FBSD jail versus VMWare? What services do YOU run in a jail?

Thu Apr 24 15:07:27 UTC 2014

> -----Original Message-----
> From: Peter Boosten [mailto:peter at boosten.org]
> Sent: Thursday, April 24, 2014 12:11 AM
> To: freebsd-questions at freebsd.org
> Subject: Re: FBSD jail versus VMWare? What services do YOU run in a jail?
> 
> On 24-4-2014 9:02, Eduardo Morras wrote:
> > On Tue, 22 Apr 2014 14:47:45 -0700
> > "edflecko ." <edflecko at gmail.com> wrote:
> >>
> >> What type of services CAN be run from within a jail?
> >
> > I tried to run PostgreSQL8.4 (IIRC) in a jail under FreeBSD8.2. There
were a
> lot of problems with SysV signals and semaphores (IIRC) and had to install
it
> in host. Don't know if it's actually relevant.
> >
> 
> PostgreSQL (now 9.1) runs fine in a jail.
> 

Under FreeBSD-8, I'm battling this very problem.
http://stackoverflow.com/questions/11909993/freebsd-jail-can-not-set-securit
y-jail-sysvipc-allowed

The article linked-to by the above stackoverflow question:
http://www.freebsddiary.org/jail-multiple.php

Of course, my situation is slightly different in that I'm using
a vnet jail, (aka a vimage) not just a normal jail.

I'm finding that the sysvipc_allowed option is not being
inherited by vnet jails. My first inclination (since this is for
$work) is to just go in and change the default (did something
similar for enforce_statfs -- changing default to 1).

Not sure why a vnet jail isn't inheriting the option where the
parent whereas a normal jail does. That may not pertain to
your situation (haven't read the whole thread yet), but that
seems to be the case for us (and it's not the boot script either,
because I can see that the knob is twiddled to 1 before creating
the vnet jails yet the knob remains zero inside the jail afterward).

Again, this is on 8.x.
-- 
Devin

_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.