From owner-freebsd-arch Mon Jul 17 12: 1:42 2000 Delivered-To: freebsd-arch@freebsd.org Received: from mail.interware.hu (mail.interware.hu [195.70.32.130]) by hub.freebsd.org (Postfix) with ESMTP id D369D37BB77; Mon, 17 Jul 2000 12:01:30 -0700 (PDT) (envelope-from julian@elischer.org) Received: from timbuktu-01.budapest.interware.hu ([195.70.51.193] helo=jules.elischer.org) by mail.interware.hu with smtp (Exim 3.12 #1 (Debian)) id 13EG8j-0006nR-00; Mon, 17 Jul 2000 21:01:17 +0200 Message-ID: <397357E7.794BDF32@elischer.org> Date: Mon, 17 Jul 2000 12:00:55 -0700 From: Julian Elischer X-Mailer: Mozilla 3.04Gold (X11; I; FreeBSD 5.0-CURRENT i386) MIME-Version: 1.0 To: Warner Losh Cc: Kelly Yancey , Robert Watson , Dan Nelson , Adrian Chadd , freebsd-arch@FreeBSD.ORG Subject: Re: SysctlFS References: <200007160752.BAA52125@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Warner Losh wrote: > > In message Kelly Yancey writes: > : I didn't mean when you mounted the jail, but rather when you mounted the > : filesystem in question (i.e. /dev or /proc). The mount flag would be used to > : indicate that is mount is to transcend jails. In other words, when building a > : list of the current mount points inside a jail, mount with this flag would > : always be included. It is arguably a hack, but I don't see why it wouldn't > : work. > > You certainly don't want to do that for /dev in jails. The whole > point of jails is that you can give them access to a small subset of > devices that are "safe". > My suggestion is not that you allow symlinks to jump out of a jail for devices, but rather, the major and minor numbers presently used to connect the inode to the device be replaced by an ascii string (stored in the cdev inode in the same way a symlink is currently stored in the block pointer space) that connects to the appropriatly named node in. 1/ a devfs tree, or 2/ the phk device vnode stuff, either of which can map an name to a driver/minor# combination. It's not a symlink, it's just a 60 byte major number. You use the device canonical name as a limking mechanism in thesame way we currently use the major number. You still have a devfs on /devfs, because you still want new devices to show up somewhere, but you have the auxhiliary access mechanism of making individual nodes in the filesystem and having them access the arbitrarily named devices. (then major numbers can go away completely and all devices can be dynamic) -- __--_|\ Julian Elischer / \ julian@elischer.org ( OZ ) World tour 2000 ;_.---._/ presently in: Budapest v To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message