Date: Tue, 14 May 2013 09:20:06 -0400 From: Joe <fbsd8@a1poweruser.com> To: David Demelier <demelier.david@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: /etc/jail.conf for automatically started jails listed in /etc/rc.conf Message-ID: <51923A06.7020206@a1poweruser.com> In-Reply-To: <CAO%2BPfDeCpeDoNLo-E0g0rxL1uY%2B3iH5YUQXBMaBvsxrXO=NoSA@mail.gmail.com> References: <11698066.Kggl9cS1ZD@melon> <51914DC1.1050207@a1poweruser.com> <1990818.dWVxsxnVR3@melon> <519188FD.7010900@a1poweruser.com> <CAO%2BPfDeCpeDoNLo-E0g0rxL1uY%2B3iH5YUQXBMaBvsxrXO=NoSA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
David Demelier wrote:
> 2013/5/14 Joe <fbsd8@a1poweruser.com>:
>> David Demelier wrote:
>>> Le lundi 13 mai 2013 16:32:01 Joe a écrit :
>>>> David Demelier wrote:
>>>>> Hello dear,
>>>>>
>>>>> Does jail.conf(5) does not work for jails listed in the rc.conf ?
>>>>>
>>>>> I've added in /etc/jail.conf:
>>>>>
>>>>> foo {
>>>>>
>>>>> hostname=Foo;
>>>>> path=/jails/foo;
>>>>> allow.sysvipc=1;
>>>>>
>>>>> }
>>>>>
>>>>> And in /etc/rc.conf only foo in the jail_list parameter, but when I try
>>>>> to
>>>>> start the jail it still complain about missing hostname.
>>>>>
>>>>> Regards,
>>>> There are 2 methods for configuring jails.
>>>>
>>>> The legacy method which you put the jail config statements in the hosts
>>>> /etc/rc.conf file and start and stop control is done by the hosts
>>>> /etc/rc.d/jail script at boot time.
>>>>
>>>> The jail(8) method which has it's own jail config statements in the
>>>> hosts /etc/jail.conf file and uses the jail(8) program for starting and
>>>> stopping. You can create a jail.conf file for each jail(8) and start it
>>>> using jail -c -f "/etc/jailname.jail.conf" and stop by issuing
>>>> jail -f "/etc/jailname.jail.conf" -r jailname
>>>>
>>>> You can not mix the 2 methods.
>>>
>>> My real problem is that I wanted to add allow.sysvipc only for *one* jail
>>> and I can't find a real solution by jail_* flags in /etc/rc.conf
>>>
>>> There is jail_allow_sysvipc but it enable it for all jails.
>>>
>>>
>>
>> The jail(8) method does have a allow_sysvipc on a per jail basis. To use it
>> you have to use the jail(8) method. The 9.1-RELEASE legacy method is a work
>> in process to incorporate the jail(8) parameters into the rc.conf config
>> statements.
>>
>> About the allow_sysvipc parameter, this breaks the security the jail is
>> designed to provide and should NOT be used on any jails having public
>> internet access.
>>
>> What are you trying to do that you think you need to use the allow_sysvipc
>> parameter?
>>
>
> PostgreSQL, usually I install it on the host instead of jails, but I
> needed a second instance on a different port for a public access..
>
> Regards,
>
> --
> Demelier David
>
>
That all sounds logical and is what jails are designed to do.
Why would running PostgreSQL in a jail need sysvipc?
Have you tried it? Did you get some PostgreSQL error?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51923A06.7020206>