From owner-freebsd-jail@FreeBSD.ORG Thu Jun 4 20:55:07 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6CB20106564A for ; Thu, 4 Jun 2009 20:55:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 2427F8FC0A for ; Thu, 4 Jun 2009 20:55:07 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 6B8E941C7A4; Thu, 4 Jun 2009 22:55:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id IGoIH8ZR6eDl; Thu, 4 Jun 2009 22:55:06 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 13CEF41C7A3; Thu, 4 Jun 2009 22:55:06 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id E5A2B4448E6; Thu, 4 Jun 2009 20:52:46 +0000 (UTC) Date: Thu, 4 Jun 2009 20:52:46 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Boris Samorodov In-Reply-To: <36883384@bb.ipt.ru> Message-ID: <20090604204751.Y12292@maildrop.int.zabbadoz.net> References: <11979393@h30.sp.ipt.ru> <20090531174837.R3234@maildrop.int.zabbadoz.net> <20090603130503.202126d6v3glhhq8@mail.lidstrom.eu> <36883384@bb.ipt.ru> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-jail@FreeBSD.org Subject: Re: sysvipc in jails + CURRENT X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jun 2009 20:55:07 -0000 On Thu, 4 Jun 2009, Boris Samorodov wrote: Hi, > There is definitely some inconsistency. JAIL(8) at recent > CURRENT talk about security.jail.param.allow.sysvipc and > it is listed via "sysctl -d security.jail.param". But seems > not to be used: > ----- at the jail ----- > # sysctl security.jail.param.allow.sysvipc > # > ----- If you can use an old jail binary things should work for you for the moment. The jail(8) compat code that still supports the old syntax but already uses the new syscall does not take the old sysctls into account - the problem you are seeing. Alternatively you could try updating the jail by hand using the new syntax and switch sysvipc on. The bug will probably be fixed latest somewhen next week and I just got back and have a huge backlog and Jamie will be back in a few days I think. /bz -- Bjoern A. Zeeb The greatest risk is not taking one.