Re: Jailing net/skype
For the archive: I finally got skype working in a jailed environment. The hardest part was to define the ports needed using trial and error. Here are the leaf ports installed in my jail: === skype-2.0.0.72,1 === xauth-1.0.2 === xorg-fonts-100dpi-7.3 === xorg-fonts-75dpi-7.3 === xorg-fonts-cyrillic-7.3 === xorg-fonts-miscbitmaps-7.3 === xorg-fonts-truetype-7.3 === xorg-fonts-type1-7.3 === 8 leaf ports xauth is needed to enable X-forwarding in ssh. The fonts are needed to avoid the core dumps mentioned earlier in this thread. I hope somenone finds this useful. Regards Tobias -- Tobias Rehbein PGP key: 4F2AE314 server: keys.gnupg.net fingerprint: ECDA F300 1B6E 9B87 8524 8663 E8B6 3138 4F2A E314 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Jailing net/skype
Am Sun, Sep 14, 2008 at 11:26:45PM +0400 schrieb Boris Samorodov: Tobias Rehbein [EMAIL PROTECTED] writes: #kdump -f ktrace.out | head 84180 skypeCALL access(0x292b2b61,R_OK) 84180 skypeNAMI /compat/linux/etc/ld.so.preload 84180 skypeNAMI /etc/ld.so.preload 84180 skypeRET access JUSTRETURN 84180 skypeCALL open(0x292b2d49,O_RDONLY,unused0) 84180 skypeNAMI /compat/linux/etc/ld.so.cache 84180 skypeNAMI /compat/linux 84180 skypeNAMI /compat/linux/etc/ld.so.cache 84180 skypeRET open 3 84180 skypeCALL freebsd6_mmap(0x3,0xbfbfe324,invalid690704336,MAP_SHARED|MAP_PRIVATE|MAP_RENAME|MAP_NORESERVE|MAP_HASSEMAPHORE|MAP_STACK|MAP_NOSYNC,0x2e6f732e,0x68636163,0x646165,0,0,0,0,0,0,0,0,0,... (lots of '0,'s) The funny thing is kdump itself coredumps when dumping the whole thing out (I guess that has something todo with this endless '...0,0,0,0,0...' sequence). You should use devel/linux_kdump here instead of the native one. Thank you for the hint. I wasn't aware of this tool. Now the output looks better: #linux_kdump -f ktrace.out | tail 84180 skypeRET gettimeofday 0 84180 skypeCALL gettimeofday(0xbfbfd810,0) 84180 skypeRET gettimeofday 0 84180 skypePSIG SIGSEGV caught handler=0x82db000 mask=0x0 code=0x0 84180 skypeCALL linux_rt_sigprocmask(0x1,0xbfbfd3d8,0,0x8) 84180 skypeRET linux_rt_sigprocmask 0 84180 skypeCALL linux_tgkill(0x148d4,0x148d4,0x6) 84180 skypeRET linux_tgkill 0 84180 skypePSIG SIGIOT SIG_DFL 84180 skypeNAMI skype.core Nonetheless I have no clue why it coredumps. Could someone help me interpret this trace? If needed I can provide the full trace or the core dump. The problem can't be gettimeofday() I guess? Thanks in advance Tobias -- Tobias Rehbein PGP key: 4F2AE314 server: keys.gnupg.net fingerprint: ECDA F300 1B6E 9B87 8524 8663 E8B6 3138 4F2A E314 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Jailing net/skype
Tobias Rehbein [EMAIL PROTECTED] writes: #kdump -f ktrace.out | head 84180 skypeCALL access(0x292b2b61,R_OK) 84180 skypeNAMI /compat/linux/etc/ld.so.preload 84180 skypeNAMI /etc/ld.so.preload 84180 skypeRET access JUSTRETURN 84180 skypeCALL open(0x292b2d49,O_RDONLY,unused0) 84180 skypeNAMI /compat/linux/etc/ld.so.cache 84180 skypeNAMI /compat/linux 84180 skypeNAMI /compat/linux/etc/ld.so.cache 84180 skypeRET open 3 84180 skypeCALL freebsd6_mmap(0x3,0xbfbfe324,invalid690704336,MAP_SHARED|MAP_PRIVATE|MAP_RENAME|MAP_NORESERVE|MAP_HASSEMAPHORE|MAP_STACK|MAP_NOSYNC,0x2e6f732e,0x68636163,0x646165,0,0,0,0,0,0,0,0,0,... (lots of '0,'s) The funny thing is kdump itself coredumps when dumping the whole thing out (I guess that has something todo with this endless '...0,0,0,0,0...' sequence). You should use devel/linux_kdump here instead of the native one. WBR -- Boris Samorodov (bsam) Research Engineer, http://www.ipt.ru Telephone Internet SP FreeBSD committer, http://www.FreeBSD.org The Power To Serve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Jailing net/skype
Am Thu, Sep 11, 2008 at 07:47:21PM +0200 schrieb Tobias Rehbein: I have net/skype installed on my workstation and it just works fine. Now I wonder if it's possible to run skype in a jail. Before I start investing time in this I would like to know if someone has done it before or if it would be just a waste of time. Hello all. As nobody seems to have experience with this I decided to set up a simple jail to test this. Unfortunately skype keeps dumping core when I'm trying to start it. Perhaps someone has a hint for me how to deal with this. I tried to set up a jail as unrestrictve as possible. My goal was to get whole thing running and lock down the jail later. #uname -a FreeBSD sushi.pseudo.local 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #17: Thu Sep 11 19:04:40 CEST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/SUSHI i386 #sysctl security.jail. security.jail.jailed: 1 security.jail.mount_allowed: 0 security.jail.chflags_allowed: 0 security.jail.allow_raw_sockets: 1 security.jail.enforce_statfs: 2 security.jail.sysvipc_allowed: 1 security.jail.socket_unixiproute_only: 0 security.jail.set_hostname_allowed: 1 #sysctl compat.linux compat.linux.oss_version: 198144 compat.linux.osrelease: 2.6.16 compat.linux.osname: Linux #pkg_info | grep linux_base linux_base-fc6-6_5 Base set of packages needed in Linux mode (for i386/amd64) #grep LINUX /etc/make.conf OVERRIDE_LINUX_BASE_PORT=fc6 devfs is mounted and I use the same ruleset as in the host system. #kdump -f ktrace.out | head 84180 skypeCALL access(0x292b2b61,R_OK) 84180 skypeNAMI /compat/linux/etc/ld.so.preload 84180 skypeNAMI /etc/ld.so.preload 84180 skypeRET access JUSTRETURN 84180 skypeCALL open(0x292b2d49,O_RDONLY,unused0) 84180 skypeNAMI /compat/linux/etc/ld.so.cache 84180 skypeNAMI /compat/linux 84180 skypeNAMI /compat/linux/etc/ld.so.cache 84180 skypeRET open 3 84180 skypeCALL freebsd6_mmap(0x3,0xbfbfe324,invalid690704336,MAP_SHARED|MAP_PRIVATE|MAP_RENAME|MAP_NORESERVE|MAP_HASSEMAPHORE|MAP_STACK|MAP_NOSYNC,0x2e6f732e,0x68636163,0x646165,0,0,0,0,0,0,0,0,0,... (lots of '0,'s) The funny thing is kdump itself coredumps when dumping the whole thing out (I guess that has something todo with this endless '...0,0,0,0,0...' sequence). Last but not least my kernel config: cpu I686_CPU ident SUSHI options SCHED_ULE # ULE scheduler options PREEMPTION # Enable kernel thread preemption options INET# InterNETworking options INET6 # IPv6 communications protocols options SCTP# Stream Control Transmission Protocol options FFS # Berkeley Fast Filesystem options SOFTUPDATES # Enable FFS soft updates support options UFS_DIRHASH # Improve performance on big directories options MSDOSFS # MSDOS Filesystem options CD9660 # ISO 9660 Filesystem options PSEUDOFS# Pseudo-filesystem framework options GEOM_LABEL # Provides labelization options COMPAT_43TTY# BSD 4.3 TTY compat [KEEP THIS!] options SCSI_DELAY=5000 # Delay (in ms) before probing SCSI options KTRACE # ktrace(1) support options STACK # stack(9) support options SYSVSHM # SYSV-style shared memory options SYSVMSG # SYSV-style message queues options SYSVSEM # SYSV-style semaphores options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions options KBD_INSTALL_CDEV# install a CDEV entry in /dev options ADAPTIVE_GIANT # Giant mutex is adaptive. options STOP_NMI# Stop CPUS using NMI instead of IPI options SMP # Symmetric MultiProcessor Kernel device apic# I/O APIC device cpufreq device eisa device pci device ata device atadisk # ATA disk drives device atapicd # ATAPI CDROM drives options ATA_STATIC_ID # Static device numbering options AHC_REG_PRETTY_PRINT# Print register bitfields in debug
Jailing net/skype
Hi all. I have net/skype installed on my workstation and it just works fine. Now I wonder if it's possible to run skype in a jail. Before I start investing time in this I would like to know if someone has done it before or if it would be just a waste of time. If someone has a working example I would appreciate some hints how to do this. Regards Tobias -- Tobias Rehbein PGP key: 4F2AE314 server: keys.gnupg.net fingerprint: ECDA F300 1B6E 9B87 8524 8663 E8B6 3138 4F2A E314 pgpsgfJ1Rgnmb.pgp Description: PGP signature
