From owner-freebsd-questions@freebsd.org  Tue Jan 10 11:51:10 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A2DE9CA984F
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 10 Jan 2017 11:51:10 +0000 (UTC)
 (envelope-from timp87@gmail.com)
Received: from mail-ua0-x229.google.com (mail-ua0-x229.google.com
 [IPv6:2607:f8b0:400c:c08::229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 5C057148A
 for <freebsd-questions@freebsd.org>; Tue, 10 Jan 2017 11:51:10 +0000 (UTC)
 (envelope-from timp87@gmail.com)
Received: by mail-ua0-x229.google.com with SMTP id 96so60553670uaq.3
 for <freebsd-questions@freebsd.org>; Tue, 10 Jan 2017 03:51:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=ROdGAstf57ZXhaa2Guz0y9Ly5Yrw1Tk1+dX5Dh4NPeM=;
 b=DzuqVCt5XTxwpOALCSM4Mt6K7RXzN7u1KZzzPmfYi4xnk1kx4Aq0ANtBc8h8QYLiY2
 NeGdeVS0+Y445/vy0HurLv/8q5jCx+FPhPp0GkkWJlREzzHv4JlNQzi5nE/jsvdLKW4f
 u2HIetd2tznNBNDQ04bgTzYkwDDn5Cf4/fGdkWmSjz0jhE4z88RKffKNMeOnDeCan9OR
 IblbLwFb2LuOG9nK5DqjTuu6+NDPnA/wvtdvBy7+7uSaIMGlZlbhyFI4XIxC0b5Vt2JX
 PlmEh7y6wVkXg1qsGMMOogGfX2X+Uf6zQr+uxHWCTGes99MFFFwSgqXUrLXbAQGPQ77G
 kjJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=ROdGAstf57ZXhaa2Guz0y9Ly5Yrw1Tk1+dX5Dh4NPeM=;
 b=rEyZQtY3EbYowuzimdmXDHE3RD6u+hy5JNnIeKh2MzbHtBTRK9tqmtPZFypCdy1TJZ
 v7hUlIIOyw58f57buZm5bO2r8aqx3UmNg/KtgtydrXQ4G6Zdn/lZdeEQVYZ/iFultqM/
 B05aIn2IYhTXJ2qBTpLigtRBsG8bf7mrM8+PcY4Smy/Kp87DsAYh1M3/vc/HFZ8yxAFv
 a4ur+hRUqzE+We9VftNbZt/L2jUYixUfcLRR8Ugtjq+HnQdKQZ60DU+UA/VenM+Dg+39
 G70lZPxJssc0gCre3DnqkevIwvj4P38Ouo3k8IQu6y5Ken+M7Lu0qsjFk+iyX9iUCg2O
 vHgQ==
X-Gm-Message-State: AIkVDXJHNEekjlne3BTymaWdkN7JNvNhWViTqKv55CM6cSPY5jD/DcGCruqif9aQfNHCwS+In/EpvVuydRXyBQ==
X-Received: by 10.176.91.72 with SMTP id v8mr1361407uae.23.1484049069559; Tue,
 10 Jan 2017 03:51:09 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.86.18 with HTTP; Tue, 10 Jan 2017 03:51:09 -0800 (PST)
Received: by 10.176.86.18 with HTTP; Tue, 10 Jan 2017 03:51:09 -0800 (PST)
In-Reply-To: <58742F6C.8050801@gmail.com>
References: <CAAoTqftm_mMDp27CVXns3FFJwJXAWUeiX0hqq-DQUgZC+=aGRQ@mail.gmail.com>
 <58742F6C.8050801@gmail.com>
From: Pavel Timofeev <timp87@gmail.com>
Date: Tue, 10 Jan 2017 14:51:09 +0300
Message-ID: <CAAoTqftMuieMK0KTvrVtgoXhY8CR6a5G1T9dYP7sQaKnDwmvSQ@mail.gmail.com>
Subject: Re: How to allow mlock(2) in jail?
To: Ernie Luzar <luzar722@gmail.com>
Cc: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.23
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2017 11:51:10 -0000

10 =D1=8F=D0=BD=D0=B2. 2017 =D0=B3. 3:48 =D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D0=
=BE=D0=B2=D0=B0=D1=82=D0=B5=D0=BB=D1=8C "Ernie Luzar" <luzar722@gmail.com>
=D0=BD=D0=B0=D0=BF=D0=B8=D1=81=D0=B0=D0=BB:

Pavel Timofeev wrote:

> Hello!
> I'm trying to deploy security/vault in freebsd jail.
> Usually this tool locks some memory for security reason.
>
> I can run vault on my bare system without any problems. But in jail it
> complains mlock(2) is not available.
> So my question is how to allow mlock(2) in jail?
>
> P. S. I know, I can disable mlock(2) use in vault config as workaround.
>
>
A jail has no kernel so no memory to lock.


Thank you for the reply!