Date: Wed, 14 Aug 2013 13:29:28 +0200 From: David Demelier <demelier.david@gmail.com> To: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no> Cc: Maciej Suszko <maciej@suszko.eu>, freebsd-questions@freebsd.org Subject: Re: sysvipc only for one jail Message-ID: <520B6A18.2060502@gmail.com> In-Reply-To: <alpine.BSF.2.00.1308121928480.90799@mail.fig.ol.no> References: <CAO%2BPfDe3VDRpK9ALrsvwxBcAyejfN85FRvMLU3Q4CKmMgkG3%2BA@mail.gmail.com> <20130811173341.6d1cb2e7@arsenic> <20130811173630.24ed528c@arsenic> <CAO%2BPfDct3aXrrszdWOOu7KUPaxVKrPvboJJn29ipKUS9pCo%2B_g@mail.gmail.com> <alpine.BSF.2.00.1308121323550.90799@mail.fig.ol.no> <CAO%2BPfDfunKiUx=2SV678jZqzwWHoVPonUwi_MMyNvSJ_HCiUuQ@mail.gmail.com> <alpine.BSF.2.00.1308121407470.90799@mail.fig.ol.no> <alpine.BSF.2.00.1308121928480.90799@mail.fig.ol.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12.08.2013 19:46, Trond Endrestøl wrote: > On Mon, 12 Aug 2013 14:09+0200, Trond Endrestøl wrote: > >> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote: >> >>> 2013/8/12 Trond Endrestøl <Trond.Endrestol@fagskolen.gjovik.no>: >>>> On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote: >>>> >>>>> 2013/8/11 Maciej Suszko <maciej@suszko.eu>: >>>>>> Maciej Suszko <maciej@suszko.eu> wrote: >>>>>> [...] >>>>>>> >>>>>>> You can specify different params for each jail using _parameters, for >>>>>>> example: >>>>>>> >>>>>>> jail_jailname_params="allow.chflags=1 allow.sysvipc=1" >>>>>> >>>>>> Sorry, my mistake - it should be jail_jailname_parameters= of course. >>>>>> -- >>>>>> regards, Maciej Suszko. >>>>> >>>>> Thanks for your message, >>>>> >>>>> However, I could not find this setting in the manual of rc.conf(5) >>>>> neither in /etc/rc.d/jail :(. It does not seems to be applied. >>>> >>>> Have a look at jail(8) and the last lines of /etc/default/rc.conf. >>> >>> I see, >>> >>> I've added what Maciej Suszko told me but the sysctls in the jail is >>> not set as it should be : >>> >>> security.jail.param.allow.sysvipc: 0 >>> security.jail.param.allow.chflags: 0 >>> >>> And thus, it's not enabled as postgresql tells: >>> >>> creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: >>> could not create shared memory segment: Function not implemented >> >> I'll look into this by creating a new jail for PostgreSQL 9.2 when I >> get home. > > My host is running 9.2-PRERELEASE, r254150, in VirtualBox 4.2.16. > The jails are running world, also at r254150. > > I added the following to the host's /etc/rc.conf: > > jail_enable="YES" > jail_list="postgresql" > > jail_postgresql_rootdir="/jails/postgresql" > jail_postgresql_hostname="postgresql.bsd.net" > jail_postgresql_interface="vtnet0" > jail_postgresql_fib="0" > jail_postgresql_ip="10.0.2.103,2001:db8::103" > jail_postgresql_exec_start="/bin/sh /etc/rc" > jail_postgresql_exec_stop="/bin/sh /etc/rc.shutdown" > jail_postgresql_devfs_enable="YES" > jail_postgresql_parameters="enforce_statfs=1 allow.chflags=1 allow.sysvipc=1 allow.mount=1 allow.mount.zfs=1" > > I added the following to the host's /etc/jail.conf: > > postgresql { > path = /jails/postgresql; > enforce_statfs = 1; > allow.chflags; > allow.sysvipc; > allow.mount; > allow.mount.zfs; > mount.devfs; > host.hostname = postgresql.bsd.net; > ip4.addr = 10.0.2.103; > ip6.addr = 2001:db8::103; > interface = vtnet0; > exec.start = "/bin/sh /etc/rc"; > exec.stop = "/bin/sh /etc/rc.shutdown"; > } > > PostgreSQL 9.2.4 had no problems running initdb nor running postgres > inside the jail: > > root@freebsd-jails:/ # jexec 4 csh > root@postgresql:/ # /usr/local/etc/rc.d/postgresql status > pg_ctl: server is running (PID: 46623) > /usr/local/bin/postgres "-D" "/usr/local/pgsql/data" > root@postgresql:/ # > > If you start the jail manually using jail(8), then /etc/jail.conf > comes into play, whereas the lines in /etc/rc.conf is used during > automatic startup of the jails when the host is rebooted. The whole > arrangement seems unnecessary redundant, and I truly wish this can be > merged sooner rather than later. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > I've updated to 9.2-RC1 and the _parameters did the trick, thanks! Cheers,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?520B6A18.2060502>