From owner-freebsd-current@FreeBSD.ORG Wed Dec 3 06:16:58 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA17616A4CF for ; Wed, 3 Dec 2003 06:16:58 -0800 (PST) Received: from obsecurity.dyndns.org (adsl-63-207-60-234.dsl.lsan03.pacbell.net [63.207.60.234]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5AF2943F3F for ; Wed, 3 Dec 2003 06:16:56 -0800 (PST) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 0C96166C55; Wed, 3 Dec 2003 06:16:56 -0800 (PST) Date: Wed, 3 Dec 2003 06:16:55 -0800 From: Kris Kennaway To: Niklas Saers Mailinglistaccount Message-ID: <20031203141655.GB61570@xor.obsecurity.org> References: <20031203101335.D11863@doriath.saers.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wq9mPyueHGvFACwf" Content-Disposition: inline In-Reply-To: <20031203101335.D11863@doriath.saers.com> User-Agent: Mutt/1.4.1i cc: current@FreeBSD.ORG Subject: Re: jail and emulators/linux_base X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2003 14:16:58 -0000 --wq9mPyueHGvFACwf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 03, 2003 at 10:22:16AM +0100, Niklas Saers Mailinglistaccount w= rote: > Hi all, >=20 > I'm running CURRENT and set up a jail where I want to install SUN JDK > 1.4.2. In the process, linux emulation needs to be installed. While > installing emulators/linux_base, I get the following: >=20 > =3D=3D=3D> Installing for linux_base-7.1_5 > Un-mounting linprocfs... > umount: retrying using path instead of file system ID > =3D=3D=3D> Generating temporary packing list > =3D=3D=3D> Checking if emulators/linux_base already installed > mknod: /compat/linux/dev/null: Operation not permitted > *** Error code 1 >=20 > While Linux-emulation is already up and running on the host-machine, it > seems the jail is not allowed to create what it needs to run it. I > understand allowing mknod(8) within a jail is dangerous in the case where > you allow untrusted users to be root. Is there some way to either say "I > don't let untrusted users be root" thus allowing this or to compile > emulators/linux_base more jail-friendly, possibly setting things up from > outside the jail? "jail where I trust users not to try to take over my system" =3D "chroot". > About compiles, btw, they seem to drag out forever in a jail. Especially > configure takes ridiculous long time. I was under the impression that the > overhead of running a jail should be very small, yet compiling > shells/bash2 in a fresh jail took 8 minutes and 8.6 seconds while > compiling it on the host system took 54.9 seconds. Are there options that > may affect jail-performance I can tune? That's weird..it shouldn't be doing that. What scheduler are you running, what does top show, have you tried to trace the processes using ktrace, etc? Kris --wq9mPyueHGvFACwf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/zfBXWry0BWjoQKURAgOOAJ9/5zynC9oqE5kT60wpjcyflyhozQCeJXpl x/40jBk70GkUO1I3YgkEC5w= =f+le -----END PGP SIGNATURE----- --wq9mPyueHGvFACwf--