Boris Samorodov | 3 Aug 22:00 2007
Picon

Is it safe to change compat.linux.osrelease inside a jail?

Hi!

I'm porting some Fedora Core 6 applications. Since the FreeBSD
package of a FC6 port should be build with non-default
compat.linux.osrelease and pointyhat is using jails to create
packages, here is the question at the Subject.

I know it _may_ be changed (I've tried and succeeded). Can someone
say that it's quite OK to do so (without bad effects to jail/host)?
Sure I ask about -CURRENT.

Thanks!

WBR
--

-- 
bsam
_______________________________________________
freebsd-jail@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscribe@..."

Alexander Leidinger | 6 Aug 09:33 2007
Picon

Re: Is it safe to change compat.linux.osrelease inside a jail?

Quoting Boris Samorodov <bsam@...> (from Sat, 04 Aug 2007 00:00:35 +0400):

> Hi!
>
>
> I'm porting some Fedora Core 6 applications. Since the FreeBSD
> package of a FC6 port should be build with non-default
> compat.linux.osrelease and pointyhat is using jails to create
> packages, here is the question at the Subject.
>
> I know it _may_ be changed (I've tried and succeeded). Can someone
> say that it's quite OK to do so (without bad effects to jail/host)?
> Sure I ask about -CURRENT.

Roman did some work to make this a per-jail feature. I haven't seen  
any obvious stuff in the code which would make using this a bad idea.  
So: there are no known side-effects to use this in a jail.

Bye,
Alexander.

--

-- 
"Well, if you can't believe what you read in a comic book, what *___can*
you believe?!"
		-- Bullwinkle J. Moose [Jay Ward]

http://www.Leidinger.net    Alexander  <at>  Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild  <at>  FreeBSD.org  : PGP ID = 72077137
_______________________________________________
freebsd-jail@... mailing list
(Continue reading)

Roman Divacky | 6 Aug 11:04 2007
Picon

Re: Is it safe to change compat.linux.osrelease inside a jail?

On Mon, Aug 06, 2007 at 09:33:03AM +0200, Alexander Leidinger wrote:
> Quoting Boris Samorodov <bsam <at> ipt.ru> (from Sat, 04 Aug 2007 00:00:35 
> +0400):
> 
> >Hi!
> >
> >
> >I'm porting some Fedora Core 6 applications. Since the FreeBSD
> >package of a FC6 port should be build with non-default
> >compat.linux.osrelease and pointyhat is using jails to create
> >packages, here is the question at the Subject.
> >
> >I know it _may_ be changed (I've tried and succeeded). Can someone
> >say that it's quite OK to do so (without bad effects to jail/host)?
> >Sure I ask about -CURRENT.
> 
> Roman did some work to make this a per-jail feature. I haven't seen  
> any obvious stuff in the code which would make using this a bad idea.  
> So: there are no known side-effects to use this in a jail.

I didnt do anything.. this has always been per-jail attribute :)
_______________________________________________
freebsd-emulation <at> freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-emulation
To unsubscribe, send any mail to "freebsd-emulation-unsubscribe <at> freebsd.org"

Alexander Leidinger | 6 Aug 11:49 2007
Picon

Re: Is it safe to change compat.linux.osrelease inside a jail?

Quoting Roman Divacky <rdivacky <at> freebsd.org> (from Mon, 6 Aug 2007  
11:04:22 +0200):

> On Mon, Aug 06, 2007 at 09:33:03AM +0200, Alexander Leidinger wrote:
>> Quoting Boris Samorodov <bsam <at> ipt.ru> (from Sat, 04 Aug 2007 00:00:35
>> +0400):
>>
>> >Hi!
>> >
>> >
>> >I'm porting some Fedora Core 6 applications. Since the FreeBSD
>> >package of a FC6 port should be build with non-default
>> >compat.linux.osrelease and pointyhat is using jails to create
>> >packages, here is the question at the Subject.
>> >
>> >I know it _may_ be changed (I've tried and succeeded). Can someone
>> >say that it's quite OK to do so (without bad effects to jail/host)?
>> >Sure I ask about -CURRENT.
>>
>> Roman did some work to make this a per-jail feature. I haven't seen
>> any obvious stuff in the code which would make using this a bad idea.
>> So: there are no known side-effects to use this in a jail.
>
> I didnt do anything.. this has always been per-jail attribute :)

Yes. Sorry for not being clear. You did the right work from the  
beginning to make the sysctl per jail instead of making it a global  
property of the system. And the feature which is protected by this  
sysctl should be able to work correctly for the use case.

(Continue reading)

Boris Samorodov | 6 Aug 19:45 2007
Picon

Re: Is it safe to change compat.linux.osrelease inside a jail?

On Mon, 06 Aug 2007 11:49:13 +0200 Alexander Leidinger wrote:
> Quoting Roman Divacky <rdivacky@...> (from Mon, 6 Aug 2007
> 11:04:22 +0200):
> > On Mon, Aug 06, 2007 at 09:33:03AM +0200, Alexander Leidinger wrote:
> >> Quoting Boris Samorodov <bsam@...> (from Sat, 04 Aug 2007 00:00:35
> >> +0400):

> >> >I'm porting some Fedora Core 6 applications. Since the FreeBSD
> >> >package of a FC6 port should be build with non-default
> >> >compat.linux.osrelease and pointyhat is using jails to create
> >> >packages, here is the question at the Subject.
> >> >
> >> >I know it _may_ be changed (I've tried and succeeded). Can someone
> >> >say that it's quite OK to do so (without bad effects to jail/host)?
> >> >Sure I ask about -CURRENT.
> >>
> >> Roman did some work to make this a per-jail feature. I haven't seen
> >> any obvious stuff in the code which would make using this a bad idea.
> >> So: there are no known side-effects to use this in a jail.
> >
> > I didnt do anything.. this has always been per-jail attribute :)

> Yes. Sorry for not being clear. You did the right work from the
> beginning to make the sysctl per jail instead of making it a global
> property of the system. And the feature which is protected by this
> sysctl should be able to work correctly for the use case.

Got it, thanks.

WBR
(Continue reading)

Chris Thunes | 10 Aug 18:42 2007

jtune not showing resource usage

Hey all,
  I've been working with the resource limiting patches on a 6.2 installation
and haven't been able to get jtune to show memory usage for jails at all.

[root <at> virt1] ~ # jtune -j 15 -i
JID Hostname Memory Used / Limit CPU Shares
15 jail0.rootbsd.net 0 M / 256 M 0

I have the limits enabled in sysctl and really have idea as to why this
wouldn't be displaying correctly. If there is anyone who can point me in the
right direction the help would be greatly appreciated.

- Chris
_______________________________________________
freebsd-jail@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscribe@..."

Kurt Jaeger | 12 Aug 14:24 2007

Patch for FreeBSD 6.2 fstat(1) to support unionfs (at least a little bit)

Hi!

fstat(1) from FreeBSD 6.2 can not display information about files which
reside in a unionfs[1], as can be seen in this example[2]:

USER     CMD          PID   FD MOUNT      INUM MODE         SZ|DV R/W
pi       less       31028 root -         -  ?(unionfs)    -
pi       less       31028   wd -         -  ?(unionfs)    -
pi       less       31028 jail -         -  ?(unionfs)    -
pi       less       31028 text -         -  ?(unionfs)    -
pi       less       31028    0 /vserv/vserv3.nepustil.net/dev    109 crw--w----   ttyp5 rw
pi       less       31028    1 /vserv/vserv3.nepustil.net/dev    109 crw--w----   ttyp5 rw
pi       less       31028    2 /vserv/vserv3.nepustil.net/dev    109 crw--w----   ttyp5 rw
pi       less       31028    3 /vserv/vserv3.nepustil.net/dev    109 crw--w----   ttyp5  r
pi       less       31028    4 -         -  ?(unionfs)    -

This patch[3] fixes it, as can be seen in this other example[4]:

USER     CMD          PID   FD MOUNT      INUM MODE         SZ|DV R/W
pi       less       31028 root /vserv/vserv3.nepustil.net 4804764 drwxrwxr-x     512  r  unionupper /usr    
pi       less       31028   wd /vserv/vserv3.nepustil.net 5042109 drwx------    1536  r  unionupper /usr    
pi       less       31028 jail /vserv/vserv3.nepustil.net 4804764 drwxrwxr-x     512  r  unionupper /usr    
pi       less       31028 text /vserv/vserv3.nepustil.net 5159119 -r-xr-xr-x  109300  r  unionlower /usr    
pi       less       31028    0 /vserv/vserv3.nepustil.net/dev    109 crw--w----   ttyp5 rw
pi       less       31028    1 /vserv/vserv3.nepustil.net/dev    109 crw--w----   ttyp5 rw
pi       less       31028    2 /vserv/vserv3.nepustil.net/dev    109 crw--w----   ttyp5 rw
pi       less       31028    3 /vserv/vserv3.nepustil.net/dev    109 crw--w----   ttyp5  r
pi       less       31028    4 /vserv/vserv3.nepustil.net 5042526 -rw-------     702  r  unionupper /usr    

The filesytems involved:
(Continue reading)

Miroslav Lachman | 13 Aug 16:07 2007
Picon

Re: jtune not showing resource usage

Chris Thunes wrote:
> Hey all,
>   I've been working with the resource limiting patches on a 6.2 installation
> and haven't been able to get jtune to show memory usage for jails at all.
> 
> [root <at> virt1] ~ # jtune -j 15 -i
> JID Hostname Memory Used / Limit CPU Shares
> 15 jail0.rootbsd.net 0 M / 256 M 0
> 
> I have the limits enabled in sysctl and really have idea as to why this
> wouldn't be displaying correctly. If there is anyone who can point me in the
> right direction the help would be greatly appreciated.

Hi,
I had same question more than month ago, but no answer (2007-06-29). So 
I think no competent person is subscribed to this list.
[I CCed cdjones now = maybe he knows :)]

Miroslav Lachman
_______________________________________________
freebsd-jail@... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscribe@..."

Chris Thunes | 14 Aug 00:50 2007

Re: jtune not showing resource usage - fixed

On 8/13/07, Miroslav Lachman <000.fbsd@...> wrote:
>
> Chris Thunes wrote:
> > Hey all,
> >   I've been working with the resource limiting patches on a 6.2installation
> > and haven't been able to get jtune to show memory usage for jails at
> all.
> >
> > [root <at> virt1] ~ # jtune -j 15 -i
> > JID Hostname Memory Used / Limit CPU Shares
> > 15 jail0.rootbsd.net 0 M / 256 M 0
> >
> > I have the limits enabled in sysctl and really have idea as to why this
> > wouldn't be displaying correctly. If there is anyone who can point me in
> the
> > right direction the help would be greatly appreciated.
>
> Hi,
> I had same question more than month ago, but no answer (2007-06-29). So
> I think no competent person is subscribed to this list.
> [I CCed cdjones now = maybe he knows :)]
>
> Miroslav Lachman
>

I found the problem and was able to fix it and created a small patch for
anyone who needs this fixed. A function called prison_memory in
sys/kern/kern_jail.c is called to calculate the memory usage for a given
jail but this value is never stored back to the corresponding prison object
which is used by jtune to check the memory usage. This patch just drops a
(Continue reading)

Randy Schultz | 15 Aug 17:27 2007

security bug or operator "misunderstanding", and a query

Hey all,

I've been messing around with, and liking, jails.  I had a weird thing happen
tho' that I cannot explain, and seems to violate the concept of jail.

I have the AMD64 version of fbsd 6.2 set up, default install(plus a few minor
ports like sudo).  The jail setup is AFAIK standard, e.g. rc.conf has:

    jail_list="ntpjail"

    jail_ntpjail_rootdir=/usr/local/jails/jail1
    jail_ntpjail_hostname=ntpjail.earlham.edu
    jail_ntpjail_ip=192.168.1.59
    jail_ntpjail_interface=bge1
    jail_ntpjail_devfs_enable="YES"

The /dev dir is whatever is defined for jails in /etc/defaults/devfs.rules,
and no tweaks are in sysctl.conf.

When I have the parent/jail up and running, ntpd not running on the parent, if
I kick off ntpd in the jail, it actually kicks off ntpd in the parent then
barks with "address already in use".  Now, I understand the "address already
in use" part, but how can starting something in the jail affect anything on
the parent?  I thought the 2 were more separated than that.

I'm trying to get to a setup where ntp on the parent sets the system time but
doesn't answer any queries, and ntp in the jail answers the time queries.  If
anybody has any thoughts on whether or not this is even possible(short of
recoding part of ntp ;) or possible avenues of investigation, pls let me know.

(Continue reading)


Gmane