From owner-freebsd-questions@FreeBSD.ORG Sat Nov 18 15:52:54 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6F89016A52D for ; Sat, 18 Nov 2006 15:52:54 +0000 (UTC) (envelope-from freebsd-questions@stellablue.org) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.FreeBSD.org (Postfix) with ESMTP id 376ED43D46 for ; Sat, 18 Nov 2006 15:52:50 +0000 (GMT) (envelope-from freebsd-questions@stellablue.org) Received: from db2.internal (db2.internal [10.202.2.12]) by frontend1.messagingengine.com (Postfix) with ESMTP id 20B82DC9398 for ; Sat, 18 Nov 2006 10:52:53 -0500 (EST) Received: from web4.messagingengine.com ([10.202.2.213]) by db2.internal (MEProxy); Sat, 18 Nov 2006 10:52:55 -0500 Received: by web4.messagingengine.com (Postfix, from userid 99) id 401BE15F2B9; Sat, 18 Nov 2006 10:52:55 -0500 (EST) Message-Id: <1163865175.3379.276381343@webmail.messagingengine.com> X-Sasl-Enc: hm+SPLw1RgnVWuRBwzBPbNFifUgRFupYP5ykV6gdtCn0 1163865175 From: "Steve Brown" To: freebsd-questions@freebsd.org Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="ISO-8859-1" MIME-Version: 1.0 X-Mailer: MessagingEngine.com Webmail Interface Date: Sat, 18 Nov 2006 07:52:55 -0800 Subject: devfs creates unwanted devices in jail after ruleset applied X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@stellablue.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Nov 2006 15:52:54 -0000 I am running a DNS server in a jail and have setup a devfs mount in the jail to have null and random devices. The setup works fine, but once I log out then log back in the pty and tty devices of my login get created in the jail. Which, of course, I don't want to happen. To clarify, I'm not talking about "logging into the jail", this occurs when logging on to the system. The jail is stripped down, not anywhere close to a virtual server. I do the following to create the jail'd devfs at startup: mount_devfs devfs JAILDIR/dev devfs -m JAILDER/dev rule -s 35 add hide devfs -m JAILDIR/dev rule -s 35 add path null unhide devfs -m JAILDIR/dev rule -s 35 add path random unhide devfs -m JAILDIR/dev rule -s 35 applyset This works great - I get a dev directory setup with just null and random. But the second anyone logs into the system, whammo all the sudden pty and tty devices appear inside the jail's /dev directory. If anyone would care to unclueless me I would appreciate it. Steve