Date: Thu, 21 Feb 2008 14:10:34 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: Tommy Pham <tommyhp2@yahoo.com> Cc: freebsd-jail@freebsd.org Subject: Re: restrictions between host and jail Message-ID: <47BD784A.5090804@quip.cz> In-Reply-To: <191163.24082.qm@web38214.mail.mud.yahoo.com> References: <191163.24082.qm@web38214.mail.mud.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tommy Pham wrote: > Hi, > > Could someone please explain to me the difference between host and jail > when the security.jail settings are as follow: > > security.jail.mount_allowed: 1 > security.jail.chflags_allowed: 1 > security.jail.allow_raw_sockets: 1 > security.jail.enforce_statfs: 2 > security.jail.sysvipc_allowed: 1 > security.jail.socket_unixiproute_only: 1 > security.jail.set_hostname_allowed: 1 > > I also have devfs (with various rulesets), fdescfs, procfs enabled for > the jail. > > I'm trying to run glassfish inside the jail but I'm having a problem > about it being delayed at start-up. I don't have this problem in the > host environment. I've post a about glassfish resource requirement at > glassfish's forum but I didn't get any response. > > I've tried running glassfish with all variations of configurations in > security.jail and jail's filesystem (devfs, procfs, fdescfs) and still > unable to find the cause in the delayed start-up. Glassfish takes less > 30 seconds to start in host while in jail, takes 5+ minutes. When I > run asadmin list-domains, I get "Unauthorized access" in jail > environment. I didn't get this error in host. I don't know glassfish, but can it be caused by some problems with domain name resolution? (empty or wrong /etc/resolv.conf or /etc/hosts in jail) Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47BD784A.5090804>