search for: sysvipc_allowed

HI everyone, I have resently installed a jail environment on my freebsd box, and had some problems getting postgresql running under it. After looking a bit on various mailinglists i figured out that I needed to set jail.sysvipc_allowed to be 1 using sysctl in order to make postgresql run. However man jail gives me: jail.sysvipc_allowed This MIB entry determines whether or not processes within a jail have access to System V IPC primitives. In the current jail imple- mentation, System V primiti...

I've instaled FreeBSD 9 for hosts some jails and setting jail_sysvipc_allow="YES" in host rc.conf, why is security.jail.sysvipc_allowed false in jail? -- BSDCG: BSDA - Digium: dCAP Electrical/Eletronic Engineer http://www.nlink.com.br +55 81 2121-6666 Cel:81 9727-6666

...ok at this <mother-mail>[~]# cat /etc/sysctl.conf security.jail.allow_raw_sockets=1 security.jail.set_hostname_allowed=0 <mother-mail>[~]# sysctl -a | grep jail security.jail.set_hostname_allowed: 1 <<<<< here security.jail.socket_unixiproute_only: 1 security.jail.sysvipc_allowed: 0 security.jail.enforce_statfs: 2 security.jail.allow_raw_sockets: 1 security.jail.chflags_allowed: 0 security.jail.jailed: 0 The variable points to 1. You can't change the hostname in jail (that's what I want). But booting OS hangs a little if you put 'security.jail.set_hostname_al...

...fffff" route_0="10.0.2.6 -iface lo0" inetd_flags="-wW -a 10.0.2.1" portmap_enable="NO" --- - my sysctls for the jail are set as follows and are loaded by /etc/sysctl.conf > sysctl -a | grep jail jail.set_hostname_allowed: 0 jail.socket_unixiproute_only: 0 jail.sysvipc_allowed: 1 - my kernel is compiled with these options > grep SYSV ruby2 options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores - df looks like this : > df Fi...

Hello, I'm wondering about closing some information leaks in FreeBSD jails from the "outside world". Not that critical (depends on the application), but a simple user, with restricted devfs in the jail (devfsrules_jail for example from /etc/defaults/devfs.rules) can figure out the following: - network interfaces related data, via ifconfig, which contains everything, but the

...ta_max: -1 p1003_1b.delaytimer_max: 0 p1003_1b.mq_open_max: 0 p1003_1b.pagesize: 4096 p1003_1b.rtsig_max: 0 p1003_1b.sem_nsems_max: 0 p1003_1b.sem_value_max: 0 p1003_1b.sigqueue_max: 0 p1003_1b.timer_max: 0 security.jail.set_hostname_allowed: 1 security.jail.socket_unixiproute_only: 1 security.jail.sysvipc_allowed: 0 security.jail.enforce_statfs: 2 security.jail.allow_raw_sockets: 0 security.jail.chflags_allowed: 0 security.jail.jailed: 0 security.bsd.suser_enabled: 1 security.bsd.see_other_uids: 1 security.bsd.see_other_gids: 1 security.bsd.conservative_signals: 1 security.bsd.unprivileged_proc_debug: 1 sec...