2013/5/14 Joe <[email protected]>: > David Demelier wrote: >> >> 2013/5/14 Joe <[email protected]>: >>> >>> David Demelier wrote: >>>> >>>> Le lundi 13 mai 2013 16:32:01 Joe a écrit : >>>>> >>>>> David Demelier wrote: >>>>>> >>>>>> Hello dear, >>>>>> >>>>>> Does jail.conf(5) does not work for jails listed in the rc.conf ? >>>>>> >>>>>> I've added in /etc/jail.conf: >>>>>> >>>>>> foo { >>>>>> >>>>>> hostname=Foo; >>>>>> path=/jails/foo; >>>>>> allow.sysvipc=1; >>>>>> >>>>>> } >>>>>> >>>>>> And in /etc/rc.conf only foo in the jail_list parameter, but when I >>>>>> try >>>>>> to >>>>>> start the jail it still complain about missing hostname. >>>>>> >>>>>> Regards, >>>>> >>>>> There are 2 methods for configuring jails. >>>>> >>>>> The legacy method which you put the jail config statements in the hosts >>>>> /etc/rc.conf file and start and stop control is done by the hosts >>>>> /etc/rc.d/jail script at boot time. >>>>> >>>>> The jail(8) method which has it's own jail config statements in the >>>>> hosts /etc/jail.conf file and uses the jail(8) program for starting and >>>>> stopping. You can create a jail.conf file for each jail(8) and start it >>>>> using jail -c -f "/etc/jailname.jail.conf" and stop by issuing >>>>> jail -f "/etc/jailname.jail.conf" -r jailname >>>>> >>>>> You can not mix the 2 methods. >>>> >>>> >>>> My real problem is that I wanted to add allow.sysvipc only for *one* >>>> jail >>>> and I can't find a real solution by jail_* flags in /etc/rc.conf >>>> >>>> There is jail_allow_sysvipc but it enable it for all jails. >>>> >>>> >>> >>> The jail(8) method does have a allow_sysvipc on a per jail basis. To use >>> it >>> you have to use the jail(8) method. The 9.1-RELEASE legacy method is a >>> work >>> in process to incorporate the jail(8) parameters into the rc.conf config >>> statements. >>> >>> About the allow_sysvipc parameter, this breaks the security the jail is >>> designed to provide and should NOT be used on any jails having public >>> internet access. >>> >>> What are you trying to do that you think you need to use the >>> allow_sysvipc >>> parameter? >>> >> >> PostgreSQL, usually I install it on the host instead of jails, but I >> needed a second instance on a different port for a public access.. >> >> Regards, >> >> -- >> Demelier David >> >> > That all sounds logical and is what jails are designed to do. > Why would running PostgreSQL in a jail need sysvipc? > Have you tried it? Did you get some PostgreSQL error? >
Yes, unfortunately this is a very very old issue that has been reported so much often.. -- Demelier David _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
