Date: Wed, 3 Dec 2003 06:16:55 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Niklas Saers Mailinglistaccount <niklasmls@doriath.saers.com> Cc: current@FreeBSD.ORG Subject: Re: jail and emulators/linux_base Message-ID: <20031203141655.GB61570@xor.obsecurity.org> In-Reply-To: <20031203101335.D11863@doriath.saers.com> References: <20031203101335.D11863@doriath.saers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--wq9mPyueHGvFACwf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 03, 2003 at 10:22:16AM +0100, Niklas Saers Mailinglistaccount w= rote: > Hi all, >=20 > I'm running CURRENT and set up a jail where I want to install SUN JDK > 1.4.2. In the process, linux emulation needs to be installed. While > installing emulators/linux_base, I get the following: >=20 > =3D=3D=3D> Installing for linux_base-7.1_5 > Un-mounting linprocfs... > umount: retrying using path instead of file system ID > =3D=3D=3D> Generating temporary packing list > =3D=3D=3D> Checking if emulators/linux_base already installed > mknod: /compat/linux/dev/null: Operation not permitted > *** Error code 1 >=20 > While Linux-emulation is already up and running on the host-machine, it > seems the jail is not allowed to create what it needs to run it. I > understand allowing mknod(8) within a jail is dangerous in the case where > you allow untrusted users to be root. Is there some way to either say "I > don't let untrusted users be root" thus allowing this or to compile > emulators/linux_base more jail-friendly, possibly setting things up from > outside the jail? "jail where I trust users not to try to take over my system" =3D "chroot". > About compiles, btw, they seem to drag out forever in a jail. Especially > configure takes ridiculous long time. I was under the impression that the > overhead of running a jail should be very small, yet compiling > shells/bash2 in a fresh jail took 8 minutes and 8.6 seconds while > compiling it on the host system took 54.9 seconds. Are there options that > may affect jail-performance I can tune? That's weird..it shouldn't be doing that. What scheduler are you running, what does top show, have you tried to trace the processes using ktrace, etc? Kris --wq9mPyueHGvFACwf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/zfBXWry0BWjoQKURAgOOAJ9/5zynC9oqE5kT60wpjcyflyhozQCeJXpl x/40jBk70GkUO1I3YgkEC5w= =f+le -----END PGP SIGNATURE----- --wq9mPyueHGvFACwf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031203141655.GB61570>