Re: Jail starts but doesn't start
Try sh first. Bash might not be installed in jail. -- Michael Scheidell CTO SECNAP Network Security 561-999-5000tel:5619995000 -Original message- From: Mickey Harvey mh.u...@gmail.com To: freebsd-jail@freebsd.org freebsd-jail@freebsd.org Sent: Wed, May 4, 2011 23:24:55 GMT+00:00 Subject: Jail starts but doesn't start Hosts /etc/rc.conf 1. ifconfig_bge0=inet 192.168.224.11 netmask 255.255.255.0 2. defaultrouter=192.168.224.1 3. sshd_enable=YES 4. 5. linux_enable=YES 6. zfs_enable=YES 7. jail_enable=YES 8. jail_list=www0 dns0 smarty0 centos 9. 10. ifconfig_bge0_alias0=inet 192.168.224.12 netmask 255.255.255.255 11. jail_www0_rootdir=/tank/jails/www0 12. jail_www0_hostname=www0 13. jail_www0_ip=192.168.224.12 14. jail_www0_devfs_enable=YES 15. jail_www0_exec_stop=/etc/rc.shutdown 16. 17. #JAIL READY TO USE, JUST NEEDS APPROPRIATE FSTAB ENTRIES 18. #ENTRIES ARE IN LOADER.CONF 19. #TRIED TO BOOT WITH REQUIRED FSTAB BUT IT BROKE SO I REVERTED 20. #5/3/11 MH 21. #ifconfig_bge0_alias1=inet 192.168.224.13 netmask 255.255.255.255 22. #jail_deb0_rootdir=/tank/jails/deb0 23. #jail_deb0_hostname=deb0 24. #jail_deb0_ip=192.168.224.13 25. #jail_deb0_devfs_enable=YES 26. #jail_deb0_exec_start=/etc/init.d/rc 3 27. #jail_deb0_exec_stop=/etc/init.d/rc 0 28. #jail_deb0_flags=-l -u root 29. 30. ifconfig_bge0_alias1=inet 192.168.224.14 netmask 255.255.255.255 31. jail_dns0_rootdir=/tank/jails/dns0 32. jail_dns0_hostname=dns0 33. jail_dns0_ip=192.168.224.14 34. jail_dns0_devfs_enable=YES 35. jail_dns0_exec_stop=/etc/rc.shutdown 36. 37. ifconfig_bge0_alias2=inet 192.168.224.15 netmask 255.255.255.255 38. jail_smarty0_rootdir=/tank/jails/smarty0 39. jail_smarty0_hostname=smarty0 40. jail_smarty0_ip=192.168.224.15 41. jail_smarty0_devfs_enable=YES 42. jail_smarty0_exec_stop=/etc/rc.shutdown 43. 44. ifconfig_bge0_alias3=inet 192.168.224.16 netmask 255.255.255.255 45. jail_centos_rootdir=/tank/jails/centos 46. jail_centos_hostname=centos 47. jail_centos_ip=192.168.224.16 48. jail_centos_devfs_enable=YES Result of jls after /etc/rc.d/jail start centos (notice there's no entry for centos) JID IP Address Hostname Path 1 192.168.224.12 www0 /tank/jails/www0 2 192.168.224.14 dns0 /tank/jails/dns0 3 192.168.224.15 smarty0 /tank/jails/smarty0 No error messages when starting or stopping centos jail. /var/run contains jail_centos.id Alias exists on bge0. So I tried jexec 4 /bin/bash figuring jls just isn't showing the centos jail for some reason but: jexec: jail_attach(4): Invalid argument Anybody have any idea about what might be happening here? ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: jail rc
Use sh /bin/rc -- Michael Scheidell CTO SECNAP Network Security 561-948-2259tel:5619482259 -Original message- From: Mickey Harvey mh.u...@gmail.com To: freebsd-jail@freebsd.org freebsd-jail@freebsd.org Sent: Thu, Apr 21, 2011 18:30:17 GMT+00:00 Subject: jail rc This might be more of a question about how rc works instead of being entirely jail specific but here goes: I am trying to start a jail using the jail command such that it appears on the command line as jail /path/to/jail hostname 192.168.1.1 /bin/rc. I am expecting it to just start the jail and run the rc scripts but I must be doing something wrong because it returns the error jail: execvp: /bin/rc: Permission denied. ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: loopback in jail
for amavisd-new, right? On 11/10/10 12:16 PM, Andrei Kolu wrote: Hi, I have problem with binding port to localhost inside of jail (ezjail). can only have one '127.0.0.1'. even with vnet, I am sure. /usr/local/etc/amavisd.conf:$inet_socket_port = 10024; should be fine. however, you also need this: @inet_acl = ( qw [ 0.0.0.0/0 ] ); plus a lot of things. We have a commercial hosted email security product with multiple dozens of amavisd based VPS's and it took a while to get it to work. try the amavisd users group as well. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
RE: How do you manage your jails?
pssh with pki keys to run multiple commands, ports in main. Make packages then pssh each to install the package -Original Message- From: Christer Solskogen christer.solsko...@gmail.com Sent: Thursday, January 28, 2010 5:05 PM To: freebsd-jail@freebsd.org freebsd-jail@freebsd.org Subject: How do you manage your jails? So you have installed a FreeBSD server and setup several jails on your system. They run the services they need and everything works smoothly. But how do manage all of them? What do you do if you want to run a command on all jails? Do you run cfengine/puppy? How do you setup sendmail? Do you have sendmail on all jails? Do you share ports to all jails? How do you keep ports up to date on them? Do you have a set of scripts that you want to share? On http://antarctica.no/stuff/UNIX/FreeBSD/jails/ you'll find what I use. I'm preparing a talk for BLUG (the local Linux/BSD group) and I want to know how YOU manage your jails, there sure are more than one way do it. -- chs ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: starting jails in the background dependencies
On 1/5/10 5:35 AM, Remko Lodder wrote: My first reaction is to only allow to start in the background, but everything else needs to be serialized. i second that 'start in parallel', stop in serial, however, even with stop in serial, if I have 64 jails, even in a fast, quad/quad core system, I find that I stop jails prior to reboot/shutdown. even at that, for some reason, mysql doesn't always stop. in reboot, it does take a LONG time for them to all come up. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: crontab hanging won't die on SIGTERM in jail
you the jailutils guy? thanks, good stuff. (been meaning to ask why certain options that work outside of jail don't work inside also) thanks for finding this. really flustered. (but sigkill works also!) Stef Walter wrote: Stef Walter wrote: Michael Scheidell wrote: anyone having problems during an in jail shutdown with crontab hanging? I have seen this in 6.4 and 7.1, on i386 and amd64. I don't remember problems with 6.3 I see this same problem in certain jails. A jail that has this problem does it consistently, jails without the problem (on the same machine, same FreeBSD userland/kernel) don't have the problem consistently. Turns out (for me) the bug was in jailutils, and occurred when the jail had been restarted from inside the jail using the jkill (or appropriately configured reboot) command. I've released a new version of jailutils (1.6) that fixes this problem. Cheers, Stef -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: crontab hanging won't die on SIGTERM in jail
Stef Walter wrote: # mkdir -p /etc/rc.conf.d # echo sig_stop=SIGQUIT /etc/rc.conf.d/cron from lots of man pages, and old POSIX docs, they say that to 'reboot' or stop a unix system you send a SIGTERM to everything. the 'critcal' systems that need to stay up during reboot/haltsys (init!, getty) or anything that needs to do cleanup are supposed to trap (and ignore SIGTERM) once the non critical systems are stopped, THEN you send the SIGQUIT. I can't see anything critical about cron running during a reboot or haltsys. SIGQUIT should be the default for it anyway. did you verify that this works for you? that after setting for hours /etc/rc.d/cron stop works? (I had one sitting overnight, worked. yes, I want to know why.. I suspect its some combination of something rc. calls (something in my /usr/local/etc/rc.d dir) but don't know why it 'hangs around'. maybe one of those rc scripts sets something bad. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
crontab hanging won't die on SIGTERM in jail
anyone having problems during an in jail shutdown with crontab hanging? I have seen this in 6.4 and 7.1, on i386 and amd64. I don't remember problems with 6.3 using jailtools (jkill -r), OR shutdown -r +0 OR reboot reboot: SIGTSTP init: No such process truss shows: truss -p 87553 (null)() = 0 (0x0) gettimeofday({1249567500.835698},0x0)= 0 (0x0) stat(tabs,{mode=drwx-- ,inode=10458278,size=512,blksize=4096}) = 0 (0x0) stat(/etc/crontab,{mode=-rw-r--r-- ,inode=10461256,size=748,blksize=4096}) = 0 (0x0) gettimeofday({1249567500.836244},0x0)= 0 (0x0) fork() = 88217 (0x15899) gettimeofday({1249567500.836862},0x0)= 0 (0x0) nanosleep({60.0})ERR#4 'Interrupted system call' SIGNAL 20 (SIGCHLD) SIGNAL 20 (SIGCHLD) wait4(0x,0xbfbfe99c,0x1,0x0) = 88217 (0x15899) wait4(0x,0xbfbfe99c,0x1,0x0) ERR#10 'No child processes' sigreturn(0xbfbfe9d0)ERR#4 'Interrupted system call' gettimeofday({1249567500.842115},0x0)= 0 (0x0) killall -SIGTERM cron (caused NO truss activity) it sees a HUP: killall -SIGHUP cron truss: SIGNAL 1 (SIGHUP) (null)() ERR#4 'Interrupted system call' gettimeofday({17.00},0x0)= 0 (0x0) (null)() = 0 (0x0) SIGKILL will kill it. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: crontab hanging won't die on SIGTERM in jail
this doesn't stop cron: /etc/rc.d/cron stop (just keeps spitting out the pid) killall -SIGTERM cron (doesn't work) killall -SIGQUIT|SIGKILL seems to work. Workaround is this: echo sigstop=SIGQUIT /etc/rc.conf.d/cron works fine now. isn't needed in base, just in jail. Michael Scheidell wrote: anyone having problems during an in jail shutdown with crontab hanging? I have seen this in 6.4 and 7.1, on i386 and amd64. I don't remember problems with 6.3 using jailtools (jkill -r), OR shutdown -r +0 OR reboot reboot: SIGTSTP init: No such process truss shows: truss -p 87553 (null)() = 0 (0x0) gettimeofday({1249567500.835698},0x0)= 0 (0x0) stat(tabs,{mode=drwx-- ,inode=10458278,size=512,blksize=4096}) = 0 (0x0) stat(/etc/crontab,{mode=-rw-r--r-- ,inode=10461256,size=748,blksize=4096}) = 0 (0x0) gettimeofday({1249567500.836244},0x0)= 0 (0x0) fork() = 88217 (0x15899) gettimeofday({1249567500.836862},0x0)= 0 (0x0) nanosleep({60.0})ERR#4 'Interrupted system call' SIGNAL 20 (SIGCHLD) SIGNAL 20 (SIGCHLD) wait4(0x,0xbfbfe99c,0x1,0x0) = 88217 (0x15899) wait4(0x,0xbfbfe99c,0x1,0x0) ERR#10 'No child processes' sigreturn(0xbfbfe9d0)ERR#4 'Interrupted system call' gettimeofday({1249567500.842115},0x0)= 0 (0x0) killall -SIGTERM cron (caused NO truss activity) it sees a HUP: killall -SIGHUP cron truss: SIGNAL 1 (SIGHUP) (null)() ERR#4 'Interrupted system call' gettimeofday({17.00},0x0)= 0 (0x0) (null)() = 0 (0x0) SIGKILL will kill it. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: crontab hanging won't die on SIGTERM in jail
meant sig_stop=. stranger yet, this works: echo 'sig_stop=SIGTERM' /etc/rc.conf.d/cron truss shows the sigterm now just fine. Michael Scheidell wrote: this doesn't stop cron: /etc/rc.d/cron stop (just keeps spitting out the pid) killall -SIGTERM cron (doesn't work) killall -SIGQUIT|SIGKILL seems to work. Workaround is this: echo sigstop=SIGQUIT /etc/rc.conf.d/cron works fine now. isn't needed in base, just in jail. Michael Scheidell wrote: anyone having problems during an in jail shutdown with crontab hanging? I have seen this in 6.4 and 7.1, on i386 and amd64. I don't remember problems with 6.3 using jailtools (jkill -r), OR shutdown -r +0 OR reboot reboot: SIGTSTP init: No such process truss shows: truss -p 87553 (null)() = 0 (0x0) gettimeofday({1249567500.835698},0x0)= 0 (0x0) stat(tabs,{mode=drwx-- ,inode=10458278,size=512,blksize=4096}) = 0 (0x0) stat(/etc/crontab,{mode=-rw-r--r-- ,inode=10461256,size=748,blksize=4096}) = 0 (0x0) gettimeofday({1249567500.836244},0x0)= 0 (0x0) fork() = 88217 (0x15899) gettimeofday({1249567500.836862},0x0)= 0 (0x0) nanosleep({60.0})ERR#4 'Interrupted system call' SIGNAL 20 (SIGCHLD) SIGNAL 20 (SIGCHLD) wait4(0x,0xbfbfe99c,0x1,0x0) = 88217 (0x15899) wait4(0x,0xbfbfe99c,0x1,0x0) ERR#10 'No child processes' sigreturn(0xbfbfe9d0)ERR#4 'Interrupted system call' gettimeofday({1249567500.842115},0x0)= 0 (0x0) killall -SIGTERM cron (caused NO truss activity) it sees a HUP: killall -SIGHUP cron truss: SIGNAL 1 (SIGHUP) (null)() ERR#4 'Interrupted system call' gettimeofday({17.00},0x0)= 0 (0x0) (null)() = 0 (0x0) SIGKILL will kill it. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: crontab hanging won't die on SIGTERM in jail
then doing this doesn't make any sense (but fixed it) echo 'sig_stop=SIGTERM' /etc/rc.conf.d/cron or, this even fixed it: echo 'sig_stop=SIGTERM' /etc/rc.conf the 'killall -SIGTERM cron' worked UNLESS I HAD PREVIOUSLY TRIED /etc/rc.d/cron stop. now, with sig_stop in a conf file, it works. doesn't make sense, but works. Something, somewhere, somebody is masking or setting sig_stop to '' as a default. I can't find it. rc.subr seems to indicate it will set it to SIGTERM if undef: grep sig_stop /etc/* rc.subr:# kill $sig_stop $rc_pid rc.subr:# ($sig_stop defaults to TERM.) rc.subr:_doit=$(_run_rc_killcmd ${sig_stop:-TERM}) nothing in /etc/defaults/* or /etc/rc.conf overrides it grep sig_stop /etc/defaults/* grep sig_stop /etc/rc.d/cron grep sig_stop /etc/rc.d/* /etc/rc.d/nfsd:sig_stop=USR1 -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: crontab hanging won't die on SIGTERM in jail
Stef Walter wrote: Michael Scheidell wrote: anyone having problems during an in jail shutdown with crontab hanging? I have seen this in 6.4 and 7.1, on i386 and amd64. I don't remember problems with 6.3 I see this same problem in certain jails. A jail that has this problem does it consistently, jails without the problem (on the same machine, same FreeBSD userland/kernel) don't have the problem consistently. In these cases, sending cron the TERM signal just doesn't do anything. You have to wait for at least one minute after jail startup for cron to get into this unTERMable state. YOU ARE RIGHT! it is intermentent. Try this (for me) on those boxes (before you try /etc/rc.d/cron restart: echo 'sig_stop=SIGKILL' /etc/rc.conf.d/cron you arn't running ezjail, are you? could there be anything in ezjail that would do this? yes: boot someone in jail. /etc/rc.d/cron restart or killall -SIGTERM cron works. wait (for what?). ?? controlling terminal to quit? the first cron parse? some time (I went to lunch) and guess what. SIGTERM won't stop it. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
RE: crontab hanging won't die on SIGTERM in jail
Try my workaround . What cod it hurt? I'm not running java but am starting a number or perk based daemons . Some close control tty. -- Michael Scheidell Sent from my Windows Mobile phone -Original Message- From: Stef Walter stef-l...@memberwebs.com Sent: Thursday, August 06, 2009 9:14 PM To: Michael Scheidell scheid...@secnap.net Cc: freebsd-jail@freebsd.org freebsd-jail@freebsd.org Subject: Re: crontab hanging won't die on SIGTERM in jail Michael Scheidell wrote: anyone having problems during an in jail shutdown with crontab hanging? I have seen this in 6.4 and 7.1, on i386 and amd64. I don't remember problems with 6.3 Oh, and I'm seeing it on 6.3-RELEASE-p12 i386 userland jails running on 7.2-RELEASE-p1 amd64 kernel. I'll try to migrate one of the offending jails to a system with the same kernel version as the jail. That's why I didn't post about this earlier: I'm sufficiently off the beaten path, to not expect help debugging such things... :S Cheers, Stef _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: ssl accelerator cards and jail?
Brian A. Seklecki wrote: On Wed, 2009-07-08 at 16:45 -0400, Michael Scheidell wrote: has anyone done any work with hardware ssl accelerator cards and freebsd? I'm pretty sure. Because it is a;; one kernel, the userland-kernel sysctls just fall through to the host. I've been meaning to try the VMWare ESXi 4.0 PCI card passthrough feature. Let me pass my Sun Crypto 1000 (BCM5921/23) through to a Jailhost FreeBSD 7.2, then try it within a jail. Should be quite a head trip. thanks. maybe I'll look into one of those and give it a try on 7.1 (worries me that 7.2 has a shorted lifespan than 7.1...) -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
tracking down problem: kill won't inside a jail
I am tracking down a problem, inside a 7.1 amd64 jail, kill won't work (default -TERM) kill -QUIT does. outside of jail, TERM works fine on same box, and I have verified that same binaries and libraries are in use (i think) newly created 7.1 amd64 jails (used ezjail.. don't know if they has any issues) /etc/rc.d/cron stop won't (that is just the symptoms I have been able to track down). hardly anything will stop with TERM. by default, rc.subr (and kill) uses SIGTERM, so I do a: /etc/rc.d/cron stop and I get (60 seconds of this: /etc/rc.d/cron stop Stopping cron. Waiting for PIDS: 98104, 98104, 98104, 98104 (so, of course, if you reboot the system, and have 15 jails, all with cron, none of the stop, and it times out) going to another tty and typeing: kill 98104 doen't help kill -TERM 98104 doesn't help state is: ps -auxwwp 98104 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 98104 0.0 0.0 6692 1228 ?? SsJ 5:20PM 0:00.01 /usr/sbin/cron -s ps -auxwwp 98104 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 98104 0.0 0.0 6692 1228 ?? IsJ 5:20PM 0:00.01 /usr/sbin/cron -s kill -QUIT 98104 does! (so does INT, again, inside jail, I need SIGQUIT, or INT outside, default TERM works also, /etc/rc.d/cron start sleep 2 /etc/rc.d/cron stop seems to work but sleep 60 seconds or more and it doesn't stop anymore. outside jail, cron ps looks like this: ps -auxwwp 98197 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 98197 0.0 0.0 6692 1116 ?? Is5:21PM 0:00.01 /usr/sbin/cron -s inside: (I guess the J means in jail? root 98104 0.0 0.0 6692 1228 ?? SsJ 5:20PM 0:00.01 /usr/sbin/cron -s ps -auxwwp 98104 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 98104 0.0 0.0 6692 1228 ?? IsJ 5:20PM 0:00.01 /usr/sbin/cron -s where do I start looking? id hate to put hundreds of /etc/rc.conf.d files with sigstop=SIGQUIT in just to workaround it. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: anyone using ssl accellorator cards in jail?
Brian A. Seklecki wrote: On Tue, 2009-03-31 at 07:38 -0700, Michael Scheidell wrote: trying to speed things up. I suspect that syscalls that support acceleration will simply fall right through the jail into the host kernel. I'll be testing that some time next week -- so I'll let you know. I don't think file handle access to /dev/crypto is required for Engine support. Again, I'll let you know ~BAS thanks Brian. wonder if you need one card per virtual ip? -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2009 Hot Company Award Finalist, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: Problem with ezjail: Manually restarted jails don't come up again
I installed the jail utilities (forgot which ones) has a 'jkill' utility. I then added a /etc/rc.conf.d/ezjail with a pre-stop() command that calls a jkill. then all works fine. Frank Steinborn wrote: Hi folks, I have a strange problem on my 7.1-RELEASE with ezjail here. I have 5 jails configured with ezjail, and they run flawlessy - they come up on boot without problems. However, if i stop a jail (via /usr/local/etc/rc.d/ezjail.sh stop jail) and then want to restart it via the rc-script, it stalls here: # /usr/local/etc/rc.d/ezjail.sh start mldonkey.local Configuring jails:. Starting jails: If I check with jls and 'pgrep -lfj jid', i see that there are processes inside the hanging jail running, including /etc/rc. I guess the jails are hanging somewhere in the boot-process, and i guess it's /etc/rc. I even doubt that this is an ezjail-only problem, but this is just a guess. Any hints? Thanks, Frank ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * King of Spam Filters, SC Magazine 2008 * Information Security Award 2008, Info Security Products Guide * CRN Magazine Top 40 Emerging Security Vendors * Finalist 2009 Network Products Guide Hot Companies _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: tun/gif interfaces inside jail.
Jille Timmmermans wrote: No. You must run OpenVPN outside of your jail Peter Ankerstål wrote: I have readRUMORS that you can have the jailed systems route through and access the jail which is outside the jail, but so far, have not sean any real 'cookbook' on how to do it. I tried it a couple of times and gave up. I wanted to get it to work, but with all the partial hints about routing, natd, pf rules with no real solution, I gave up and bought a $500 sonicwall firewall. -- Michael Scheidell, CTO Main: 561-999-5000, Office: 561-939-7259 *| *SECNAP Network Security Corporation Winner 2008 Technosium hot company award. www.technosium.com/hotcompanies/ http://www.technosium.com/hotcompanies/ _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _ ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to [EMAIL PROTECTED]