Date: Sat, 30 Dec 2017 22:26:09 +0200 From: Dmytro Bilokha <dmytro@posteo.net> To: Adam Weinberger <adamw@adamw.org> Cc: freebsd-ports@freebsd.org Subject: Re: How to mount procfs and fdescfs inside a poudriere jail? Message-ID: <20171230202606.GA45236@wstan> In-Reply-To: <20171230180215.GA43613@wstan> References: <20171230171447.GA56278@wstan> <75CC7F34-79D2-4239-87A8-C9C20E1E05E8@adamw.org> <20171230180215.GA43613@wstan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Dec 30, 2017 at 08:02:15PM +0200, Dmytro Bilokha wrote: >On Sat, Dec 30, 2017 at 10:47:36AM -0700, Adam Weinberger wrote: >>> On 30 Dec, 2017, at 10:14, Dmytro Bilokha <dmytro@posteo.net> wrote: >>> >>> Hello, Everyone! >>> >>> When I try to build java/openjdk8 with poudriere I'm getting the error: >>> --- >>> configure: Found potential Boot JDK using configure arguments >>> configure: Potential Boot JDK found at /usr/local/bootstrap-openjdk8 is >>> incorrect JDK version (Error occurred during initialization of VM); >>> ignoring >>> configure: (Your Boot JDK must be version 7 or 8) >>> configure: error: The path given by --with-boot-jdk does not contain a >>> valid Boot JDK >>> configure exiting with result code 1 >>> --- >>> I suspect it happens, because bootstrap-openjdk8 needs some stuff to be >>> mounted. >>> Here is a snippet from its pkg-message: >>> --- >>> This OpenJDK implementation requires fdescfs(5) mounted on /dev/fd and >>> procfs(5) mounted on /proc. >>> --- >>> >>> Does someone know how to mount fdescfs and procfs inside a poudriere jail? >>> Is it possible at all? >>> Or, maybe, some workarouns exist to build openjdk8 with poudriere? Any >>> help would be appriciated. >> >>It doesn't seem to documented in poudriere.conf, but there are USE_PROFCS >>and USE_FDESCFS settings you can turn on in poudriere.conf. >> >># Adam >> >> >>-- >>Adam Weinberger >>adamw@adamw.org >>http://www.adamw.org >> > >I've added the following lines to the /usr/local/etc/poudriere.conf: >USE_PROCFS=yes >USE_FDESCFS=yes >Then I've restarted my build and issued the command: >jexec <jail id here> mount >And in the output I see only: > >nroot/poudriere/jails/11amd64-local-wstan-ref/02 on / (zfs, local, noatime, nfsv4acls) > >No procfs or fdescfs and openjdk8 build still fails with the same error in the log. >Should I drop my poudriere jail and recreate new for poudriere.conf changes to be applied? >Or maybe, I need to do something else? > >-- >Dmytro Bilokha >dmytro@posteo.net >+38-050-607-41-43 I've investigated a little bit. And it seems like allowing poudriere jail to mount procfs and fdescfs is not a trivial task, because it should be allowed on the kernel level also. To do it I've added sysctls: security.jail.enforce_statfs=0 security.jail.mount_allowed=1 security.jail.param.allow.mount.linprocfs=1 security.jail.param.allow.mount.procfs=1 security.jail.mount_linprocfs_allowed=1 security.jail.mount_procfs_allowed=1 security.jail.param.allow.mount.fdescfs=1 security.jail.param.allow.mount.tmpfs=1 security.jail.param.allow.mount.nullfs=1 security.jail.param.allow.mount.devfs=1 security.jail.mount_fdescfs_allowed=1 But when I've checked configuration of the running poudriere jail with jls -n -j <jail id> the output is: devfs_ruleset=0 nodying enforce_statfs=2 host=new ip4=disable ip6=disable jid=1 linux=new name=11amd64-local-wstan osreldate=1101001 osrelease=11.1-RELEASE-p4 parent=0 path=/usr/local/poudriere/data/.m/11amd64-local-wstan/ref persist securelevel=-1 sysvmsg=inherit sysvsem=inherit sysvshm=inherit allow.chflags allow.nomount allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs allow.mount.notmpfs allow.mount.nozfs allow.noquotas allow.noraw_sockets allow.set_hostname allow.nosocket_af allow.sysvipc children.cur=0 children.max=0 cpuset.id=2 host.domainname="" host.hostid=0 host.hostname=11amd64-local-wstan host.hostuuid=00000000-0000-0000-0000-000000000000 ip4.addr=127.0.0.1 ip4.saddrsel ip6.addr=::1 ip6.saddrsel linux.osname=Linux linux.osrelease=2.6.32 linux.oss_version=198144 And it contains allow.nomount allow.mount.nofdescfs allow.mount.noprocfs. And I cannot find a way to change these poudriere jail parameters, because poudriere doesn't use /etc/jail.conf. Does anyone have any ideas? -- Dmytro Bilokha dmytro@posteo.net +38-050-607-41-43
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20171230202606.GA45236>