Try this - it's good for a laugh:
ls -asl dev/*mem
0 crw-r- 1 root kmem2, 1 Aug 27 15:16 kmem
0 crw-r- 1 root kmem2, 0 Aug 27 15:16 mem
Now run this command, changing some permissions:
chmod -w dev/mem ; chmod -w dev/kmem
Now, dump that filesystem that
the side effects of:
a) not working as expected
b) causing the jail not to be startable.
thanks,
PT
On Sun, 1 Sep 2002, Robert Watson wrote:
On Fri, 30 Aug 2002, Patrick Thomas wrote:
I realize the difficulties in trying to use quotas on the _host_
system to limit the size of jails
Hello,
I realize the difficulties in trying to use quotas on the _host_ system to
limit the size of jails on the host system - userid mapping, etc. This is
not what I am asking.
I wonder, is it possible for the root user of a jail to set quotas
_inside_ her jail for users _inside_ her jail ?
Ok, this seems to have died down a bit, and my own urgency has passed
since it is no longer manifesting itself on my test machinehowever,
two things come to mind:
1. is it possible that arbitrary top output is now suspect on machines
that have manifested this behavior ? I am not showing
be mistaken) does not have APM in the bios at all - I have also
removed it from the kernel. dmesg tends to confirm the absence of APM.
--bpat
On Mon, 26 Aug 2002, David Malone wrote:
On Sun, Aug 25, 2002 at 04:49:23PM -0700, Patrick Thomas wrote:
Also, just to add a bit more info, sometimes instead
number is steadily rising ...
and now, about 30 mins later I am at:
rtc irq8 938264 4
--pt
On Mon, 26 Aug 2002, Lars Eggert wrote:
Patrick Thomas wrote:
Now, when I repeat vmstat -i, all of these numbers (or rather, all of the
large numbers) increase _except_
I will note that my system is a dual processor system, no APM hardware in
it, and I have an identical machine running a kernel built from an
identical kernel configuration file running an identical FreeBSD system
that has _never_ had the problem.
On Mon, 26 Aug 2002, Bruce M Simpson wrote:
4.6-RELEASE.
--pt
On Sat, 24 Aug 2002, Brian T. Schellenberger wrote:
On Saturday 24 August 2002 12:00 pm, Patrick Thomas wrote:
| And more important;y, does anyone know _why_ it is happening and what
| it means for a system affected ?
It usually means that the kernel and the world are out
It's usually gone after a reboot. Haven't debugged it further since I
saw now other problems.
Yes, but other times it is not manifesting, and it _starts_ after a
reboot.
Also, concerning solving the problem with a reboot, although my system is
merely a test machine, I am fairly certain that
Well, the actual *release* versions *are* supposed to be reliable for
mission-critical applications. The purpose of the RC and STABLE
versions being to find problems so that they don't make it to the
release versions.
A lofty goal, indeed. However it has been pointed out that this
Thank you for the very clear explanation. Does there exist a utility to
immediately take a partition that has been growfs'd and fix it so that
it does not experience this performance penalty ?
That is, I am willing to sit and wait 10 minutes while some utility
rearranges and reorganizes the
I have a 500meg file that I dd'd and have mounted as a vn-device
filesystem. I would like to increase this to 1gig, however it is very
time consuming to do a dump of the FS to a file, dd a new larger one, then
do a restore (I have many special files in the FS, thus the need for
dump).
Is there
What is the negative effect of this fragmentation, and does it mean I
won't be able to use all of the space that I added ?
On Thu, 15 Aug 2002, Terry Lambert wrote:
Daniel O'Connor wrote:
On Thu, 2002-08-15 at 17:04, Patrick Thomas wrote:
Any suggestions on how to expand that file
There is (was?) a problem with jail that, among other things, made it
impossible for an ircd server to perform reverse lookups for clients.
In the news archives, there were complaints about this, and after a not so
good patch, eventually a good patch was posted by:
From: Lamont Granquist
I am under the impression that at this time there is no workaround for the
resolver problem - you are forced to reinstall or upgrade.
I am curious though, is it at least conceptually possible that there could
be a workaround ? If so, what would it entail ?
thanks - pt
To Unsubscribe: send
Assuming that bind9 has been fixed, you could use bind9 for your local
resolver and it will filter anything nasty out as a side effect of the
fact that it always constructs replies, rather than caching a reply and
forwarding the reply as-is to the resolver client (as bind8 does).
Thank you
I saw this show up all over my ssh session into a server today:
NOTICE: --Relation pg_toast_16386--
NOTICE: Pages 0: Changed 0, reaped 0, Empty 0, New 0; Tup 0: Vac 0,
Keep/VTL 0/0, UnUsed 0, MinLen 0, MaxLen 0; Re-using: Free/Avail. Space
0/0; EndEmpty/Avail. Pages 0/0.
CPU
I would like to perform a restore out of a shell script. Normally, I run
restore with a command line like:
restore -x -f /some/dump
Which works _exactly_ as I want it to, except that I am asked two
questions:
Specify next volume #:
and then at the end of the restore:
set
Incidently, looking at the PV entry angle for a moment. Suppose you
create a 1GB sysvshm (pageable) segment. That's 262144 pages. Mapping this
once means you consume 262144 PV entries. At 28 bytes each, that is
about 7.3MB of KVM. Now, fork this process 300 times. The numbers become
that I need to
increase KVA? Or does it show you that one of the one or two other low
probablity problems is occurring?
thanks,
PT
On Sun, 23 Jun 2002, Terry Lambert wrote:
Patrick Thomas wrote:
I think I'll just decrease my swap size from 2 gigs to 1 gig - is that a
reasonable alternative
A few items that deserve mention, and two questions:
a) this problem occurred back when the machine had 2gigs in it - I
actually (naively) added the third gig of physical ram to try to fix the
problem.
b) another machine of mine is now exhibiting the same bahavior - it has
far fewer processes
As a splinter to the ongoing KVA/crash/memory discussion, I am wondering:
- given a machine that will run 250+ httpds and another ~800 misc.
processes, what system tunings would any of you suggest other than the
ones I have done:
In my kernel: maxusers=256 (was 512, change to 256
It's obvious that you are running a large number of httpd's; the
Yes, we are running a lot of httpd's:
ps auxw | grep httpd | wc -l = 288
The way to cross-check this would be to run a continuous netstat -m,
e.g.:
Funny you should ask :) I was already doing that. Here is the
.
--PT
On Sun, 23 Jun 2002, Terry Lambert wrote:
Patrick Thomas wrote:
I think I'll just decrease my swap size from 2 gigs to 1 gig - is that a
reasonable alternative that provides the same benefit and possible
solution to this problem ?
...since bsically 0 swap has ever been used
Yeah; this whole thread is premised on working around the
problem without an Apache software change. It's a reasonable
premise (IMO) -- if you've got a custom compilation and a lot
of modules, that can end up being a lot of software. I build
a PHP4+SSL+Apache+IMAP+etc. source tree at one
jump in and try it, I want to confirm what I believe to understand, I need
to set the KVA value in my kernel config _and_ edit those other two files
in the kernel source, then just recompile my kernel.
Sound like I'm on the right track ?
Yes. That's the way to do it for 4.5,
), and a certain set of jails
always hangs the system in this way. I'm trying to narrow it down. Do you
get a core dump or does it just hang?
Nate
- Original Message -
From: Patrick Thomas [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 21, 2002 16:43
Subject: (jail
Terry,
Thanks for that informative email - just a quick reality check though (for
myself) - the last time this type of crash happened, I was running and
watching `top` on the machine - and when it froze, the `top` output froze
as well, and this was the last display on the screen:
last pid:
to do, right ? Is that all - can it be done just
by changing that one value in my kernel config ?
Again, thank you Terry for all your help.
--PT
On Sat, 22 Jun 2002, Terry Lambert wrote:
Patrick Thomas wrote:
Since all of the things you spoke of basically revolved around you're
running
I think I'll just decrease my swap size from 2 gigs to 1 gig - is that a
reasonable alternative that provides the same benefit and possible
solution to this problem ?
...since bsically 0 swap has ever been used on the machine anyway...
--PT
On Sat, 22 Jun 2002, Terry Lambert wrote:
Patrick
What none of you has mentioned is the thought I had in mind when I asked
this question, and that is, I have a rd machine with 16 jails on it, each
running apache.
Therefore in a situation like this it would be _much_ easier to just tune
a sysctl or rebuild the kernel, vs. rebuilding 16
Is it possible to patch/recompile FreeBSD 4.5 in such a way that your
system is no longer vulnerable to the chunking attack, even if you are
still running a vulnerable apache ?
I ask because I see in one of the chunking exploits that:
* Remote OpenBSD/Apache exploit for the chunking
currently I reboot jails with this process:
1. someone logs into the jail and runs `kill -KILL -1`
2. someone logs onto the BASE machine and starts it up again.
I wish I could do this without involving the admin of the base machine.
Has anyone come up with a strategy for
why -TERM ? the jail man page recommends -KILL ... just curious...
On Thu, 16 May 2002, Marc G. Fournier wrote:
web interface that is password protected that does:
ssh root@jail kill -TERM -1
restart jail
On Thu, 16 May 2002, Patrick Thomas wrote:
currently I reboot
Two questions regarding the syncookies issue -
1. What kind of crash is it ? I have an issue where my machine has no
response at the console, and none of the services work (pop, imap, etc.)
HOWEVER you can still ping it, and you can still initiate connections to
services - they just dont talk
No denied requests. It's not mbufs. It must be something else.
How do you feel about this:
# vmstat -z
ITEMSIZE LIMITUSEDFREE REQUESTS
PIPE:160,0,702,522, 236316
SWAPMETA:160, 509724,452,136, 1125
unpcb:
We have a FreeBSD 4.5-RELEASE server, it is a SMP system, and four days
ago the following happened:
- console became unresponsive - caps lock key no longer toggled the caps
lock button
- you _could_ still ping the server
- you could still establish connections to running services, but NONE of
So, based on a previous thread, it looks like I have a server whose
userland halted, essentially, but the kernel continued running.
As evidenced by:
- you can still ping the server just fine
- you can still connect to running services just fine - if you ssh to it,
`ssh -v` (verbose) claims a
Are NMBCLUSTERS and mbuf determined by 'maxusers' ?
I have maxusers=512 ... comments ?
When you suggest 'clamp the total number of sockets that are permittedto
be open' ... how is this done - is there a sysctl that corresponds to
total number of sockets that are permitted to be open ?
I am
I have a large server that will be running ~24 jails, 8 of which will be
running their own postgres server.
Because of this fact:
By default, Postgres allocates 34 semaphores, which is over half the
default system total of 60.
I need to tune kernel SHM settings in order to even run the second
Let's say I am running in a jail, and say 5 other people are running in
other, seperate jails on the same machine.
Now lets say I start up pgp, and generate my keys, and generally use pgp
through the command line in my jail. Or, instead of pgp I do other crypto
related sensitive activities...
Ok, see the point is, I have _already done this_
sh MAKEDEV pty0 # 0-31
sh MAKEDEV pty1 # 32-63
sh MAKEDEV pty2 # 64-95
sh MAKEDEV pty3 # 96-127
sh MAKEDEV pty4 # 128-159 xterm won't recognize by default
sh MAKEDEV pty5 # 160-191 xterm won't recognize by default
sh MAKEDEV
Patrick Thomas [EMAIL PROTECTED] writes:
1. Does each jail need to have its own proc filesystem mounted?
No, procfs is pretty much useless these days (except for truss).
In 4.5, won't `ps` (and perhaps other apps) not work for people in a jail
if their jail does not have a proc file system
In my kernel, I have:
maxusers128
pseudo-device pty 128
In my /dev directory, I have used `sh MAKEDEV` to make all 256 /dev/pty
files. They are all there, and all have correct major/minor numbers. I
know I won't be using all 256 of them, but I just made them
was I just silly for doing
it that way ?
thanks!
On Wed, 27 Feb 2002, Nik Clayton wrote:
On Wed, Feb 27, 2002 at 03:03:11PM -0600, Kirk Strauser wrote:
At 2002-02-27T20:49:18Z, Patrick Thomas [EMAIL PROTECTED] writes:
I would like to put a large number of jails (16 or 20) on a server
one other thing:
How many mount points (jails, in this case) can I run ? I see that there
are 8 existing vn0X device files in /dev - can I just create more of them
using MAKEDEV (or mknod) and keep going ?
What is the maximum ? 256 ?
also, do I need to alter the kernel to support more vn0X
I would like to put a large number of jails (16 or 20) on a server for
testing purposes.
I have two options so far: create 16 or 20 partitions OR just put them all
in one partition, but the downside of that is that then I cannot enforce
disk usage between jails. So at this point, 16-20
47 matches
Mail list logo
