From owner-freebsd-questions@FreeBSD.ORG  Wed Jun 24 15:30:26 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: FreeBSD-Questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CCFE61065679
	for <FreeBSD-Questions@freebsd.org>;
	Wed, 24 Jun 2009 15:30:26 +0000 (UTC)
	(envelope-from danielby@slightlystrange.org)
Received: from mtaout03-winn.ispmail.ntl.com (mtaout03-winn.ispmail.ntl.com
	[81.103.221.49])
	by mx1.freebsd.org (Postfix) with ESMTP id 5404D8FC14
	for <FreeBSD-Questions@freebsd.org>;
	Wed, 24 Jun 2009 15:30:26 +0000 (UTC)
	(envelope-from danielby@slightlystrange.org)
Received: from aamtaout04-winn.ispmail.ntl.com ([81.103.221.35])
	by mtaout03-winn.ispmail.ntl.com
	(InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id
	<20090624153024.ZLIZ5579.mtaout03-winn.ispmail.ntl.com@aamtaout04-winn.ispmail.ntl.com>
	for <FreeBSD-Questions@freebsd.org>; Wed, 24 Jun 2009 16:30:24 +0100
Received: from catflap.slightlystrange.org ([82.21.101.171])
	by aamtaout04-winn.ispmail.ntl.com
	(InterMail vG.2.02.00.01 201-2161-120-102-20060912) with ESMTP id
	<20090624153024.PNZO22934.aamtaout04-winn.ispmail.ntl.com@catflap.slightlystrange.org>
	for <FreeBSD-Questions@freebsd.org>; Wed, 24 Jun 2009 16:30:24 +0100
Received: by catflap.slightlystrange.org (Postfix, from userid 106)
	id 4E14566E4; Wed, 24 Jun 2009 16:30:22 +0100 (BST)
Received: from torus.slightlystrange.org (torus.slightlystrange.org
	[10.1.3.50])
	by catflap.slightlystrange.org (Postfix) with SMTP id BC19F613A
	for <FreeBSD-Questions@freebsd.org>;
	Wed, 24 Jun 2009 16:30:21 +0100 (BST)
Received: by torus.slightlystrange.org (sSMTP sendmail emulation);
	Wed, 24 Jun 2009 16:30:21 +0100
From: "Daniel Bye" <danielby@slightlystrange.org>
Date: Wed, 24 Jun 2009 16:30:21 +0100
To: FreeBSD Mailing List <FreeBSD-Questions@freebsd.org>
Message-ID: <20090624153021.GA1513@torus.slightlystrange.org>
Mail-Followup-To: FreeBSD Mailing List <FreeBSD-Questions@freebsd.org>
References: <4A417C47.1030700@cox.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH"
Content-Disposition: inline
In-Reply-To: <4A417C47.1030700@cox.net>
User-Agent: Mutt/1.4.2.3i
X-PGP-Fingerprint: D349 B109 0EB8 2554 4D75  B79A 8B17 F97C 1622 166A
X-Operating-System: FreeBSD 7.2-STABLE i386
X-Cloudmark-Analysis: v=1.0 c=1 a=ehNlctqhnw0A:10 a=iKLvYv2r7lRFtlfRZpEA:9
	a=4rMvDUbQTYBJ8KE0-7sA:7 a=TvNTWA4Z2NPexnJw2T9DT9e17HwA:4
	a=D2l9MTAjZeinlbPHoxAA:9 a=lij34VHT48Ac7VN7rxFYZy-kJxsA:4
Cc: 
Subject: Re: cups&samba jailed
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Daniel Bye <freebsd-questions@slightlystrange.org>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jun 2009 15:30:27 -0000


--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 23, 2009 at 08:07:19PM -0500, Derek Funk wrote:
> Attempting to setup cups and samba into a jail. How do you mount/add=20
> device node /dev/ulpt0 within a jail.
> Essentially I would like to know, how to add device nodes within jail=20
> /dev for specifically the devices I want?

You need to create some devfs rules, which live in a file called
/etc/devfs.rules in the HOST system. As an example to get you going, here
is what I use (edited for brevity):

[localrules=3D101]
add path 'da*'  mode 0664 group operator
add path 'acd*' mode 0666 group operator
add path 'cd*'  mode 0666 group operator

[hide_all=3D201]
add hide

[unhide_basic=3D301]
add path null unhide
add path zero unhide
add path crypto unhide
add path random unhide
add path urandom unhide
add path net unhide
add path net/lo0 unhide
add path net/nfe0 unhide

[unhide_login=3D401]
add path 'ptyp*' unhide
add path 'ptyq*' unhide
add path 'ptyr*' unhide
=2E.....

# Devices usually found in a jail.
#
[devfsrules_jail=3D501]
add include $hide_all
add include $unhide_basic
add include $unhide_login


And then in /etc/rc.conf, you'll need a couple of extra settings:

devfs_system_ruleset=3D"localrules"

jail_jailname_devfs_ruleset=3D"devfsrules_jail"

In your case, you'd want to put the printer device node in either one of
the already defined rulesets, or in a new set which you then include in=20
the [devfsrules_jail=3D501] section.

Dan

--=20
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \

--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (FreeBSD)

iEYEARECAAYFAkpCRo0ACgkQixf5fBYiFmpcsgCdFUYJl+qKSx4MxkpeI2Ljd0ET
haYAoLjsBXpIuNRQ73h1cyG7tXLBI9Vd
=/x/O
-----END PGP SIGNATURE-----

--7JfCtLOvnd9MIVvH--