From owner-freebsd-ports@freebsd.org Sat Dec 30 20:26:16 2017 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 76E12EAAD01 for ; Sat, 30 Dec 2017 20:26:16 +0000 (UTC) (envelope-from dmytro@posteo.net) Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.posteo.de", Issuer "StartCom Class 3 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 24D506B441 for ; Sat, 30 Dec 2017 20:26:15 +0000 (UTC) (envelope-from dmytro@posteo.net) Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id BB5DF20234 for ; Sat, 30 Dec 2017 21:26:12 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1514665572; bh=Q9NNrt3albXWF+fOeyEOoAgvyp6932EsbQNU7ASVmek=; h=Date:From:To:Cc:Subject:From; b=nKihqzn5q6DM05O9un4L9Lf7P5UHM+ZI4dOK9l+yUHMzbnFLiIi2KE9Hj1UjHwSHH O2I9ZzEG94IrqC7O+Bdf0TiLtrXtqZ0P/1/vieA9PHB5YpWokFlQuQDnzzL7NmJBIz LrPnFVYXAvXQuEg3ir40XHEajDZ8SLWVZagHVOvLQTZm/QZtUBM8rB5OuC1FWtCoDp U75IUvhPUkBAcrc7QeCu3hMM+ECBYm7+SDabaFzUpUKsv9iURbsIe/QuSXWqVN3QW9 CIb6iHCuXqH8a6Tv/K9B7aqFAPxnf8GNiGPqih1qcXPer97AkJwEmMepcmTvFt16Rt IH6SP3h06WIKw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 3z8FN32yXhz9rxH; Sat, 30 Dec 2017 21:26:11 +0100 (CET) Date: Sat, 30 Dec 2017 22:26:09 +0200 From: Dmytro Bilokha To: Adam Weinberger Cc: freebsd-ports@freebsd.org Subject: Re: How to mount procfs and fdescfs inside a poudriere jail? Message-ID: <20171230202606.GA45236@wstan> References: <20171230171447.GA56278@wstan> <75CC7F34-79D2-4239-87A8-C9C20E1E05E8@adamw.org> <20171230180215.GA43613@wstan> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20171230180215.GA43613@wstan> User-Agent: Mutt/1.7.2 (2016-11-26) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 30 Dec 2017 20:26:16 -0000 On Sat, Dec 30, 2017 at 08:02:15PM +0200, Dmytro Bilokha wrote: >On Sat, Dec 30, 2017 at 10:47:36AM -0700, Adam Weinberger wrote: >>> On 30 Dec, 2017, at 10:14, Dmytro Bilokha wrote: >>> >>> Hello, Everyone! >>> >>> When I try to build java/openjdk8 with poudriere I'm getting the error: >>> --- >>> configure: Found potential Boot JDK using configure arguments >>> configure: Potential Boot JDK found at /usr/local/bootstrap-openjdk8 is >>> incorrect JDK version (Error occurred during initialization of VM); >>> ignoring >>> configure: (Your Boot JDK must be version 7 or 8) >>> configure: error: The path given by --with-boot-jdk does not contain a >>> valid Boot JDK >>> configure exiting with result code 1 >>> --- >>> I suspect it happens, because bootstrap-openjdk8 needs some stuff to be >>> mounted. >>> Here is a snippet from its pkg-message: >>> --- >>> This OpenJDK implementation requires fdescfs(5) mounted on /dev/fd and >>> procfs(5) mounted on /proc. >>> --- >>> >>> Does someone know how to mount fdescfs and procfs inside a poudriere jail? >>> Is it possible at all? >>> Or, maybe, some workarouns exist to build openjdk8 with poudriere? Any >>> help would be appriciated. >> >>It doesn't seem to documented in poudriere.conf, but there are USE_PROFCS >>and USE_FDESCFS settings you can turn on in poudriere.conf. >> >># Adam >> >> >>-- >>Adam Weinberger >>adamw@adamw.org >>http://www.adamw.org >> > >I've added the following lines to the /usr/local/etc/poudriere.conf: >USE_PROCFS=yes >USE_FDESCFS=yes >Then I've restarted my build and issued the command: >jexec mount >And in the output I see only: > >nroot/poudriere/jails/11amd64-local-wstan-ref/02 on / (zfs, local, noatime, nfsv4acls) > >No procfs or fdescfs and openjdk8 build still fails with the same error in the log. >Should I drop my poudriere jail and recreate new for poudriere.conf changes to be applied? >Or maybe, I need to do something else? > >-- >Dmytro Bilokha >dmytro@posteo.net >+38-050-607-41-43 I've investigated a little bit. And it seems like allowing poudriere jail to mount procfs and fdescfs is not a trivial task, because it should be allowed on the kernel level also. To do it I've added sysctls: security.jail.enforce_statfs=0 security.jail.mount_allowed=1 security.jail.param.allow.mount.linprocfs=1 security.jail.param.allow.mount.procfs=1 security.jail.mount_linprocfs_allowed=1 security.jail.mount_procfs_allowed=1 security.jail.param.allow.mount.fdescfs=1 security.jail.param.allow.mount.tmpfs=1 security.jail.param.allow.mount.nullfs=1 security.jail.param.allow.mount.devfs=1 security.jail.mount_fdescfs_allowed=1 But when I've checked configuration of the running poudriere jail with jls -n -j the output is: devfs_ruleset=0 nodying enforce_statfs=2 host=new ip4=disable ip6=disable jid=1 linux=new name=11amd64-local-wstan osreldate=1101001 osrelease=11.1-RELEASE-p4 parent=0 path=/usr/local/poudriere/data/.m/11amd64-local-wstan/ref persist securelevel=-1 sysvmsg=inherit sysvsem=inherit sysvshm=inherit allow.chflags allow.nomount allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs allow.mount.notmpfs allow.mount.nozfs allow.noquotas allow.noraw_sockets allow.set_hostname allow.nosocket_af allow.sysvipc children.cur=0 children.max=0 cpuset.id=2 host.domainname="" host.hostid=0 host.hostname=11amd64-local-wstan host.hostuuid=00000000-0000-0000-0000-000000000000 ip4.addr=127.0.0.1 ip4.saddrsel ip6.addr=::1 ip6.saddrsel linux.osname=Linux linux.osrelease=2.6.32 linux.oss_version=198144 And it contains allow.nomount allow.mount.nofdescfs allow.mount.noprocfs. And I cannot find a way to change these poudriere jail parameters, because poudriere doesn't use /etc/jail.conf. Does anyone have any ideas? -- Dmytro Bilokha dmytro@posteo.net +38-050-607-41-43