From owner-freebsd-emulation  Sun Apr 22 14:39:35 2001
Delivered-To: freebsd-emulation@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 64B1237B424
	for <freebsd-emulation@freebsd.org>; Sun, 22 Apr 2001 14:39:32 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.3/8.11.3) with SMTP id f3MLdmf82339;
	Sun, 22 Apr 2001 17:39:49 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Date: Sun, 22 Apr 2001 17:39:48 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: The Hermit Hacker <scrappy@hub.org>
Cc: freebsd-emulation@freebsd.org
Subject: Re: linux emulation in a jail'd environment?
In-Reply-To: <Pine.BSF.4.33.0104181023240.400-100000@mobile.hub.org>
Message-ID: <Pine.NEB.3.96L.1010422173620.63356F-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-emulation@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Wed, 18 Apr 2001, The Hermit Hacker wrote:

> I'm trying to install jdk12-beta, which requires linux emulation to work,
> but I can't install linux_base:
> 
> media-brokers# mknod /compat/linux/dev/null c 2 2
> mknod: /compat/linux/dev/null: Operation not permitted
> media-brokers# ls -ld /compat/linux/dev/
> drwxr-xr-x  2 root  wheel  512 Apr 18 09:20 /compat/linux/dev/
> 
> is this not possible?

The jail(8) code restricts the ability of jail'd processes to introduce
new device nodes, as those device nodes might be used to bypass the jail
protections.  My understanding was that if /compat/linux/(foobarbaz)
did exist, it would be used in preference to the actual /(foobarbaz), so
if a /compat/linux/dev was created, Linux applications would use that tree
instead of the normal /dev.  I'm not certain why using the normal /dev
would be a bad idea (other than Linux apps opening things they don't
understand), and certainly you'd think /dev/null would be fine.  You can
probably work around this by adding a symlink from /compat/linux/dev/null
to /dev/null.  If there's no other reason to have a /compat/linux/dev, I'd
probably just remove the whole directory so that Linux apps use the normal
/dev.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-emulation" in the body of the message