Date: Fri, 15 Aug 2003 16:17:10 +0200 From: Jens Rehsack <rehsack@liwing.de> To: "Scot W. Hetzel" <hetzels@westbend.net> Cc: FreeBSD-Current List <current@freebsd.org> Subject: Re: [PATCH] jail NG schript patch for mounting devfs and procfsautomatically Message-ID: <3F3CEB66.20800@liwing.de> In-Reply-To: <008901c36278$3d4a8f80$13fd2fd8@Admin02> References: <Pine.NEB.3.96L.1030729124628.75304H-100000@fledge.watson.org><3F26AA16.5030007@liwing.de> <20030729172122.GA5005@kokeb.ambesa.net><3F26BC7B.8070507@liwing.de> <20030801232918.GA37095@kokeb.ambesa.net><3F2D1800.5020006@liwing.de> <20030803230410.GA16947@kokeb.ambesa.net> <008901c36278$3d4a8f80$13fd2fd8@Admin02>
next in thread | previous in thread | raw e-mail | index | archive | help
On 14.08.2003 15:36, Scot W. Hetzel wrote:
> I just noticed a problem with periodic scripts inside a jail. I'm getting:
>
> Local system status:
> tee: /dev/stderr: Operation not supported
>
> Mail in local queue:
> tee: /dev/stderr: Operation not supported
>
> Mail in submit queue:
> tee: /dev/stderr: Operation not supported
>
> in the periodic daily, weekly, monthly and security reports. But if I mount
> the fdescfs on the jail, then these errors go away.
>
> So we need to add the following to the new jail script
>
> jail_start()
> {
> :
> eval jail_devfs=\"\$jail_${_jail}_devfs\"
> [ -z ${jail_devfs} ] && jail_devfs="NO":
>
> eval jail_fdescfs=\"\$jail_${_jail}_fdescfs\"
> [ -z ${jail_fdescfs} ] && jail_fdescfs="NO"
> :
> if checkyesno jail_devfs ; then
> mount -t devfs dev ${jail_devdir}
> if checkyesno jail_fdescfs ; then
> mount -t fdescfs fdesc ${jail_devdir}/fd
> fi
> :
> fi
> :
> }
>
> jail_stop()
> {
> :
> eval jail_devfs=\"\$jail_${_jail}_devfs\"
> [ -z ${jail_devfs} ] && jail_devfs="NO":
>
> eval jail_fdescfs=\"\$jail_${_jail}_fdescfs\"
> [ -z ${jail_fdescfs} ] && jail_fdescfs="NO"
> :
> if checkyesno jail_devfs ; then
> if [ -d ${jail_devdir} ] ; then
> if checkyesno jail_fdescfs; then
> umount -f ${jail_devdir}/fd >/dev/null 2>&1
> fi
> umount -f ${jail_devdir} >/dev/null 2>&1
> fi
> fi
> :
> }
>
> The only decsion we need to make is wheter to always mount the fdescfs when
> devfs is mounted on the jail, or have a variable to enable mounting of the
> fdescfs (jail_*_fdescfs).
>
> Scot
I don't run periodics in jails, because they are not allowed to mail
out :-)
But I wouldn't really care having fdescfs mounted every time as
security problem, so I would decide to mount it ever (or defaultly).
If someone cares, addition of jail_example_mount_fdescfs is
recommented.
I add a CC to security@, because of there may be one or other who
has an important comment.
Best,
Jens
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F3CEB66.20800>