restrictions between host and jail
Miroslav Lachman
000.fbsd at quip.cz
Thu Feb 21 13:10:27 UTC 2008
Tommy Pham wrote:
> Hi,
>
> Could someone please explain to me the difference between host and jail
> when the security.jail settings are as follow:
>
> security.jail.mount_allowed: 1
> security.jail.chflags_allowed: 1
> security.jail.allow_raw_sockets: 1
> security.jail.enforce_statfs: 2
> security.jail.sysvipc_allowed: 1
> security.jail.socket_unixiproute_only: 1
> security.jail.set_hostname_allowed: 1
>
> I also have devfs (with various rulesets), fdescfs, procfs enabled for
> the jail.
>
> I'm trying to run glassfish inside the jail but I'm having a problem
> about it being delayed at start-up. I don't have this problem in the
> host environment. I've post a about glassfish resource requirement at
> glassfish's forum but I didn't get any response.
>
> I've tried running glassfish with all variations of configurations in
> security.jail and jail's filesystem (devfs, procfs, fdescfs) and still
> unable to find the cause in the delayed start-up. Glassfish takes less
> 30 seconds to start in host while in jail, takes 5+ minutes. When I
> run asadmin list-domains, I get "Unauthorized access" in jail
> environment. I didn't get this error in host.
I don't know glassfish, but can it be caused by some problems with
domain name resolution? (empty or wrong /etc/resolv.conf or /etc/hosts
in jail)
Miroslav Lachman
More information about the freebsd-jail
mailing list