From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 28 15:25:08 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 266B3106566C
	for <freebsd-questions@freebsd.org>;
	Mon, 28 Mar 2011 15:25:08 +0000 (UTC)
	(envelope-from freebsd-questions@m.gmane.org)
Received: from lo.gmane.org (lo.gmane.org [80.91.229.12])
	by mx1.freebsd.org (Postfix) with ESMTP id CFC858FC16
	for <freebsd-questions@freebsd.org>;
	Mon, 28 Mar 2011 15:25:07 +0000 (UTC)
Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <freebsd-questions@m.gmane.org>) id 1Q4EJV-0006Is-Mv
	for freebsd-questions@freebsd.org; Mon, 28 Mar 2011 17:25:05 +0200
Received: from 91-64-83-241-dynip.superkabel.de ([91.64.83.241])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Mon, 28 Mar 2011 17:25:05 +0200
Received: from holger by 91-64-83-241-dynip.superkabel.de with local (Gmexim
	0.1 (Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-questions@freebsd.org>; Mon, 28 Mar 2011 17:25:05 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-questions@freebsd.org
From: Holger Freyther <holger@freyther.de>
Date: Mon, 28 Mar 2011 15:14:46 +0000 (UTC)
Lines: 20
Message-ID: <loom.20110328T163344-831@post.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@dough.gmane.org
X-Gmane-NNTP-Posting-Host: sea.gmane.org
User-Agent: Loom/3.14 (http://gmane.org/)
X-Loom-IP: 91.64.83.241 (Mozilla/5.0 (X11; U; Linux i686;
	en-us) AppleWebKit/534.16+ (KHTML, like Gecko) Version/5.0
	Safari/534.16+ Epiphany/2.30.6)
Subject: Hierachical jails devfs and rc.conf
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 15:25:08 -0000

Hi all,

in FreeBSD 8.2-RELEASE it does not seem to be possible to pass children.max=X 
to a jail via rc.conf. What would be the best way of doing this? The next issue
is what kind of security review/testing is needed to declare nullfs jailsafe but
for now I can still bind my paths.

My biggest problem right now is the devfs. Is it possible to have /dev
statically populated and have it work inside a jail? E.g. an attempt to create
/dev/null and have it available to the jail is failing, I was cheating and
binding (via nullfs) a /dev from another jail and it started but I am having
difficulties when building things from the ports tree and it seems to be /dev
related.

So really quick question. Is there a way to statically populate the dev tree
with the minimum of needed descriptors? A first try with mknod /jail/dev/null
c 0... did not seem to work.

regards
  holger