How to mount procfs and fdescfs inside a poudriere jail?

Dmytro Bilokha dmytro at posteo.net
Sat Dec 30 20:26:16 UTC 2017


On Sat, Dec 30, 2017 at 08:02:15PM +0200, Dmytro Bilokha wrote:
>On Sat, Dec 30, 2017 at 10:47:36AM -0700, Adam Weinberger wrote:
>>> On 30 Dec, 2017, at 10:14, Dmytro Bilokha <dmytro at posteo.net> wrote:
>>>
>>> Hello, Everyone!
>>>
>>> When I try to build java/openjdk8 with poudriere I'm getting the error:
>>> ---
>>> configure: Found potential Boot JDK using configure arguments
>>> configure: Potential Boot JDK found at /usr/local/bootstrap-openjdk8 is
>>> incorrect JDK version (Error occurred during initialization of VM);
>>> ignoring
>>> configure: (Your Boot JDK must be version 7 or 8)
>>> configure: error: The path given by --with-boot-jdk does not contain a
>>> valid Boot JDK
>>> configure exiting with result code 1
>>> ---
>>> I suspect it happens, because bootstrap-openjdk8 needs some stuff to be
>>> mounted.
>>> Here is a snippet from its pkg-message:
>>> ---
>>> This OpenJDK implementation requires fdescfs(5) mounted on /dev/fd and
>>> procfs(5) mounted on /proc.
>>> ---
>>>
>>> Does someone know how to mount fdescfs and procfs inside a poudriere jail?
>>> Is it possible at all?
>>> Or, maybe, some workarouns exist to build openjdk8 with poudriere? Any
>>> help would be appriciated.
>>
>>It doesn't seem to documented in poudriere.conf, but there are USE_PROFCS
>>and USE_FDESCFS settings you can turn on in poudriere.conf.
>>
>># Adam
>>
>>
>>--
>>Adam Weinberger
>>adamw at adamw.org
>>http://www.adamw.org
>>
>
>I've added the following lines to the /usr/local/etc/poudriere.conf:
>USE_PROCFS=yes
>USE_FDESCFS=yes
>Then I've restarted my build and issued the command:
>jexec <jail id here> mount
>And in the output I see only:
>
>nroot/poudriere/jails/11amd64-local-wstan-ref/02 on / (zfs, local, noatime, nfsv4acls)
>
>No procfs or fdescfs and openjdk8 build still fails with the same error in the log.
>Should I drop my poudriere jail and recreate new for poudriere.conf changes to be applied?
>Or maybe, I need to do something else?
>
>-- 
>Dmytro Bilokha
>dmytro at posteo.net
>+38-050-607-41-43

I've investigated a little bit. And it seems like allowing poudriere jail to mount procfs and
fdescfs is not a trivial task, because it should be allowed on the kernel level also. To do it
I've added sysctls:
security.jail.enforce_statfs=0
security.jail.mount_allowed=1
security.jail.param.allow.mount.linprocfs=1
security.jail.param.allow.mount.procfs=1
security.jail.mount_linprocfs_allowed=1
security.jail.mount_procfs_allowed=1
security.jail.param.allow.mount.fdescfs=1
security.jail.param.allow.mount.tmpfs=1
security.jail.param.allow.mount.nullfs=1
security.jail.param.allow.mount.devfs=1
security.jail.mount_fdescfs_allowed=1

But when I've checked configuration of the running poudriere jail with jls -n -j <jail id> the output is:
devfs_ruleset=0 nodying enforce_statfs=2 host=new ip4=disable ip6=disable jid=1 linux=new name=11amd64-local-wstan osreldate=1101001 osrelease=11.1-RELEASE-p4 parent=0 path=/usr/local/poudriere/data/.m/11amd64-local-wstan/ref persist securelevel=-1 sysvmsg=inherit sysvsem=inherit sysvshm=inherit allow.chflags allow.nomount allow.mount.nodevfs allow.mount.nofdescfs allow.mount.nolinprocfs allow.mount.nolinsysfs allow.mount.nonullfs allow.mount.noprocfs allow.mount.notmpfs allow.mount.nozfs allow.noquotas allow.noraw_sockets allow.set_hostname allow.nosocket_af allow.sysvipc children.cur=0 children.max=0 cpuset.id=2 host.domainname="" host.hostid=0 host.hostname=11amd64-local-wstan host.hostuuid=00000000-0000-0000-0000-000000000000 ip4.addr=127.0.0.1 ip4.saddrsel ip6.addr=::1 ip6.saddrsel linux.osname=Linux linux.osrelease=2.6.32 linux.oss_version=198144

And it contains allow.nomount allow.mount.nofdescfs allow.mount.noprocfs.
And I cannot find a way to change these poudriere jail parameters, because poudriere doesn't
use /etc/jail.conf.
Does anyone have any ideas?

-- 
Dmytro Bilokha
dmytro at posteo.net
+38-050-607-41-43


More information about the freebsd-ports mailing list