From owner-freebsd-jail@FreeBSD.ORG Mon Sep 28 17:46:12 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4F4B1106568D for ; Mon, 28 Sep 2009 17:46:12 +0000 (UTC) (envelope-from edwin.shao@gmail.com) Received: from mail-yx0-f171.google.com (mail-yx0-f171.google.com [209.85.210.171]) by mx1.freebsd.org (Postfix) with ESMTP id 091408FC16 for ; Mon, 28 Sep 2009 17:46:11 +0000 (UTC) Received: by yxe1 with SMTP id 1so5495913yxe.3 for ; Mon, 28 Sep 2009 10:46:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type; bh=ZZmbhwT+X+IIKbM8tmQlyxw1VIHcEo57U/fbsEbTzvs=; b=izoU7p9yNPBPOLmdWSBD2IhQOo0ShVjE3wDrLfd5wM90R4HjWxvNSZwYhe05O3K0MJ ypTfrvAez3PxsOvU8lxFOmRWjKQ3RHIihJNIor9p4cOtRIiq1xaarZQKSE93hxjiYUOS yrKTPm7d62rwezrsyupKqLUSKY7SezO8SfGfg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=vhBUaDp5L97yZdK8xrqdKLbexBqYriS+iQRyRKUAQ8l5C9WAGrPLCucym8Keyu3rtx e4m3UM9/+CE42JB9+tJ1EVbdtyok000EN8+GDEerQv0DCUc0I1vRdnX67+JB4wnaQ5I0 0CnGzInqLLtKZq1lIke9hOCWf+q6ny75I7Eak= MIME-Version: 1.0 Received: by 10.101.146.33 with SMTP id y33mr3264992ann.194.1254159971126; Mon, 28 Sep 2009 10:46:11 -0700 (PDT) In-Reply-To: <4AC0E5E6.1010700@FreeBSD.org> References: <4AC0E5E6.1010700@FreeBSD.org> From: Edwin Shao Date: Mon, 28 Sep 2009 20:45:51 +0300 Message-ID: To: Jamie Gritton Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@freebsd.org Subject: Re: Tutorial for Hierarchical Jails? X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Sep 2009 17:46:12 -0000 Hi Jamie, When I try to change the parameter, nothing happens: rescue /etc> sudo sysctl security.jail.param.children.max=1 security.jail.param.children.max: 0 -> 0 rescue /etc> sudo sysctl security.jail.param.children.max security.jail.param.children.max: 0 Am I doing this incorrectly? Thanks, Edwin On Mon, Sep 28, 2009 at 7:35 PM, Jamie Gritton wrote: > Edwin Shao wrote: > >> Hello, >> Does anyone have a walkthrough for how to get hierarchical jails to work? >> I've been playing around with it for a couple of days and it simply is not >> working. I would like to know if anyone has gotten it to work, and if so, >> how? >> >> The error I tend to get within a jail (starting another child jail) is: >> hyper# ./jail start >> Configuring jails:. >> Starting jails: cannot start jail "neko": >> >> I'm using very basic steps as outlined in < >> http://www.freebsd.org/doc/en/books/handbook/jails-intro.html> and I am >> easily getting the jails to work in the non-jailed highest level system. >> >> What I have done to troubleshoot so far: >> * Installed from scratch 8.0-RC1 ISO, make buildworld from scratch 8.0-RC1 >> /usr/src. >> * Created very liberal sysctls. >> * Tried different combinations of disabling/enabling mounted systems such >> as >> devfs, procfs, etc. >> * Tried modifying different module fs to enable the "jail" flag. >> >> This is under a clean install of 8.0-RC1. I'd be happy to provide >> additional >> information for troubleshooting, but I'm not even sure what's going wrong. >> It'd probably be more helpful for you to just let me know what you did to >> get it wroking. >> > > The main thing you need to do is to set the first-level jail's > children.max parameter. It defaults to zero, which doesn't allow a jail > to create any child jails (the non-hierarchical default). It sounds > like you have everything else you need. > > - Jamie >