From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 3 10:27:29 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C296F37B401 for ; Thu, 3 Jul 2003 10:27:29 -0700 (PDT) Received: from adsl-64-161-78-226.dsl.lsan03.pacbell.net (adsl-64-161-78-226.dsl.lsan03.pacbell.net [64.161.78.226]) by mx1.FreeBSD.org (Postfix) with SMTP id DCF6443FE9 for ; Thu, 3 Jul 2003 10:27:28 -0700 (PDT) (envelope-from oremanj@adsl-64-161-78-226.dsl.lsan03.pacbell.net) Received: (qmail 87232 invoked by uid 1001); 3 Jul 2003 17:30:35 -0000 Date: Thu, 3 Jul 2003 10:30:35 -0700 From: Joshua Oreman To: Josh Brooks Message-ID: <20030703173035.GH86503@webserver.get-linux.org> References: <20030702220924.V57224-100000@mail.econolodgetulsa.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030702220924.V57224-100000@mail.econolodgetulsa.com> User-Agent: Mutt/1.4.1i cc: hackers@freebsd.org Subject: Re: current state of the art / best practice for devfs in a jail ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2003 17:27:30 -0000 On Thu, Jul 03, 2003 at 04:00:46AM -0700 or thereabouts, Josh Brooks wrote: > > I have been researching the various of ways people add devfs to a jail to > give the jail certian /dev devices necessary to function ... Well, all I did was test your research :-) > > One strategy I saw was: > > mount -t devfs devfs /home/jail/dev Works (duh). > ( cd /home/jail/dev ; rm $devices_i_dont_want_in_my_jails ) Works. > mount -u -o nonewdev /home/jail/dev Doesn't work (no `nonewdev' option). > > However I do not know of a `nonewdev` option for mount - but does that > even matter, since `mknod` does not work inside of a jail ? Or does it in > 5.x ? AFAIK, `mknod' will not work in a jail. The only reason a nonewdev option would be nice is that the kernel will put new devices in every devfs (I think), so if you attach your FireWire hard drive, you'll have to remember to rm that device in the jails :-) > > -- > > Another strategy I saw was : > > # mount -t devfs devfs /home/jail/dev Works (duh). > # cd /home/jail/dev Works (duh). > # rm -f * rm: fd: Is a directory rm: net: Is a directory > # rm -W null zero tty console rm: null: No such file or directory rm: zero: No such file or directory rm: tty: File exists rm: console: No such file or directory > # ls -l > crw------- 1 phk wheel 0, 0 2 Feb 01:09 console > drwxr-xr-x 2 root wheel 0 2 Feb 01:06 fd > crw-rw-rw- 1 root wheel 2, 2 3 Feb 21:25 null > crw-rw-rw- 1 root wheel 1, 0 3 Feb 17:27 tty > crw-rw-rw- 1 root wheel 2, 12 1 Jan 1970 zero total 1 dr-xr-xr-x 2 root wheel 512 Jul 3 10:28 fd/ dr-xr-xr-x 2 root wheel 512 Jul 3 10:28 net/ # ls -l tty crw------- 1 root wheel 12, 2 Jul 3 10:29 tty Weird, ain't it? > # > > > Does this even work ? Nope. > > -- > > So I guess I am asking two questions: > > 1. in 5.x, is it still true that mknod will not work from within a jail (I > sure hope it is still true) I think so... > > 2. what is the current "best practices" strategy for mounting up a devfs > in a jail ? I'd say option A + constant checking w/ regards to new devices. -- Josh > > > thank! > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"