Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 Sep 2009 20:45:51 +0300
From:      Edwin Shao <edwin.shao@gmail.com>
To:        Jamie Gritton <jamie@freebsd.org>
Cc:        freebsd-jail@freebsd.org
Subject:   Re: Tutorial for Hierarchical Jails?
Message-ID:  <cf8a6aa50909281045x47e58e99y92437ffa86c72846@mail.gmail.com>
In-Reply-To: <4AC0E5E6.1010700@FreeBSD.org>
References:  <cf8a6aa50909280506g63030d9ft423c42e8c61700d@mail.gmail.com>  <4AC0E5E6.1010700@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Jamie,
When I try to change the parameter, nothing happens:
rescue /etc> sudo sysctl security.jail.param.children.max=1
security.jail.param.children.max: 0 -> 0

rescue /etc> sudo sysctl security.jail.param.children.max
security.jail.param.children.max: 0

Am I doing this incorrectly?

Thanks,
Edwin

On Mon, Sep 28, 2009 at 7:35 PM, Jamie Gritton <jamie@freebsd.org> wrote:

> Edwin Shao wrote:
>
>> Hello,
>> Does anyone have a walkthrough for how to get hierarchical jails to work?
>> I've been playing around with it for a couple of days and it simply is not
>> working. I would like to know if anyone has gotten it to work, and if so,
>> how?
>>
>> The error I tend to get within a jail (starting another child jail) is:
>> hyper# ./jail start
>> Configuring jails:.
>> Starting jails: cannot start jail "neko":
>>
>> I'm using very basic steps as outlined in <
>> http://www.freebsd.org/doc/en/books/handbook/jails-intro.html>; and I am
>> easily getting the jails to work in the non-jailed highest level system.
>>
>> What I have done to troubleshoot so far:
>> * Installed from scratch 8.0-RC1 ISO, make buildworld from scratch 8.0-RC1
>> /usr/src.
>> * Created very liberal sysctls.
>> * Tried different combinations of disabling/enabling mounted systems such
>> as
>> devfs, procfs, etc.
>> * Tried modifying different module fs to enable the "jail" flag.
>>
>> This is under a clean install of 8.0-RC1. I'd be happy to provide
>> additional
>> information for troubleshooting, but I'm not even sure what's going wrong.
>> It'd probably be more helpful for you to just let me know what you did to
>> get it wroking.
>>
>
> The main thing you need to do is to set the first-level jail's
> children.max parameter.  It defaults to zero, which doesn't allow a jail
> to create any child jails (the non-hierarchical default).  It sounds
> like you have everything else you need.
>
> - Jamie
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cf8a6aa50909281045x47e58e99y92437ffa86c72846>