Site Navigation

Date:      Wed, 24 Jun 2009 16:30:21 +0100
From:      "Daniel Bye" <danielby@slightlystrange.org>
To:        FreeBSD Mailing List <FreeBSD-Questions@freebsd.org>
Subject:   Re: cups&samba jailed
Message-ID:  <20090624153021.GA1513@torus.slightlystrange.org>
In-Reply-To: <4A417C47.1030700@cox.net>
References:  <4A417C47.1030700@cox.net>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 23, 2009 at 08:07:19PM -0500, Derek Funk wrote:
> Attempting to setup cups and samba into a jail. How do you mount/add=20
> device node /dev/ulpt0 within a jail.
> Essentially I would like to know, how to add device nodes within jail=20
> /dev for specifically the devices I want?

You need to create some devfs rules, which live in a file called
/etc/devfs.rules in the HOST system. As an example to get you going, here
is what I use (edited for brevity):

[localrules=3D101]
add path 'da*'  mode 0664 group operator
add path 'acd*' mode 0666 group operator
add path 'cd*'  mode 0666 group operator

[hide_all=3D201]
add hide

[unhide_basic=3D301]
add path null unhide
add path zero unhide
add path crypto unhide
add path random unhide
add path urandom unhide
add path net unhide
add path net/lo0 unhide
add path net/nfe0 unhide

[unhide_login=3D401]
add path 'ptyp*' unhide
add path 'ptyq*' unhide
add path 'ptyr*' unhide
=2E.....

# Devices usually found in a jail.
#
[devfsrules_jail=3D501]
add include $hide_all
add include $unhide_basic
add include $unhide_login


And then in /etc/rc.conf, you'll need a couple of extra settings:

devfs_system_ruleset=3D"localrules"

jail_jailname_devfs_ruleset=3D"devfsrules_jail"

In your case, you'd want to put the printer device node in either one of
the already defined rulesets, or in a new set which you then include in=20
the [devfsrules_jail=3D501] section.

Dan

--=20
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)

iEYEARECAAYFAkpCRo0ACgkQixf5fBYiFmpcsgCdFUYJl+qKSx4MxkpeI2Ljd0ET
haYAoLjsBXpIuNRQ73h1cyG7tXLBI9Vd
=/x/O
-----END PGP SIGNATURE-----

--7JfCtLOvnd9MIVvH--

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090624153021.GA1513>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact