From owner-freebsd-emulation@FreeBSD.ORG Mon Mar 8 22:28:21 2010 Return-Path: Delivered-To: freebsd-emulation@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 361911065670 for ; Mon, 8 Mar 2010 22:28:21 +0000 (UTC) (envelope-from lists@jnielsen.net) Received: from ns1.jnielsen.net (ns1.jnielsen.net [69.55.238.237]) by mx1.freebsd.org (Postfix) with ESMTP id 12BD28FC22 for ; Mon, 8 Mar 2010 22:28:20 +0000 (UTC) Received: from jnielsen.socialserve.com ([12.53.251.10]) (authenticated bits=0) by ns1.jnielsen.net (8.12.9p2/8.12.9) with ESMTP id o28MSKpf043825 for ; Mon, 8 Mar 2010 17:28:20 -0500 (EST) (envelope-from lists@jnielsen.net) From: John Nielsen To: freebsd-emulation@freebsd.org Date: Mon, 8 Mar 2010 17:28:14 -0500 User-Agent: KMail/1.12.4 (Darwin/9.8.0; KDE/4.3.4; i386; ; ) References: <201003021325.27197.lists@jnielsen.net> <20100304114050.00007a59@unknown> <201003041322.57875.lists@jnielsen.net> In-Reply-To: <201003041322.57875.lists@jnielsen.net> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201003081728.14735.lists@jnielsen.net> X-Virus-Scanned: ClamAV version 0.88.4, clamav-milter version 0.88.4 on ns1.jnielsen.net X-Virus-Status: Clean Subject: Re: linux-only jail possible? X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Mar 2010 22:28:21 -0000 On Thursday 04 March 2010 13:22:57 John Nielsen wrote: > On Thursday 04 March 2010 05:40:50 Alexander Leidinger wrote: > > On Wed, 3 Mar 2010 19:06:36 +0100 Roman Divacky > > > > wrote: > > > On Wed, Mar 03, 2010 at 11:59:49AM -0500, John Nielsen wrote: > > > > On Wednesday 03 March 2010 03:00:50 Roman Divacky wrote: > > > > > I succesfully ran chroot of linux environment on freebsd back in > > > > > 2007/2008. I firmly believe jail should work fine too > > > > > > > > Good to know, thanks! Would you mind sharing some more details? > > > > (Off-list is fine if you prefer.) Was it a more or less complete > > > > environment? What distro / version of Linux? > > > > > > I downloaded gentoo 2007 untarred it into /compat/linux and > > > chroot /compat/linux /bin/bash > > > > > > it just worked - nothing special was necessary > > > > > > dont remember much details but I had no problems with that setup > > > > It does not need to be in this directory off course. You can install > > the gentoo-dist ports (not the gentoo-baase port). After that you can > > copy all the files to the place where you want to have the jail. > > I went with CentOS 5.4 as that's the native environment I'm trying to > match. I didn't use ports at all, just manually extracted enough RPM's > from the DVD image to bootstrap the environment enough to run bash and > rpm. From there I did a chroot into the environment and ran (Linux) > bash. Running rpm natively I was able to get yum up and running and from > there installing everything else I wanted was relatively easy. > > > Now you just need to configure a jail. It does not matter much if you > > use the jail stuff in the base system or a framework like ezjail or > > similar, as long as you configure an appropriate startup script in the > > linux-jail. The linux-startup part you need to do yourself, I do not > > think the default linux startup stuff is approrpiate. I suggest to > > start at least a sshd before you start the software you want to > > use. This way you can login into the linux-jail and investigate issues > > like it is a real system. > > I actually did install the init scripts, etc. I was pleasantly surprised > to find (after reading through them) that rc.sysinit can be skipped > entirely while rc itself will do the right thing for the rest of the > init scripts (starting services, etc). Here's what I'm using: > > jail_centos_exec_start="/bin/sh /etc/rc.d/rc 3" > jail_centos_exec_stop="/bin/sh /etc/rc.d/rc 0" > > > I suggest to monitor the kernel messages on the FreeBSD host. There may > > be linux-syscalls which are not implemented (e.g. epoll stuff). > > Thanks, I had forgotten about that. So far nothing seems to have blown up > too terribly. > > The "consoletype" utility runs despite this message: > linux: pid 2100 (consoletype): ioctl fd=0, cmd=0x541c ('T',28) is not > implemented > > And sshd and crond both run despite this one: > linux: pid 2221 (sshd): syscall keyctl not implemented > linux: pid 2240 (crond): syscall keyctl not implemented > > Syslogd ran without complaint as well but didn't actually log anything. I > had to run it with "-p /var/run/log" (inside the jail via > /etc/sysconfig/syslog) and create a symlink to the socket in the jail's > /dev/log (outside the jail via exec_poststart). That's not ideal since > there's a period of time between when syslogd starts in the jail and the > symlink is created, but it works after that. It would be better in the > exec_prestart RC knob but the jail's devfs isn't necessarily mounted at > that point. > > My current hurdle is sshd: > Mar 3 22:20:51 centos sshd[88836]: fatal: openpty returns device for > which ttyname fails. > > Apparently the Linux sshd isn't using /dev/ptmx appropriately. I'll > probably just have to replace it with one that does.. > > I haven't gotten as far as actually running Apache or our application yet > but Python runs just fine (as evidenced by yum working) and I'm > encouraged by my success thus far. > > > There > > is currently no effort to implement those. There may be partial > > implementations for some sysctls (Roman has something somewhere), but > > nothing is in FreeBSD and no efforts are on the way to bring them in. > > If your software needs something like this, you either need to > > implement them yourself, switch the software to not use this (maybe > > by changing the linux emulation to 2.4 instead of 2.6), or to forget > > about using FreeBSD for this. emulation@ is a good address to ask > > questions regarding the status of things, > > http://wiki.freebsd.org/linux-kernel has some infos too. > > I seem to have lucked out in this aspect. You and Roman are just too > on-the- ball it would seem (and my software needs aren't that > extravagant..). > > Thanks again to all who have replied for the feedback and encouragement. > I'll follow up if I manage to get sshd and apache running happily. For those following along at home, sshd now works with Ed's recent openpty- appeasing patch. I hit another hurdle with Apache but I don't seem to be the first. httpd will start but its forked connection-handling children die: linux: pid 79586 (httpd): syscall epoll_create not implemented pid 79586 (httpd), uid 48: exited on signal 11 I saw on the wiki that epoll_create support is in perforce. Is that still a true statement? If so what is the most straightforward way to get a patch to test against? Thanks, JN