From owner-freebsd-jail@FreeBSD.ORG Thu Aug 21 12:40:24 2014 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 972053CF for ; Thu, 21 Aug 2014 12:40:24 +0000 (UTC) Received: from m2.gritton.org (gritton.org [63.246.134.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 731AC307D for ; Thu, 21 Aug 2014 12:40:23 +0000 (UTC) Received: œ(authenticated bits=0) by m2.gritton.org (8.14.9/8.14.9) with ESMTP id s7LCeIj0030765; Thu, 21 Aug 2014 08:40:18 -0400 (EDT) (envelope-from jamie@gritton.org) Message-ID: <53F5E8AB.2010404@gritton.org> Date: Thu, 21 Aug 2014 06:40:11 -0600 From: James Gritton User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: heartbeat inside jail References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Aug 2014 12:40:24 -0000 On 8/21/2014 5:05 AM, Василий Π’Π°Ρ‚Π°Ρ€Π΅Π½ΠΊΠΎ wrote: > I use FreeBSD 10.0-p7 > I try use heartbeat (/usr/ports/sysutils/heartbeat) inside jail. > My /etc/jail.conf: > >> allow.raw_sockets = "true"; >> allow.mount = "true"; >> allow.mount.devfs = "true"; >> mount.devfs = "true"; >> exec.start = "sh /etc/rc"; >> exec.stop = "sh /etc/rc.shutdown"; >> webcl { >> enforce_statfs = "1"; >> vnet = "new"; >> exec.prestart = "ifconfig epair1 create up"; >> exec.prestart += "ifconfig bridge0 addm epair1a"; >> exec.start = "ifconfig epair1b link **:**:**:**:**:**"; >> exec.start += "sh /etc/rc"; >> vnet.interface = "epair1b"; >> exec.poststop = "ifconfig bridge0 deletem epair1a"; >> exec.poststop += "ifconfig epair1a destroy"; >> path = "/jails/webcl"; >> name = "webcl"; >> host.hostname = "************"; >> allow.mount.nullfs = "true"; >> allow.mount.procfs = "true"; >> allow.sysvipc = "true"; >> } > When i start heartbeat by > >> service heartbeat onestart > I get errors like this: > >> Aug 21 10:38:39 de heartbeat: [40637]: ERROR: Unable to set scheduler >> parameters.: Operation not permitted >> Aug 21 10:38:39 de heartbeat: [40637]: ERROR: Unable to lock pid 40637 in >> memory: Operation not permitted > Aug 21 10:39:10 de heartbeat: [40647]: ERROR: unable to (re)set scheduler >> parameters.: Operation not permitted > > I tried to figure out what function exactly get Operation not permitted by > >> find /usr/ports/sysutils/heartbeat -exec grep -l 'Unable to set scheduler >> parameters' "{}" \; >> > And only file which is source is > >> /usr/ports/sysutils/heartbeat/work/STABLE-2.1.4/lib/clplumbing/realtime.c > So i dig inside and see that: > >> if ((staticp=sched_getscheduler(0)) < 0) { >> cl_perror("unable to get scheduler parameters."); >> }else{ >> memset(&sp, 0, sizeof(sp)); >> sp.sched_priority = priority; >> if (sched_setscheduler(0, spolicy, &sp) < 0) { >> cl_perror("Unable to set scheduler parameters."); >> } >> } > heartbeat process are all run from root. > What can i do to make it work? You'll have to excise the sched_setscheduler call, and possibly similar bits in other places (I haven't looked at heartbeat code). That's the kind of thing that affects the rest of the system, and jails don't allow it for that reason. If heartbeat won't work (or won't work well) without it, and you're inclined to hack around in the kernel, you could add PRIV_SCHED_SET to prison_priv_check in kern_jail.c. But my guess is heartbeat will work well enough without setting scheduler priorities. If it doesn't, it's questionable whether that's the kind of thing you want to run in hails anyway. - Jamie