Date: Mon, 19 May 2008 15:17:18 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Andrew Snow <andrew@modulus.org> Cc: freebsd-jail@freebsd.org Subject: Re: Signal 11 messages showing in all jails? Message-ID: <20080519151718.54449sqj560rkgyo@webmail.leidinger.net> In-Reply-To: <48315FB6.7070103@modulus.org> References: <20080519051707.GA23266@sysmon.tcworks.net> <20080519103813.16651fkml5bc00v4@webmail.leidinger.net> <48315FB6.7070103@modulus.org>
index | next in thread | previous in thread | raw e-mail
Quoting Andrew Snow <andrew@modulus.org> (from Mon, 19 May 2008 21:08:38 +1000): > > Sorry for previous message, it wasn't devfs rules at all that solved > this problem. The rules you posted are part of some kind of workaround. The rules didn't include the "syslog pipe" for kernel messages (depends upon your version of FreeBSD), so there should be no messages from the kernel (like sig 11) in the syslog anymore with this. > Instead you should set this in /etc/sysctl.conf: > > security.bsd.unprivileged_read_msgbuf=0 This also has implication for the jail-host. You need to be root to read the dmesg. All this is just a workaround, but not really a solution to the problem. Ideally each jail gets messages from the kernel which _belong_ into this jail (e.g. sig 11, if a process from _this_ jail dies in this way). Bye, Alexander. -- Pure drivel tends to drive ordinary drivel off the TV screen. http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080519151718.54449sqj560rkgyo>