AppJail icon indicating copy to clipboard operation
AppJail copied to clipboard
verified publisher icon DtxdF

Creating a jail with linux compatibility (but not a full linux jail) does not seem to work correctly.

Open cstdenis opened this issue 1 year ago • 5 comments 

[00:00:00] [ debug ] [manager] quick parameters: alias ip4=igb0|xx.xx.xx.xx pkg=pico-alpine resolv_conf type=thick start linuxfs overwrite
[00:00:01] [ info  ] [manager] Creating a standard jail (thick) ...
[00:00:01] [ info  ] [manager] Creating a thickjail ...
[00:00:01] [ debug ] [manager] Copying (zfs): releases/amd64/14.1-RELEASE/default/release to jails/manager/jail
[00:00:01] [ info  ] [manager] Done.
[00:00:01] [ debug ] [manager] Copying /etc/localtime as /usr/local/appjail/jails/manager/jail/etc/localtime
[00:00:01] [ debug ] [manager] Copying /etc/resolv.conf as /usr/local/appjail/jails/manager/jail/etc/resolv.conf
[00:00:01] [ debug ] [manager] Using alias option ...
[00:00:01] [ debug ] [manager] Adding IPv4 address to manager template: igb0|xx.xx.xx.xx
[00:00:01] [ debug ] [manager] manager has been configured to use `alias`.
[00:00:01] [ debug ] [manager] Using linuxfs option ...
[00:00:01] [ debug ] [manager] Current ruleset is 5
[00:00:02] [ debug ] [manager] Setting the boot flag to the manager jail ...
[00:00:02] [ debug ] [manager] Template generated:
[00:00:02] [ debug ] [manager]     exec.start: "/bin/sh /etc/rc"
[00:00:02] [ debug ] [manager]     exec.stop: "/bin/sh /etc/rc.shutdown jail"
[00:00:02] [ debug ] [manager]     mount.devfs
[00:00:02] [ debug ] [manager]     ip4.addr: igb0|xx.xx.xx.xx
[00:00:02] [ debug ] [manager] Locking manager ...
[00:00:02] [ info  ] [manager] Starting manager...
[00:00:02] [ debug ] [manager] Using `/usr/local/appjail/jails/manager/conf/template.conf` as the template.
[00:00:02] [ debug ] [manager] Writing `/usr/local/appjail/jails/manager/conf/template.conf` content to `/usr/local/appjail/cache/tmp/.appjail/appjail.DJBiIPpdKx` ...
[00:00:02] [ debug ] [manager] Checking for parameters marked as required...
[00:00:02] [ debug ] [manager] Running: date +%Y-%m-%d.log
[00:00:02] [ debug ] [manager] exec.consolelog: /var/log/appjail/jails/manager/console/2024-08-12.log
[00:00:02] [ debug ] [manager] Compiling fstab file ...
[00:00:02] [ debug ] [manager] Compiling fstab #0: devfs /dev devfs rw,ruleset=5 0 0
[00:00:02] [ debug ] [manager] Compiling fstab #1: tmpfs /dev/shm tmpfs rw,size=1g,mode=1777 0 0
[00:00:02] [ debug ] [manager] Compiling fstab #2: fdescfs /dev/fd fdescfs rw,linrdlnk 0 0
[00:00:02] [ debug ] [manager] Compiling fstab #3: linprocfs /proc linprocfs rw 0 0
[00:00:02] [ debug ] [manager] Compiling fstab #4: linsysfs /sys linsysfs rw 0 0
mkdir: /usr/local/appjail/jails/manager/jail//sys: No such file or directory
[00:00:02] [ debug ] [manager] mount.fstab: /usr/local/appjail/jails/manager/conf/fstab
[00:00:02] [ debug ] [manager] host.hostname: manager.appjail
[00:00:02] [ debug ] [manager] Path: /usr/local/appjail/jails/manager/jail
[00:00:02] [ debug ] [manager] Resolving dependencies for manager...
[00:00:02] [ debug ] [manager] manager appended to the `seen` list.
[00:00:02] [ debug ] [manager] manager appended to the `resolved` list.
[00:00:02] [ debug ] [manager] Compiling template to `/usr/local/appjail/jails/manager/conf/jail.conf` ...
[00:00:02] [ debug ] [manager] jail.conf generated:
[00:00:02] [ debug ] [manager]     manager {
[00:00:02] [ debug ] [manager]         exec.start = "/bin/sh /etc/rc";
[00:00:02] [ debug ] [manager]         exec.stop = "/bin/sh /etc/rc.shutdown jail";
[00:00:02] [ debug ] [manager]         mount.devfs;
[00:00:02] [ debug ] [manager]         ip4.addr = "igb0|xx.xx.xx.xx";
[00:00:02] [ debug ] [manager]         exec.consolelog = "/var/log/appjail/jails/manager/console/2024-08-12.log";
[00:00:02] [ debug ] [manager]         mount.fstab = "/usr/local/appjail/jails/manager/conf/fstab";
[00:00:02] [ debug ] [manager]         host.hostname = "manager.appjail";
[00:00:02] [ debug ] [manager]         path = "/usr/local/appjail/jails/manager/jail";
[00:00:02] [ debug ] [manager]     }
[00:00:02] [ debug ] [manager] Inspecting config.conf:
[00:00:02] [ debug ] [manager]     appjail_version: 3.3.0
[00:00:02] [ debug ] [manager]     birth: 1723507007
[00:00:02] [ debug ] [manager]     osarch: amd64
[00:00:02] [ debug ] [manager]     osversion: 14.1-RELEASE
[00:00:02] [ debug ] [manager]     jail_type: thick
[00:00:02] [ debug ] [manager]     release_name: default
[00:00:02] [ debug ] [manager] Creating...
jail: manager: mount.fstab: /usr/local/appjail/jails/manager/jail//dev/shm: No such file or directory
[00:00:02] [ warn  ] [manager] An error has occurred while starting manager jail.
[00:00:02] [ warn  ] [manager] The manager jail will be stopped...
[00:00:02] [ warn  ] [manager] Running some counterparts in unattended mode...
[00:00:02] [ warn  ] [manager] manager is not running.
[00:00:02] [ error ] [manager] An error has occurred while starting manager jail.
[00:00:02] [ debug ] [manager] Unlocking manager ...

cstdenis avatar Aug 13 '24 00:08 cstdenis

This option is intended for LinuxJails, as stated in the documentation. You are using a FreeBSD release, so you will have differences:

Any FreeBSD host:

$ readlink /sys
usr/src/sys
$ ls /dev/shm
ls: /dev/shm: No such file or directory

DtxdF avatar Aug 13 '24 01:08 DtxdF

Would be nice if linuxfs could be made to work with FreeBSD releases for use with emulators/linux_base-c7, etc.

I could manually load linprocfs myself if necessary, but having linuxfs option to handle it would be a nice shortcut.

cstdenis avatar Aug 15 '24 19:08 cstdenis

That package should be installed on a FreeBSD host, depending on the path marked by the compat.linux.emul_path sysctl (usually /compat/linux). The linuxfs option is not even intended for such a thing because it will mess with files that will not be used by that package. The /etc/rc.d/linux rc script will allow you to mount the devices needed for proper use of linuxlator in a FreeBSD environment. But if you plan to use linux_base-c7 in a FreeBSD jail, look at the allow.mount, allow.mount.* and enforce_statfs options in jail(8). I really don't recommend you to use linux_base-c7 in a FreeBSD jail unless you don't mind making the job a bit more complicated.

The linuxfs option is intended for LinuxJails like Ubuntu or Debian or any other distribution intended to be installed as root environment and that needs such devices in a jail.

I could manually load linprocfs myself if necessary, but having linuxfs option to handle it would be a nice shortcut.

Remember that AppJail has a very useful feature called Makejails. It is not limited to automating tasks for jails, but also for the host. A kernel module cannot be loaded inside a jail, but it can be loaded for the host. Although I recommend you load kernel modules using loader.conf(5).

DtxdF avatar Aug 15 '24 19:08 DtxdF

I was under the impression linuxfs just mounted the special file systems like linprocfs (similar to the devfs option), if it does more than that it's not suitable for what I was trying. Thanks for the reply and the additional hints.

cstdenis avatar Aug 15 '24 20:08 cstdenis

Yes, it is similar to devfs:

appjail-quick(1):

linuxfs

         Mount filesystems required by many Linux distributions to work
         correctly. You probably want to set the devfs_ruleset option (unless
         you specify the devices by option with device) to another value
         because LinuxJail will not work with the default value specified by
         the DEFAULT_DEVFS_RULESET parameter. The following mount points are
         used: /dev, /dev/shm, /dev/fd, /proc and /sys.

         Type: Boolean
         Multiple: No
         Conflicts (any):
         -   mount_devfs

DtxdF avatar Aug 15 '24 21:08 DtxdF