From owner-freebsd-questions@FreeBSD.ORG Mon Aug 12 11:57:16 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 582502A5 for ; Mon, 12 Aug 2013 11:57:16 +0000 (UTC) (envelope-from demelier.david@gmail.com) Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id E2DB6265A for ; Mon, 12 Aug 2013 11:57:15 +0000 (UTC) Received: by mail-wg0-f52.google.com with SMTP id b13so5358015wgh.19 for ; Mon, 12 Aug 2013 04:57:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=ITBMJ9TfpQ8jCXiAzb4toGMBsLoZpPZUPBGchgOuBgE=; b=AJb0Wuj9UDElU9cBFad36Pky5rVii3mVfdzaglMjRyQKpXpwmDRa32KMADKl2RQ1fI ++gekkYrGHjXCooNOJesQvl0UTzfxYUvGvwgJQyqjqpMMQ5YKsplYyUvXh1ujAjNjUp1 0Q7XqrL0ZxRWbit0Ie//epY02rHvEnulCEPMbK7oDzBNmqp8Xp0+N8bWs8WgpV07tDOL Hyzsku8TLtU5E2HJEuyivnCZ6wyjlFKgTLkufJyde/YGaJKsa9cGMHu32QRhFRIbE6rw F98hEWzPK2gOXW/84KXnRtfBg51Jrg+rikSK5BBbYNNQ39u4VF+uDuY7Tij8slfZ1CeI QzAg== MIME-Version: 1.0 X-Received: by 10.180.38.15 with SMTP id c15mr5850193wik.25.1376308634115; Mon, 12 Aug 2013 04:57:14 -0700 (PDT) Received: by 10.194.239.164 with HTTP; Mon, 12 Aug 2013 04:57:14 -0700 (PDT) In-Reply-To: References: <20130811173341.6d1cb2e7@arsenic> <20130811173630.24ed528c@arsenic> Date: Mon, 12 Aug 2013 13:57:14 +0200 Message-ID: Subject: Re: sysvipc only for one jail From: David Demelier To: =?UTF-8?Q?Trond_Endrest=C3=B8l?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: Maciej Suszko , freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Aug 2013 11:57:16 -0000 2013/8/12 Trond Endrest=C3=B8l : > On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote: > >> 2013/8/11 Maciej Suszko : >> > Maciej Suszko wrote: >> > [...] >> >> >> >> You can specify different params for each jail using _parameters, for >> >> example: >> >> >> >> jail_jailname_params=3D"allow.chflags=3D1 allow.sysvipc=3D1" >> > >> > Sorry, my mistake - it should be jail_jailname_parameters=3D of course= . >> > -- >> > regards, Maciej Suszko. >> >> Thanks for your message, >> >> However, I could not find this setting in the manual of rc.conf(5) >> neither in /etc/rc.d/jail :(. It does not seems to be applied. > > Have a look at jail(8) and the last lines of /etc/default/rc.conf. > > -- > +-------------------------------+------------------------------------+ > | Vennlig hilsen, | Best regards, | > | Trond Endrest=C3=B8l, | Trond Endrest=C3=B8l, = | > | IT-ansvarlig, | System administrator, | > | Fagskolen Innlandet, | Gj=C3=B8vik Technical College, Norway, = | > | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | > | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | > +-------------------------------+------------------------------------+ I see, I've added what Maciej Suszko told me but the sysctls in the jail is not set as it should be : security.jail.param.allow.sysvipc: 0 security.jail.param.allow.chflags: 0 And thus, it's not enabled as postgresql tells: creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: could not create shared memory segment: Function not implemented Cheers, --=20 Demelier David