From owner-freebsd-questions@FreeBSD.ORG Wed Aug 14 11:30:04 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 963A6DDE for ; Wed, 14 Aug 2013 11:30:04 +0000 (UTC) (envelope-from demelier.david@gmail.com) Received: from mail-we0-x22f.google.com (mail-we0-x22f.google.com [IPv6:2a00:1450:400c:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 28B3F223F for ; Wed, 14 Aug 2013 11:30:04 +0000 (UTC) Received: by mail-we0-f175.google.com with SMTP id q58so5619911wes.34 for ; Wed, 14 Aug 2013 04:30:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=HDb8GcAurT3DeY3SorwLXhFYplLJYXpfvQlbZ/SpbBQ=; b=wMYz1X2x9VkkaSjqMK8Tq+ixsd2fL5s5uo74ACEPs8pCdh3nCicAz98ZK0jiRDTsON n2vsStNB+fBT4Vy0+Pb4WN1L2PDVuJ5gRRGXSesdKIBCZmHRgk0HgpOpzoCQKojAqm5S 5zwVpXjaTZo6nDmDG1WcryZGnEUa0fSrAUcFSknQoQa4B4W94Fwp9zrOjIioM/lIWPf/ CnIPrOxyIkaggqR2bvv2O75+klAhO0cFRrAOsGgazcwjo2iPDMBnEI2GeEjUt37Unbc5 2qa2TAQHxDp86DAH3V0PSc0my/QzYGEkFEWdkWtj59U/8d3cGGPgtHxavVlUoocXZbSL n2Lg== X-Received: by 10.180.189.9 with SMTP id ge9mr5784065wic.52.1376479802509; Wed, 14 Aug 2013 04:30:02 -0700 (PDT) Received: from [192.168.0.10] (58.33.91.91.rev.sfr.net. [91.91.33.58]) by mx.google.com with ESMTPSA id a8sm2396729wie.6.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 14 Aug 2013 04:30:02 -0700 (PDT) Message-ID: <520B6A18.2060502@gmail.com> Date: Wed, 14 Aug 2013 13:29:28 +0200 From: David Demelier User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130811 Thunderbird/17.0.8 MIME-Version: 1.0 To: =?ISO-8859-1?Q?Trond_Endrest=F8l?= Subject: Re: sysvipc only for one jail References: <20130811173341.6d1cb2e7@arsenic> <20130811173630.24ed528c@arsenic> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Cc: Maciej Suszko , freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Aug 2013 11:30:04 -0000 On 12.08.2013 19:46, Trond Endrestøl wrote: > On Mon, 12 Aug 2013 14:09+0200, Trond Endrestøl wrote: > >> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote: >> >>> 2013/8/12 Trond Endrestøl : >>>> On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote: >>>> >>>>> 2013/8/11 Maciej Suszko : >>>>>> Maciej Suszko wrote: >>>>>> [...] >>>>>>> >>>>>>> You can specify different params for each jail using _parameters, for >>>>>>> example: >>>>>>> >>>>>>> jail_jailname_params="allow.chflags=1 allow.sysvipc=1" >>>>>> >>>>>> Sorry, my mistake - it should be jail_jailname_parameters= of course. >>>>>> -- >>>>>> regards, Maciej Suszko. >>>>> >>>>> Thanks for your message, >>>>> >>>>> However, I could not find this setting in the manual of rc.conf(5) >>>>> neither in /etc/rc.d/jail :(. It does not seems to be applied. >>>> >>>> Have a look at jail(8) and the last lines of /etc/default/rc.conf. >>> >>> I see, >>> >>> I've added what Maciej Suszko told me but the sysctls in the jail is >>> not set as it should be : >>> >>> security.jail.param.allow.sysvipc: 0 >>> security.jail.param.allow.chflags: 0 >>> >>> And thus, it's not enabled as postgresql tells: >>> >>> creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: >>> could not create shared memory segment: Function not implemented >> >> I'll look into this by creating a new jail for PostgreSQL 9.2 when I >> get home. > > My host is running 9.2-PRERELEASE, r254150, in VirtualBox 4.2.16. > The jails are running world, also at r254150. > > I added the following to the host's /etc/rc.conf: > > jail_enable="YES" > jail_list="postgresql" > > jail_postgresql_rootdir="/jails/postgresql" > jail_postgresql_hostname="postgresql.bsd.net" > jail_postgresql_interface="vtnet0" > jail_postgresql_fib="0" > jail_postgresql_ip="10.0.2.103,2001:db8::103" > jail_postgresql_exec_start="/bin/sh /etc/rc" > jail_postgresql_exec_stop="/bin/sh /etc/rc.shutdown" > jail_postgresql_devfs_enable="YES" > jail_postgresql_parameters="enforce_statfs=1 allow.chflags=1 allow.sysvipc=1 allow.mount=1 allow.mount.zfs=1" > > I added the following to the host's /etc/jail.conf: > > postgresql { > path = /jails/postgresql; > enforce_statfs = 1; > allow.chflags; > allow.sysvipc; > allow.mount; > allow.mount.zfs; > mount.devfs; > host.hostname = postgresql.bsd.net; > ip4.addr = 10.0.2.103; > ip6.addr = 2001:db8::103; > interface = vtnet0; > exec.start = "/bin/sh /etc/rc"; > exec.stop = "/bin/sh /etc/rc.shutdown"; > } > > PostgreSQL 9.2.4 had no problems running initdb nor running postgres > inside the jail: > > root@freebsd-jails:/ # jexec 4 csh > root@postgresql:/ # /usr/local/etc/rc.d/postgresql status > pg_ctl: server is running (PID: 46623) > /usr/local/bin/postgres "-D" "/usr/local/pgsql/data" > root@postgresql:/ # > > If you start the jail manually using jail(8), then /etc/jail.conf > comes into play, whereas the lines in /etc/rc.conf is used during > automatic startup of the jails when the host is rebooted. The whole > arrangement seems unnecessary redundant, and I truly wish this can be > merged sooner rather than later. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > I've updated to 9.2-RC1 and the _parameters did the trick, thanks! Cheers,