Date: Mon, 19 May 2008 15:17:18 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Andrew Snow <andrew@modulus.org> Cc: freebsd-jail@freebsd.org Subject: Re: Signal 11 messages showing in all jails? Message-ID: <20080519151718.54449sqj560rkgyo@webmail.leidinger.net> In-Reply-To: <48315FB6.7070103@modulus.org> References: <20080519051707.GA23266@sysmon.tcworks.net> <20080519103813.16651fkml5bc00v4@webmail.leidinger.net> <48315FB6.7070103@modulus.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Andrew Snow <andrew@modulus.org> (from Mon, 19 May 2008 =20 21:08:38 +1000): > > Sorry for previous message, it wasn't devfs rules at all that solved =20 > this problem. The rules you posted are part of some kind of workaround. The rules =20 didn't include the "syslog pipe" for kernel messages (depends upon =20 your version of FreeBSD), so there should be no messages from the =20 kernel (like sig 11) in the syslog anymore with this. > Instead you should set this in /etc/sysctl.conf: > > security.bsd.unprivileged_read_msgbuf=3D0 This also has implication for the jail-host. You need to be root to =20 read the dmesg. All this is just a workaround, but not really a solution to the =20 problem. Ideally each jail gets messages from the kernel which =20 _belong_ into this jail (e.g. sig 11, if a process from _this_ jail =20 dies in this way). Bye, Alexander. --=20 Pure drivel tends to drive ordinary drivel off the TV screen. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080519151718.54449sqj560rkgyo>