From owner-freebsd-arch Sun Jul 16 0:28:34 2000 Delivered-To: freebsd-arch@freebsd.org Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id D846737B709; Sun, 16 Jul 2000 00:28:29 -0700 (PDT) (envelope-from green@FreeBSD.org) Date: Sun, 16 Jul 2000 03:28:28 -0400 (EDT) From: Brian Fundakowski Feldman X-Sender: green@green.dyndns.org To: Warner Losh Cc: freebsd-arch@FreeBSD.ORG Subject: Re: SysctlFS In-Reply-To: <200007160535.XAA50733@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 15 Jul 2000, Warner Losh wrote: > : Why? It's got exactly the same considerations as the "true" root being > : able to mount(2) things into a jail or mknod(2). > > You shouldn't be able to mount thinks in jail or mknod. While in > jail, you cannot do a mknod right now. While in jail, you can't do a > mount. > > Creating holes in this scheme makes me extremely nervous. Exactly! The same permissions would apply to this form of symlink as those which apply to mknod and mount in jails. > : > Also, you really don't want too many devices in a jail's /dev tree. > : > You really wouldn't want devfs for jail unless you could limit it > : > severely. And that's going to be hard to write, I think. > : > : But you could create multiple mounts (instances) of devfs which each > : contain a specific subset of the devfs proper and do the "symlink > : breakout" accordingly :) An aspect of jail classes, if you will. > > Why bother with a symlink? Why not have a reference to the real > dev_t? The dev_t of what, exactly? > Warner -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message