Signal 11 messages showing in all jails?
Alexander Leidinger
Alexander at Leidinger.net
Mon May 19 13:17:30 UTC 2008
Quoting Andrew Snow <andrew at modulus.org> (from Mon, 19 May 2008
21:08:38 +1000):
>
> Sorry for previous message, it wasn't devfs rules at all that solved
> this problem.
The rules you posted are part of some kind of workaround. The rules
didn't include the "syslog pipe" for kernel messages (depends upon
your version of FreeBSD), so there should be no messages from the
kernel (like sig 11) in the syslog anymore with this.
> Instead you should set this in /etc/sysctl.conf:
>
> security.bsd.unprivileged_read_msgbuf=0
This also has implication for the jail-host. You need to be root to
read the dmesg.
All this is just a workaround, but not really a solution to the
problem. Ideally each jail gets messages from the kernel which
_belong_ into this jail (e.g. sig 11, if a process from _this_ jail
dies in this way).
Bye,
Alexander.
--
Pure drivel tends to drive ordinary
drivel off the TV screen.
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the freebsd-jail
mailing list