From owner-freebsd-jail@FreeBSD.ORG Mon May 19 13:17:30 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C14C106570A for ; Mon, 19 May 2008 13:17:30 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id DE5948FC12 for ; Mon, 19 May 2008 13:17:29 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A56EC5.dip.t-dialin.net [84.165.110.197]) by redbull.bpaserver.net (Postfix) with ESMTP id 4F6082E173; Mon, 19 May 2008 15:17:22 +0200 (CEST) Received: from webmail.leidinger.net (webmail.leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id 6DDB61050F3; Mon, 19 May 2008 15:17:19 +0200 (CEST) Received: (from www@localhost) by webmail.leidinger.net (8.14.2/8.13.8/Submit) id m4JDHIX6051168; Mon, 19 May 2008 15:17:18 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Mon, 19 May 2008 15:17:18 +0200 Message-ID: <20080519151718.54449sqj560rkgyo@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Mon, 19 May 2008 15:17:18 +0200 From: Alexander Leidinger To: Andrew Snow References: <20080519051707.GA23266@sysmon.tcworks.net> <20080519103813.16651fkml5bc00v4@webmail.leidinger.net> <48315FB6.7070103@modulus.org> In-Reply-To: <48315FB6.7070103@modulus.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.2-RC2) / FreeBSD-8.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, ORDB-RBL, SpamAssassin (not cached, score=-14.823, required 6, BAYES_00 -15.00, RDNS_DYNAMIC 0.10, TW_EV 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: freebsd-jail@freebsd.org Subject: Re: Signal 11 messages showing in all jails? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 May 2008 13:17:30 -0000 Quoting Andrew Snow (from Mon, 19 May 2008 =20 21:08:38 +1000): > > Sorry for previous message, it wasn't devfs rules at all that solved =20 > this problem. The rules you posted are part of some kind of workaround. The rules =20 didn't include the "syslog pipe" for kernel messages (depends upon =20 your version of FreeBSD), so there should be no messages from the =20 kernel (like sig 11) in the syslog anymore with this. > Instead you should set this in /etc/sysctl.conf: > > security.bsd.unprivileged_read_msgbuf=3D0 This also has implication for the jail-host. You need to be root to =20 read the dmesg. All this is just a workaround, but not really a solution to the =20 problem. Ideally each jail gets messages from the kernel which =20 _belong_ into this jail (e.g. sig 11, if a process from _this_ jail =20 dies in this way). Bye, Alexander. --=20 Pure drivel tends to drive ordinary drivel off the TV screen. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137