Patrick Thomas wrote:
> 1. Does each jail need to have its own proc filesystem mounted?

It depends on how you plan to use it.  If you use no programs
that need procfs, then you don't need it.

> The
> original jail documentation says to do that, but I have heard rumors that
> this is not necessary.  What is the negative ramifications (if any) to
> running a jail without its own seperately mounted proc filesystem ?  (I
> have a test machine with ten jails on it, and I have ten extra proc
> filesystems mounted - I would like to avoid this if possible..)

Programs will fail to provide information normally obtained
from procfs (e.g. "ps" works this way), or will simply fail

For -current, you're also going to need to mount a devfs in
there, too, minimally for /dev/null and /dev/zero.

> 2. Does kern.maxproc scale in a linear fashion with maxusers ?

It's linear, but that doesn't mean it's correct for your
application.  The most common tuning mistake is bumping
up maxusers in order to get something else bumped up as a
side effect.

> 3. is kern.maxvnodes determined automatically based on other settings, or
> do I ever have to tune this myself by hand ?

Depends on the version of FreeBSD, as to whether it's
"automatic", since that could mean many things (e.g.
Matt's autoscaling patches based on physical RAM size);
you never _have_ to tune _anything_ by hand... but it's
often a good idea to do so.  The kern.maxvnodes is, as
Matt explained yesterday, self-limiting.

> 4. Why is it that some linux utilities, run inside a jail, get the
> hostname of the host machine, and not the hostname of the jail itself ?  I
> am successfully running linux apps in jails by using linux compat on the
> host system and running linux.ko, but sometimes these linux apps get the
> wrong hostnames....

Dunno.  Probably it's using linprocfs or something to
get the information, and the code is not adjusting the
return based on the caller being in a jail.  Ask PHK;
he started the whole "jail" thing.

-- Terry

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Reply via email to