I'm not creative enough for this, and you can't help me.

named inside a FreeBSD jail

September 29, 2008 in FreeBSD

If you’ve ever tried to run named inside a FreeBSD jail you’ve seen this error:

/etc/rc.d/named: WARNING: devfs_domount(): Unable to mount devfs on /var/named/dev
devfs rule: ioctl DEVFSIO_RAPPLY: Operation not permitted
devfs rule: ioctl DEVFSIO_RAPPLY: Operation not permitted

The reason for this is that by default in FreeBSD named tries to run within a chroot. The chroot for named requires /dev/zero, and /dev/random, so the rc script that starts named tries to mount a devfs for named. The problem is that jails cannot mount, for obvious reasons.

The quick solution is to tell FreeBSD not to try to run named within a chroot. The idea is that a jail is good enough. You can do this by seting:

named_chrootdir=""

within the JAIL’S /etc/rc.conf.

The other option is to create the chroot dir for named from the host system for the jail before you start it. This really doesn’t have too much of a benefit. But it’s possible by issuing the following commands from the host system for your jail:

# mount -t devfs devfs /jails/jailhost.whatever.com/var/named/dev/
# devfs -m /jails/jailhost.whatever.com/var/named/dev/ rule -s 1 applyset
# devfs -m /jails/jailhost.whatever.com/var/named/dev/ rule apply path null unhide
# devfs -m /jails/jailhost.whatever.com/var/named/dev/ rule apply path random unhide

Once you’ve done that, you can start named in the jail, and you’ll have named running inside a chroot within a jail. This doesn’t quell the error messages, but you can trust that they’re irrelevant, or if you feel like it, you can patch /etc/rc.d/named within the jail to not try to create/destroy chroots. Find these lines of code:

# Mount a devfs in the chroot directory if needed
#
umount ${named_chrootdir}/dev 2>/dev/null
devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
devfs -m ${named_chrootdir}/dev rule apply path null unhide
devfs -m ${named_chrootdir}/dev rule apply path random unhide

and make them look like this:

# Mount a devfs in the chroot directory if needed
#
#umount ${named_chrootdir}/dev 2>/dev/null
#devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
#devfs -m ${named_chrootdir}/dev rule apply path null unhide
#devfs -m ${named_chrootdir}/dev rule apply path random unhide

Now you have to maintain this stupidity, if your mergemaster changes /etc/rc.d/named, but I guess it’s nice not to see errors. You also can’t start your jails automatically at boot, because the chroot won’t exist yet… So…. whatever.

Buildworld Benchmark: My New Server (ULE)

September 22, 2008 in Blog

Buildworld Benchmark: My New Server Continued.

The same benchmark as previously done was redone with the ULE Scheduler. The results were quite odd, as the times were actually slightly higher than recorded without the ULE Scheduler.

This leads me to believe that I probably screwed up somewhere, but I just don’t want to spend more time doing something this … boring.