From owner-freebsd-current@FreeBSD.ORG Wed Dec 3 04:52:02 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E85F416A4CE for ; Wed, 3 Dec 2003 04:52:02 -0800 (PST) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B79643FE9 for ; Wed, 3 Dec 2003 04:52:00 -0800 (PST) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id 29AEC3ABB53; Wed, 3 Dec 2003 13:51:52 +0100 (CET) Date: Wed, 3 Dec 2003 13:51:51 +0100 From: Pawel Jakub Dawidek To: Niklas Saers Mailinglistaccount Message-ID: <20031203125151.GZ76130@garage.freebsd.pl> References: <20031203101335.D11863@doriath.saers.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="QxSStYAgvEtE+iQJ" Content-Disposition: inline In-Reply-To: <20031203101335.D11863@doriath.saers.com> X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE-p13 i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i cc: current@FreeBSD.ORG Subject: Re: jail and emulators/linux_base X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2003 12:52:03 -0000 --QxSStYAgvEtE+iQJ Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Dec 03, 2003 at 10:22:16AM +0100, Niklas Saers Mailinglistaccount w= rote: +> I'm running CURRENT and set up a jail where I want to install SUN JDK +> 1.4.2. In the process, linux emulation needs to be installed. While +> installing emulators/linux_base, I get the following: +>=20 +> =3D=3D=3D> Installing for linux_base-7.1_5 +> Un-mounting linprocfs... +> umount: retrying using path instead of file system ID +> =3D=3D=3D> Generating temporary packing list +> =3D=3D=3D> Checking if emulators/linux_base already installed +> mknod: /compat/linux/dev/null: Operation not permitted +> *** Error code 1 +>=20 +> While Linux-emulation is already up and running on the host-machine, it +> seems the jail is not allowed to create what it needs to run it. I +> understand allowing mknod(8) within a jail is dangerous in the case where +> you allow untrusted users to be root. Is there some way to either say "I +> don't let untrusted users be root" thus allowing this or to compile +> emulators/linux_base more jail-friendly, possibly setting things up from +> outside the jail? Erm. You may install it using chroot(8) only and then run jail with the same path. You may also use chroot(8) instead of jail if you're looking for full functionality. --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --QxSStYAgvEtE+iQJ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBP83cZz/PhmMH/Mf1AQHcKwP7B886Rnwp+9JJFIht+oI3KvjylnZGItDs RzV0R2QdrV0dDzNNtttm6m8LHHc2cykhP1sQWAeIAkcViKbJ2ieoXPtMgUBW1B6Y 5Iv5Kc27FuaXlSZkmr7gn3XzOPS669dSqt4PDL7l6pRkNlRh3W/6HvX5ywlfusyS XPaqncHKj7A= =CGDL -----END PGP SIGNATURE----- --QxSStYAgvEtE+iQJ--