6aa50909281045x47e58e99y92437ffa86c72846@mail.gmail.com>
In-Reply-To: <cf8a6aa50909281045x47e58e99y92437ffa86c72846@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-jail@FreeBSD.org
Subject: Re: Tutorial for Hierarchical Jails?
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2009 18:13:16 -0000

Edwin Shao wrote:

> When I try to change the parameter, nothing happens:
> rescue /etc> sudo sysctl security.jail.param.children.max=1
> security.jail.param.children.max: 0 -> 0
> 
> rescue /etc> sudo sysctl security.jail.param.children.max
> security.jail.param.children.max: 0
> 
> Am I doing this incorrectly?

Yes.  Use jail(8) to set the parameters, not sysctl.  The 
security.jail.param.* sysctls are for reference only and have no useful 
values to get or set.  Set it with:

jail -m jid=<jid> children.max=1

Run this on the base system, i.e. not inside the jail in question.

- Jamie