From owner-freebsd-stable@FreeBSD.ORG Sat Sep 9 07:59:55 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 13D9A16A403 for ; Sat, 9 Sep 2006 07:59:55 +0000 (UTC) (envelope-from frode@nordahl.net) Received: from smtp1.powertech.no (smtp1.powertech.no [195.159.0.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B89343D5C for ; Sat, 9 Sep 2006 07:59:53 +0000 (GMT) (envelope-from frode@nordahl.net) Received: from [195.159.148.126] (dhcp7.xu.nordahl.net [195.159.148.126]) by smtp1.powertech.no (Postfix) with ESMTP id 481B8833C; Sat, 9 Sep 2006 09:59:52 +0200 (CEST) In-Reply-To: <200609061203.43058.mistry.7@osu.edu> References: <200609061203.43058.mistry.7@osu.edu> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <8D30721C-9EAA-4518-9376-93082E8CB727@nordahl.net> Content-Transfer-Encoding: 7bit From: Frode Nordahl Date: Sat, 9 Sep 2006 09:59:51 +0200 To: Anish Mistry X-Mailer: Apple Mail (2.752.2) Cc: freebsd-stable@freebsd.org Subject: Re: Symbolic Links in /dev of a jail X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Sep 2006 07:59:55 -0000 On 6. sep. 2006, at 18.03, Anish Mistry wrote: > Previously posted to -questions: > In my quest to get asterisk+iaxmodem+hylafax working together in a > jail I've run into one final roadblock. I can't seem to figure out > how to create a symbolic link (ln -s doesn't work) in /dev in the > jail environment while in the jailed environment. When trying to > create a link with ln I receive: > ln -s somedev targetdev > ln: targetdev: Operation not permitted > Adding a link entry to devfs.conf in the jail fails too since it > receives the same error. I can create a link in the jailed /dev from > the host environment, so there seems to be some restriction on > creating links in /dev while in the jail. The reason I need to be > able to do this is that iaxmodem needs to create a /dev/ttyIAX device > to point to the correct ttyp* device when it starts in the jail. > > Any suggestions would be appreciated. Have you tried to change the devfs ruleset? Try to boot up a jail without any devfs restrictions and see if your devfs.conf alias works then. Search for jail_example_devfs in /etc/defaults/rc.conf, and have a look at /etc/defaults/devfs.rules. I guess specifying jail_example_devfs_ruleset="" is enough to disable the rules. If you succeed, you will need to find some way of enforcing rules, but allowing what you want. Running a jail without devfs rules gives the jail too much access to the system. -- Frode Nordahl