Date: Tue, 21 Feb 2006 14:51:36 +0300 From: Igor Robul <igorr@speechpro.com> To: freebsd-stable@freebsd.org Subject: Re: Jails in 6.0 and devfs woes Message-ID: <20060221115136.GC5402@sysadm.stc> In-Reply-To: <a3689f910602210210k3fe18090hfe31d9ea0a09a02c@mail.gmail.com> References: <a3689f910602210210k3fe18090hfe31d9ea0a09a02c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 21, 2006 at 08:10:31PM +1000, Andrew Hacking wrote: > I am trying to setp a jail in RELENG_6, and cannot apply the jail > ruleset (ruleset 4) to the jail devfs mount point. The system also > hangs if I try to apply the rules individually. > > I raised PR/93423 for this issue. See > http://www.freebsd.org/cgi/query-pr.cgi?pr=93423 for details > > I am wondering if anyone else has had any success securing their jails > (ie removing device nodes such as those that provide raw access to > disks) ? Jails and devfs rules work fine for me: %uname -a FreeBSD s2.stc 6.0-STABLE FreeBSD 6.0-STABLE #0: Fri Nov 11 04:03:19 MSK 2005 igorr@s2.stc:/usr/build/usr/src/sys/S2 i386 %jls JID IP Address Hostname Path 3 192.168.2.52 samba-pdc.stc /home/jail/samba 2 192.168.2.51 mail2.stc /home/jail/mail 1 192.168.2.50 ldap.stc /home/jail/ldap %mount ... /dev/mirror/home on /home (ufs, local, soft-updates) devfs on /home/jail/ldap/dev (devfs, local) devfs on /home/jail/mail/dev (devfs, local) devfs on /home/jail/samba/dev (devfs, local) %ls /home/jail/samba/dev/ fd null ptyp1 stderr stdout ttyp1 zero log ptyp0 random stdin ttyp0 urandom %grep devfs /etc/rc.conf jail_mail_devfs_enable="YES" jail_samba_devfs_enable="YES" jail_ldap_devfs_enable="YES"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060221115136.GC5402>