restrictions between host and jail
Tommy Pham
tommyhp2 at yahoo.com
Thu Feb 21 12:43:39 UTC 2008
Hi,
Could someone please explain to me the difference between host and jail
when the security.jail settings are as follow:
security.jail.mount_allowed: 1
security.jail.chflags_allowed: 1
security.jail.allow_raw_sockets: 1
security.jail.enforce_statfs: 2
security.jail.sysvipc_allowed: 1
security.jail.socket_unixiproute_only: 1
security.jail.set_hostname_allowed: 1
I also have devfs (with various rulesets), fdescfs, procfs enabled for
the jail.
I'm trying to run glassfish inside the jail but I'm having a problem
about it being delayed at start-up. I don't have this problem in the
host environment. I've post a about glassfish resource requirement at
glassfish's forum but I didn't get any response.
I've tried running glassfish with all variations of configurations in
security.jail and jail's filesystem (devfs, procfs, fdescfs) and still
unable to find the cause in the delayed start-up. Glassfish takes less
30 seconds to start in host while in jail, takes 5+ minutes. When I
run asadmin list-domains, I get "Unauthorized access" in jail
environment. I didn't get this error in host.
Thanks in advance,
Tommy
More information about the freebsd-jail
mailing list