From owner-freebsd-jail@FreeBSD.ORG Mon Sep 28 16:35:56 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EBF1C1065676 for ; Mon, 28 Sep 2009 16:35:56 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from gritton.org (gritton.org [161.58.222.4]) by mx1.freebsd.org (Postfix) with ESMTP id B58548FC22 for ; Mon, 28 Sep 2009 16:35:56 +0000 (UTC) Received: from guppy.corp.verio.net (fw.oremut02.us.wh.verio.net [198.65.168.24]) (authenticated bits=0) by gritton.org (8.13.6.20060614/8.13.6) with ESMTP id n8SGZtQc065503; Mon, 28 Sep 2009 10:35:55 -0600 (MDT) Message-ID: <4AC0E5E6.1010700@FreeBSD.org> Date: Mon, 28 Sep 2009 10:35:50 -0600 From: Jamie Gritton User-Agent: Thunderbird 2.0.0.19 (X11/20090109) MIME-Version: 1.0 To: Edwin Shao References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@FreeBSD.org Subject: Re: Tutorial for Hierarchical Jails? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Sep 2009 16:35:57 -0000 Edwin Shao wrote: > Hello, > Does anyone have a walkthrough for how to get hierarchical jails to work? > I've been playing around with it for a couple of days and it simply is not > working. I would like to know if anyone has gotten it to work, and if so, > how? > > The error I tend to get within a jail (starting another child jail) is: > hyper# ./jail start > Configuring jails:. > Starting jails: cannot start jail "neko": > > I'm using very basic steps as outlined in < > http://www.freebsd.org/doc/en/books/handbook/jails-intro.html> and I am > easily getting the jails to work in the non-jailed highest level system. > > What I have done to troubleshoot so far: > * Installed from scratch 8.0-RC1 ISO, make buildworld from scratch 8.0-RC1 > /usr/src. > * Created very liberal sysctls. > * Tried different combinations of disabling/enabling mounted systems such as > devfs, procfs, etc. > * Tried modifying different module fs to enable the "jail" flag. > > This is under a clean install of 8.0-RC1. I'd be happy to provide additional > information for troubleshooting, but I'm not even sure what's going wrong. > It'd probably be more helpful for you to just let me know what you did to > get it wroking. The main thing you need to do is to set the first-level jail's children.max parameter. It defaults to zero, which doesn't allow a jail to create any child jails (the non-hierarchical default). It sounds like you have everything else you need. - Jamie