From owner-freebsd-questions@FreeBSD.ORG Thu Aug 19 17:32:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 619E316A4CF for ; Thu, 19 Aug 2004 17:32:55 +0000 (GMT) Received: from sdf.lonestar.org (ol.freeshell.org [192.94.73.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id F403543D2F for ; Thu, 19 Aug 2004 17:32:54 +0000 (GMT) (envelope-from lukas@sdf.lonestar.org) Received: from sdf.lonestar.org (IDENT:lukas@ukato.freeshell.org [192.94.73.7]) by sdf.lonestar.org (8.12.10/8.12.10) with ESMTP id i7JHWqDT009869 for ; Thu, 19 Aug 2004 17:32:53 GMT Received: (from lukas@localhost) by sdf.lonestar.org (8.12.10/8.12.8/Submit) id i7JHWqTp018365; Thu, 19 Aug 2004 10:32:52 -0700 (PDT) Date: Thu, 19 Aug 2004 10:32:52 -0700 (PDT) From: Luke X-X-Sender: lukas@ukato.freeshell.org To: freebsd-questions@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: How do I make devices usable from a jail? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: LukeD@pobox.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Aug 2004 17:32:55 -0000 I'm running CURRENT. I've set up a jail. As part of setting it up, I ran "mount_devfs devfs /path/to/jail/dev". This appeared to mount all of my devices in the jail at the proper location. When I start the jail, the jail's /dev looks correct. It looks identitical to the host system's /dev as far as I can tell. The devices are all owned by root, and the permissions on most of them are crw-------. However, the jail cannot seem to use some of these devices. For example, when I run sysinstall inside the jail and attempt to install packages from the CD, it reports that it does not have permission. More importantly, sshd can't access /dev/random. crw-r----- 1 root operator 4, 12 Aug 19 09:08 /dev/acd0 crw-rw-rw- 1 root wheel 250, 0 Aug 19 02:08 /dev/random lrwxr-xr-x 1 root wheel 6 Aug 19 16:40 /dev/urandom -> random I can't understand why sshd and sysinstall can't use these devices. The documentation suggests that devfs may have something to do with this, but running "devfs rule showsets" from outside the jail yields nothing. Running it from inside the jail gives an "operation not permitted" error. I suppose I have no "rules". Is this the problem? Is the default behavior for allowing access to devices from jails more restrictive than when not in jails?