From owner-freebsd-questions@FreeBSD.ORG  Mon Aug 12 17:46:09 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 879C2DB6
 for <freebsd-questions@freebsd.org>; Mon, 12 Aug 2013 17:46:09 +0000 (UTC)
 (envelope-from trond@fagskolen.gjovik.no)
Received: from smtp.fagskolen.gjovik.no (smtp.fagskolen.gjovik.no
 [IPv6:2001:700:1100:1:200:ff:fe00:b])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id BFF292F9C
 for <freebsd-questions@freebsd.org>; Mon, 12 Aug 2013 17:46:08 +0000 (UTC)
Received: from mail.fig.ol.no (localhost [127.0.0.1])
 by mail.fig.ol.no (8.14.7/8.14.7) with ESMTP id r7CHk2uF058028
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
 Mon, 12 Aug 2013 19:46:02 +0200 (CEST)
 (envelope-from trond@fagskolen.gjovik.no)
Received: from localhost (trond@localhost)
 by mail.fig.ol.no (8.14.7/8.14.7/Submit) with ESMTP id r7CHk2g1058025;
 Mon, 12 Aug 2013 19:46:02 +0200 (CEST)
 (envelope-from trond@fagskolen.gjovik.no)
X-Authentication-Warning: mail.fig.ol.no: trond owned process doing -bs
Date: Mon, 12 Aug 2013 19:46:02 +0200 (CEST)
From: =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no>
Sender: Trond.Endrestol@fagskolen.gjovik.no
To: David Demelier <demelier.david@gmail.com>
Subject: Re: sysvipc only for one jail
In-Reply-To: <alpine.BSF.2.00.1308121407470.90799@mail.fig.ol.no>
Message-ID: <alpine.BSF.2.00.1308121928480.90799@mail.fig.ol.no>
References: <CAO+PfDe3VDRpK9ALrsvwxBcAyejfN85FRvMLU3Q4CKmMgkG3+A@mail.gmail.com>
 <20130811173341.6d1cb2e7@arsenic> <20130811173630.24ed528c@arsenic>
 <CAO+PfDct3aXrrszdWOOu7KUPaxVKrPvboJJn29ipKUS9pCo+_g@mail.gmail.com>
 <alpine.BSF.2.00.1308121323550.90799@mail.fig.ol.no>
 <CAO+PfDfunKiUx=2SV678jZqzwWHoVPonUwi_MMyNvSJ_HCiUuQ@mail.gmail.com>
 <alpine.BSF.2.00.1308121407470.90799@mail.fig.ol.no>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Organization: Fagskolen Innlandet
OpenPGP: url=http://fig.ol.no/~trond/trond.key
MIME-Version: 1.0
Content-Type: MULTIPART/Mixed;
 BOUNDARY="2055831798-2119261980-1376309398=:90799"
Content-ID: <alpine.BSF.2.00.1308121928481.90799@mail.fig.ol.no>
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED
 autolearn=unavailable version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mail.fig.ol.no
Cc: Maciej Suszko <maciej@suszko.eu>, freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Aug 2013 17:46:09 -0000

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--2055831798-2119261980-1376309398=:90799
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Content-ID: <alpine.BSF.2.00.1308121928482.90799@mail.fig.ol.no>

On Mon, 12 Aug 2013 14:09+0200, Trond Endrestøl wrote:

> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote:
> 
> > 2013/8/12 Trond Endrestøl <Trond.Endrestol@fagskolen.gjovik.no>:
> > > On Mon, 12 Aug 2013 12:40+0200, David Demelier wrote:
> > >
> > >> 2013/8/11 Maciej Suszko <maciej@suszko.eu>:
> > >> > Maciej Suszko <maciej@suszko.eu> wrote:
> > >> > [...]
> > >> >>
> > >> >> You can specify different params for each jail using _parameters, for
> > >> >> example:
> > >> >>
> > >> >> jail_jailname_params="allow.chflags=1 allow.sysvipc=1"
> > >> >
> > >> > Sorry, my mistake - it should be jail_jailname_parameters= of course.
> > >> > --
> > >> > regards, Maciej Suszko.
> > >>
> > >> Thanks for your message,
> > >>
> > >> However, I could not find this setting in the manual of rc.conf(5)
> > >> neither in /etc/rc.d/jail :(. It does not seems to be applied.
> > >
> > > Have a look at jail(8) and the last lines of /etc/default/rc.conf.
> > 
> > I see,
> > 
> > I've added what Maciej Suszko told me but the sysctls in the jail is
> > not set as it should be :
> > 
> > security.jail.param.allow.sysvipc: 0
> > security.jail.param.allow.chflags: 0
> > 
> > And thus, it's not enabled as postgresql tells:
> > 
> > creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL:
> >  could not create shared memory segment: Function not implemented
> 
> I'll look into this by creating a new jail for PostgreSQL 9.2 when I 
> get home.

My host is running 9.2-PRERELEASE, r254150, in VirtualBox 4.2.16.
The jails are running world, also at r254150.

I added the following to the host's /etc/rc.conf:

jail_enable="YES"
jail_list="postgresql"

jail_postgresql_rootdir="/jails/postgresql"
jail_postgresql_hostname="postgresql.bsd.net"
jail_postgresql_interface="vtnet0"
jail_postgresql_fib="0"
jail_postgresql_ip="10.0.2.103,2001:db8::103"
jail_postgresql_exec_start="/bin/sh /etc/rc"
jail_postgresql_exec_stop="/bin/sh /etc/rc.shutdown"
jail_postgresql_devfs_enable="YES"
jail_postgresql_parameters="enforce_statfs=1 allow.chflags=1 allow.sysvipc=1 allow.mount=1 allow.mount.zfs=1"

I added the following to the host's /etc/jail.conf:

postgresql {
  path = /jails/postgresql;
  enforce_statfs = 1;
  allow.chflags;
  allow.sysvipc;
  allow.mount;
  allow.mount.zfs;
  mount.devfs;
  host.hostname = postgresql.bsd.net;
  ip4.addr = 10.0.2.103;
  ip6.addr = 2001:db8::103;
  interface = vtnet0;
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
}

PostgreSQL 9.2.4 had no problems running initdb nor running postgres 
inside the jail:

root@freebsd-jails:/ # jexec 4 csh
root@postgresql:/ # /usr/local/etc/rc.d/postgresql status
pg_ctl: server is running (PID: 46623)
/usr/local/bin/postgres "-D" "/usr/local/pgsql/data"
root@postgresql:/ #

If you start the jail manually using jail(8), then /etc/jail.conf 
comes into play, whereas the lines in /etc/rc.conf is used during 
automatic startup of the jails when the host is rebooted. The whole 
arrangement seems unnecessary redundant, and I truly wish this can be 
merged sooner rather than later.

-- 
+-------------------------------+------------------------------------+
| Vennlig hilsen,               | Best regards,                      |
| Trond Endrestøl,              | Trond Endrestøl,                   |
| IT-ansvarlig,                 | System administrator,              |
| Fagskolen Innlandet,          | Gjøvik Technical College, Norway,  |
| tlf. mob.   952 62 567,       | Cellular...: +47 952 62 567,       |
| sentralbord 61 14 54 00.      | Switchboard: +47 61 14 54 00.      |
+-------------------------------+------------------------------------+
--2055831798-2119261980-1376309398=:90799
Content-Type: TEXT/PLAIN; CHARSET=us-ascii
Content-ID: <alpine.BSF.2.00.1308121928483.90799@mail.fig.ol.no>
Content-Description: 
Content-Disposition: INLINE

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
--2055831798-2119261980-1376309398=:90799--