Date: Sun, 12 Nov 2006 17:11:23 -0500 From: Kris Kennaway <kris@obsecurity.org> To: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> Cc: "Marc G. Fournier" <scrappy@freebsd.org>, freebsd-questions@freebsd.org Subject: Re: mknod within a jail ... Message-ID: <20061112221122.GA20998@xor.obsecurity.org> In-Reply-To: <44hcx47lqx.fsf@be-well.ilk.org> References: <7FF5BAB0C7346830548B5582@ganymede.hub.org> <44hcx47lqx.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--/9DWx/yDrRhgMJTb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Nov 12, 2006 at 10:00:54AM -0500, Lowell Gilbert wrote: > "Marc G. Fournier" <scrappy@freebsd.org> writes: >=20 > > I'm playing with DTC right now, within a Jail ... and one of the steps = to set=20 > > it up is to run mknod to create devices for a chroot environment, which= , of=20 > > course, fail in a jail ... > > > > Is there any way around this? > > > > Mounting devfs isn't an option, since for each domain in the jail that = gets=20 > > created, it appears that it needs its own chroot env, with its own dev= =20 > > directory ... > > > > Am I really stuck? :( >=20 > Why don't you run it on the jail filesystem, but from outside of the jail? Any approach that "requires" running mknod is misguided, since you can't do this outside of devfs on modern FreeBSD. Mounting devfs (with appropriate rulesets) is the correct approach. Kris --/9DWx/yDrRhgMJTb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) iD8DBQFFV5wKWry0BWjoQKURAqpYAKC+/tcmY3NkjNyytDDUNgIyoDI9sACgqp4V klo4J+N6IULOVnBQYONQ0uw= =LAwU -----END PGP SIGNATURE----- --/9DWx/yDrRhgMJTb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061112221122.GA20998>