From owner-freebsd-jail@FreeBSD.ORG Sun Jul 6 08:08:20 2014 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 089443BA for ; Sun, 6 Jul 2014 08:08:20 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E29942B67 for ; Sun, 6 Jul 2014 08:08:19 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s6688JMJ013480 for ; Sun, 6 Jul 2014 09:08:19 +0100 (BST) (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-jail@FreeBSD.org Subject: [Bug 191279] [jail] jail allow.sysvipc - doesn't work until jail is started TWICE after reboot Date: Sun, 06 Jul 2014 08:08:20 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 9.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: dreamcat4@gmail.com X-Bugzilla-Status: Needs Triage X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-jail@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jul 2014 08:08:20 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191279 --- Comment #6 from dreamcat4@gmail.com --- (In reply to joeb1 from comment #5) > When you say the allow.sysvipc parameter has no effect on a jails first > start after system boot. Just how are you determining this? I was previously checking the log file of the program 'zabbix2-server'. Which is unable to start, and logfile gives the reason: zabbix_server [4414]: cannot create Semaphore: [78] Function not implemented zabbix_server [4414]: unable to create mutex for log file However now that someone else has reproduced it too, I will try more things! > Do you see the "allow.sysvipc" listed by the "jls -name -j jailname" command. > I installed 10.0 from disc1.iso to a empty hard drive and running qjail-3.4 > and after starting the jail "jls -name -j jailname" shows "allow.sysvipc" > which means its enabled, and no error messages in the jails console log. This is on my host, after a fresh reboot: freenas // root^> qjail list STA JID NIC IP Jailname --- ---- --- --------------- -------------------------------------------------- DR 1 re0 192.168.1.205 nas4free DR 2 re0 192.168.1.81 nginx-webdav DR 3 re0 192.168.1.206 openvpn lo0|127.0.0.1 DR 4 re0 192.168.1.38 ps3netsrv DR 5 re0 192.168.1.207 tvheadend lo0|127.0.0.207 DR 6 re0 192.168.1.223 ums4 lo0|127.0.0.223 DR 7 re0 192.168.1.41 virtualbox lo0|127.0.0.2 DR 8 re0 192.168.1.214 webcamd lo0|127.0.0.214 DR 9 re0 192.168.1.212 zabbix lo0|127.0.0.212 freenas // root^> jls -h -j zabbix allow.sysvipc allow.sysvipc 0 freenas // root^> qjail restart zabbix Jail successfully stopped zabbix Jail successfully started zabbix freenas // root^> jls -h -j zabbix allow.sysvipc allow.sysvipc 1 Above we can see that jls will indeed report the problem if it occurs. Since I can still reproduce the error, I am investigating more today. Please bear with me... > Seeing jls showing the "allow.sysvipc" instead of "allow.nosysvipc" is the > only indicator I have available to verify its being set correctly. This There is also the command 'ipcs', which can be run inside the jail. Here again is my output after a another system reboot: freenas // root^> qjail console zabbix Last login: Sun Jul 6 08:05:03 on pts/0 FreeBSD 9.2-RELEASE-p3 (FREENAS.amd64) #0 r262572+7b72365: Fri Mar 14 15:50:04 PDT 2014 Welcome to your FreeBSD jail. zabbix ~/ root~# ipcs Message Queues: T ID KEY MODE OWNER GROUP Shared Memory: T ID KEY MODE OWNER GROUP Semaphores: T ID KEY MODE OWNER GROUP zabbix ~/ root~# exit logout freenas // root^> qjail restart zabbix Jail successfully stopped zabbix Jail successfully started zabbix freenas // root^> qjail console zabbix Last login: Sun Jul 6 08:53:45 on pts/0 FreeBSD 9.2-RELEASE-p3 (FREENAS.amd64) #0 r262572+7b72365: Fri Mar 14 15:50:04 PDT 2014 Welcome to your FreeBSD jail. zabbix ~/ root~# ipcs Message Queues: T ID KEY MODE OWNER GROUP Shared Memory: T ID KEY MODE OWNER GROUP m 65536 1745323649 --rw------- zabbix zabbix m 65537 2013759105 --rw------- zabbix zabbix m 65538 1946650241 --rw------- zabbix zabbix m 65539 1728546433 --rw------- zabbix zabbix m 65540 1929873025 --rw------- zabbix zabbix m 65541 1393002113 --rw------- zabbix zabbix m 65542 1980204673 --rw------- zabbix zabbix m 65543 1812431314 --rw------- zabbix zabbix Semaphores: T ID KEY MODE OWNER GROUP s 65536 2047313537 --rw------- zabbix zabbix s 65537 2047312338 --rw------- zabbix zabbix zabbix ~/ root~# > indicator does not really prove the sysvipc function for the jail is > functional. As far as I know you need to run some application in the jail > that requires sysvipc access as the only true test. This application may > have to be started one time to set some application internal default setting > before it knows sysvipc is enabled on its second start. Look for a That would suggest be could just be restarting the zabbix_server application (rather than the jail). However that is not the case here. 2nd, 3rd, 4th, restart etc of zabbix_server rc.d script makes no difference. Wheras restarting the jail once, zabbix did not repeat error message, and all was OK. > application configure file to set sysvipc as the default instead of the tcp > default setting. What application are you running in the jail and how does > that application get started? Unfortunately sysvipc / unix semaphores is always required for this particular program (zabbix). It has no option to switch them off, or use some alternative mechanism instead (such as TCP). Otherwise I would have disabled sysvipc usage in the zabbix application a long time ago. > Almost 99% sure your problem is caused by your jailed application and not > qjail or jail(8). Nah. I would be very surprised, given today's output from jls and ipcs commands, that the problem is anything to do with the zabbix application itself. It just seems some of us could reproduce this issue, and some of us can't. We seem to have 2 reports of success. And equally 2 of fail. What seems to be missing is better instructions to reproduce this (my fault). There must be some other circumstances specific to my host, which is triggering this to occur... I will find out today. For one thing, we know that on startup, qjail is changing the same jail.conf file. Then re-calling jail(8) program again on the next jail in the list. So maybe that's got something to do with it. Please bear with me. I will look into it further. -- You are receiving this mail because: You are the assignee for the bug.