Date: Mon, 11 Feb 2019 10:48:19 -0500 From: "Michael W. Lucas" <mwlucas@michaelwlucas.com> To: jail@freebsd.org Subject: init in a jail Message-ID: <20190211154819.GB10183@mail.michaelwlucas.com>
next in thread | raw e-mail | index | archive | help
Hi,
Sadly, my google-fu has turned up thousands of man pages but no real
discussion on this.
According to init(8), you can run init inside a jail.
If init is run in a jail, the security level of the "host system" will
not be affected. Part of the information set up in the kernel to support
a jail is a per-jail security level. This allows running a higher
security level inside of a jail than that of the host system. See
jail(8) for more information about jails.
If you actually try, though, the jail dies:
storm~;jail -vc loghost
loghost: run command: /sbin/ifconfig jailether inet 198.51.100.225 netmask
255.255.255.255 alias
loghost: run command: /sbin/mount -t devfs -oruleset=4 . /jail/loghost/dev
loghost: run command: logger trying to start jail loghost...
loghost: jail_set(JAIL_CREATE) persist name=loghost path=/jail/loghost
host.hostname=loghost.mwl.io ip4.addr=19 8.51.100.225
loghost: created
loghost: run command in jail: /sbin/init
jail: loghost: /sbin/init: failed
loghost: removed
loghost: run command: /sbin/umount /jail/loghost/dev
loghost: run command: /sbin/ifconfig jailether inet 198.51.100.225 netmask
255.255.255.255 -alias
Is that init(8) text left over from an earlier jail incarnation? Or is
there some other way to run init in a jail?
And WHY would you run init in a jail?
Thanks,
==ml
--
Michael W. Lucas https://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190211154819.GB10183>