From owner-freebsd-hackers@FreeBSD.ORG  Thu Jun 26 06:35:23 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8566937B401; Thu, 26 Jun 2003 06:35:23 -0700 (PDT)
Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 40FD943F75; Thu, 26 Jun 2003 06:35:20 -0700 (PDT)
	(envelope-from marck@rinet.ru)
Received: from localhost (localhost [127.0.0.1])
	by woozle.rinet.ru (8.12.9/8.12.9) with ESMTP id h5QDZDsp081813;
	Thu, 26 Jun 2003 17:35:13 +0400 (MSD)
	(envelope-from marck@rinet.ru)
Date: Thu, 26 Jun 2003 17:35:13 +0400 (MSD)
From: Dmitry Morozovsky <marck@rinet.ru>
To: Robert Watson <rwatson@freebsd.org>
In-Reply-To: <Pine.NEB.3.96L.1030623114101.52424E-100000@fledge.watson.org>
Message-ID: <20030626173142.B80636@woozle.rinet.ru>
References: <Pine.NEB.3.96L.1030623114101.52424E-100000@fledge.watson.org>
X-NCC-RegID: ru.rinet
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: hackers@freebsd.org
Subject: Re: Mounting
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2003 13:35:23 -0000

On Mon, 23 Jun 2003, Robert Watson wrote:

RW> > Can nodev also be added to all above + /usr?
RW>
RW> nodev prevents opening specfs character devices, but doesn't prevent
RW> opening fifos or UNIX domain sockets, so is generally fine for all file
RW> systems except /dev.  The common exceptions I bump into are:
RW>
RW> (1) If you have per-user chroots, make sure wherever their custom /dev is
RW>     isn't nodev.

Maybe my experience would be useful for the community:

I've successfully use mfs under 4.x for chroot/jailed environment, created via

JDEV=/ar/J/j224/dev
mount_mfs -s 256 -i 768 -o nosuid /dev/ad0s1b ${JDEV} > /dev/null 2>&1
cd ${JDEV}
sh /dev/MAKEDEV std pty0
rm mem kmem pci io klog console
ln -sf null mem
ln -sf null kmem
ln -sf null console


Sincerely,
D.Marck                                     [DM5020, MCK-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
------------------------------------------------------------------------