From owner-freebsd-stable@FreeBSD.ORG Wed Dec 23 02:51:59 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBE7410656C7 for ; Wed, 23 Dec 2009 02:51:59 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-px0-f190.google.com (mail-px0-f190.google.com [209.85.216.190]) by mx1.freebsd.org (Postfix) with ESMTP id AFEFD8FC17 for ; Wed, 23 Dec 2009 02:51:59 +0000 (UTC) Received: by pxi28 with SMTP id 28so4559556pxi.7 for ; Tue, 22 Dec 2009 18:51:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=yTLazXaQIlAb1w0/50PCtt1FOSMXIenreORPqbcnoyA=; b=EmsqtSRiP1oBgwvCcW05RZ/rIEqKy6yNjQxMHTOoNxJOPrjlgL3XeOURg6r4hDhOf+ ZpEiynt+g3Fwox1vTPsZciV44y3xOVR/1JMCnEwCvBwXzschEcmOrr3X/w9lPyI2jL+x Hwml/PxLumTsf9Q2RL0Amc5T3Yz8fbVw44Kak= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=rbWIrob3o0BD2rqFza4QVXrXBPiKmBJ1eFdsS67Okn+JYmMQi/bvocFDw9UNPNLO6S WqkfWzcmIbT9AekNihAEfRVWlQ6CzEgl7n6LZ61nhv63XvGxpGyEuvdTBgMpAshyotE0 9rS8VxMcG/SOXnQdT4pBSab/dLrhzV2s6Aw9U= MIME-Version: 1.0 Received: by 10.142.121.3 with SMTP id t3mr6338766wfc.246.1261536719031; Tue, 22 Dec 2009 18:51:59 -0800 (PST) In-Reply-To: <4ad871310912221815r35542487i8a67ed2f9154a72f@mail.gmail.com> References: <4ad871310912221815r35542487i8a67ed2f9154a72f@mail.gmail.com> Date: Tue, 22 Dec 2009 20:51:59 -0600 Message-ID: <6201873e0912221851u25268e16q6b787874f1d85e23@mail.gmail.com> From: Adam Vande More To: Glen Barber Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-stable@freebsd.org, Peter Fraser Subject: Re: Create socket files X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Dec 2009 02:51:59 -0000 On Tue, Dec 22, 2009 at 8:15 PM, Glen Barber wrote: > Hi Peter > > On Tue, Dec 22, 2009 at 8:34 PM, Peter Fraser > wrote: > > Hi All > > I wonder if anyone could help me with this problem. I followed the > > instructions in the handbook to create some jails. It makes part of > > the filesystem readonly which is good. > > This sounds like you used the "service jail" approach [1]. Correct me > if I am wrong. > > > Problem is though that I tried > > installing syslog-ng in one of the jails and when I tried to start it, > > I got this error > > > >> Error binding socket; addr='AF_UNIX(/var/run/log)', error='Permission > >> denied (13)' > >> Error initializing source driver; source='src', id='src#0' > >> Error initializing message pipeline; > >> /usr/local/etc/rc.d/syslog-ng: WARNING: failed to start syslog_ng > > > > I think it's trying to create the socket files /var/run/log and > > /var/run/logpriv but can't. Is there anyway for me to create them > > manually? > > It has been some time since I used that method to create jails; the > areas that have burned me in particular were symlinking > /usr/local/bin/perl to /usr/bin/perl and similarly for the > security/ca_root_nss port. > > Re-reading the doc, /var should be made read/write as it is part of > the jail "skeleton" filesystem, from which you create the "moving > parts" of your jail, so to speak. Did you create /var read-only? > > Regards, > > Forgive my last post, I didn't read your original message in depth. Do you have security.jail.allow_raw_sockets=1 set on host? -- Adam Vande More