Date: Tue, 21 Feb 2006 12:26:35 +0200 From: "Vlad GALU" <vladgalu@gmail.com> To: freebsd-stable@freebsd.org Subject: Re: Jails in 6.0 and devfs woes Message-ID: <79722fad0602210226n494855w253d6557ea90a4e4@mail.gmail.com> In-Reply-To: <a3689f910602210210k3fe18090hfe31d9ea0a09a02c@mail.gmail.com> References: <a3689f910602210210k3fe18090hfe31d9ea0a09a02c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/21/06, Andrew Hacking <ahacking@gmail.com> wrote: > I am trying to setp a jail in RELENG_6, and cannot apply the jail > ruleset (ruleset 4) to the jail devfs mount point. The system also > hangs if I try to apply the rules individually. > > I raised PR/93423 for this issue. See > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D93423 for details > > I am wondering if anyone else has had any success securing their jails > (ie removing device nodes such as those that provide raw access to > disks) ? -- cut here -- jail_enable=3D"YES" jail_list=3D"j1" jail_j1_rootdir=3D"/mnt/store/jails/j1" jail_j1_hostname=3D"j1.freebsd.domain" jail_j1_ip=3D"<ip>" jail_j1_exec_start=3D"/bin/sh /etc/rc" jail_j1_exec_stop=3D"/bin/sh /etc/rc.shutdown" jail_j1_devfs_enable=3D"YES" jail_j1_devfs_ruleset=3D"devfsrules_jail" jail_j1_fstab=3D"" jail_j1_procfs_enable=3D"YES" -- and here -- My /etc/devfs.rules is a symlink to /etc/defaults/devfs.rules. In the jail I can only see: -- cut here -- j1# ls /dev/ fd null ptyp1 ptyp3 random stdin ttyp0 ttyp2 ttyp4 zer= o log ptyp0 ptyp2 ptyp4 stderr stdout ttyp1 ttyp3 urandom j1# -- and here -- HTH. -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79722fad0602210226n494855w253d6557ea90a4e4>