jail and emulators/linux_base

[Kris Kennaway]

On Wed, Dec 03, 2003 at 10:22:16AM +0100, Niklas Saers Mailinglistaccount wrote:
> Hi all,
> 
> I'm running CURRENT and set up a jail where I want to install SUN JDK
> 1.4.2. In the process, linux emulation needs to be installed. While
> installing emulators/linux_base, I get the following:
> 
> ===> Installing for linux_base-7.1_5
> Un-mounting linprocfs...
> umount: retrying using path instead of file system ID
> ===>  Generating temporary packing list
> ===> Checking if emulators/linux_base already installed
> mknod: /compat/linux/dev/null: Operation not permitted
> *** Error code 1
> 
> While Linux-emulation is already up and running on the host-machine, it
> seems the jail is not allowed to create what it needs to run it. I
> understand allowing mknod(8) within a jail is dangerous in the case where
> you allow untrusted users to be root. Is there some way to either say "I
> don't let untrusted users be root" thus allowing this or to compile
> emulators/linux_base more jail-friendly, possibly setting things up from
> outside the jail?

"jail where I trust users not to try to take over my system" = "chroot".

> About compiles, btw, they seem to drag out forever in a jail. Especially
> configure takes ridiculous long time. I was under the impression that the
> overhead of running a jail should be very small, yet compiling
> shells/bash2 in a fresh jail took 8 minutes and 8.6 seconds while
> compiling it on the host system took 54.9 seconds. Are there options that
> may affect jail-performance I can tune?

That's weird..it shouldn't be doing that.  What scheduler are you
running, what does top show, have you tried to trace the processes
using ktrace, etc?

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20031203/b9a90087/attachment.bin