From owner-freebsd-stable@freebsd.org  Tue Apr 24 13:24:56 2018
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E9B10FA40B8
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Tue, 24 Apr 2018 13:24:55 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 998FD831C9;
 Tue, 24 Apr 2018 13:24:55 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by freefall.freebsd.org (Postfix) with ESMTPS id 39018ECE8;
 Tue, 24 Apr 2018 13:24:55 +0000 (UTC) (envelope-from gjb@FreeBSD.org)
Date: Tue, 24 Apr 2018 13:24:52 +0000
From: Glen Barber <gjb@FreeBSD.org>
To: krad <kraduk@gmail.com>
Cc: "O'Connor, Daniel" <darius@dons.net.au>,
 KIRIYAMA Kazuhiko <kiri@kx.openedu.org>,
 freebsd-stable <freebsd-stable@freebsd.org>
Subject: Re: What should do in chrooted environment?
Message-ID: <20180424132452.GB70329@FreeBSD.org>
References: <201804232228.w3NMS6UW042861@kx.openedu.org>
 <20180423224408.GC56778@FreeBSD.org>
 <A07CBD86-5B13-43A9-AF33-EA027B93F209@dons.net.au>
 <CALfReyeOOgJmnj4Lxxbr4O_YOO9GA_83+-Awaz5r4eZAnCJkXw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="dc+cDN39EJAMEtIO"
Content-Disposition: inline
In-Reply-To: <CALfReyeOOgJmnj4Lxxbr4O_YOO9GA_83+-Awaz5r4eZAnCJkXw@mail.gmail.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 13:24:56 -0000


--dc+cDN39EJAMEtIO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

There are additional nits regarding jail(8) that chroot(8) does not have
the same limitations.  Setting/unsetting the immutable flag on something
like /sbin/init, for example, comes to mind.

Glen

On Tue, Apr 24, 2018 at 11:49:46AM +0100, krad wrote:
> wouldn't it just be easier to do this in a jail, and then all of these
> little bits would be taken care of?
>=20
> On 24 April 2018 at 01:48, O'Connor, Daniel <darius@dons.net.au> wrote:
>=20
> >
> >
> > > On 24 Apr 2018, at 08:14, Glen Barber <gjb@FreeBSD.org> wrote:
> > > I think you might not have the devfs mount in the image.  With the pa=
ths
> > > provided above, I think this should fix it:
> > >
> > > # mount -t devfs devfs /mnt/dev
> >
> > I wonder if it's worth doing a basic sanity check that /dev/null and
> > /dev/zero look like device nodes.
> >
> > I've made this mistake too and it produces some very confusing error
> > messages :(
> >
> > --
> > Daniel O'Connor
> > "The nice thing about standards is that there
> > are so many of them to choose from."
> >  -- Andrew Tanenbaum
> > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
> >
> > _______________________________________________
> > freebsd-stable@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.or=
g"
> >

--dc+cDN39EJAMEtIO
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAlrfMCAACgkQAxRYpUeP
4pN8ZhAAjjLMLRMgG0UE5c5YieMO/arIQL7eFODXE1OMBi1Zpqba+275Byk8nnlH
xqYd+oDx8qvkD9xFzPzQjQ6z0Q+ZLjwE6ohsloYespV49Bt9CB6p3ikY94EH40dl
1rE/8zCcUChSdvg8hMb3dVY2mEy7oKnQpCUoavcEvtRuLEakjAqx1++jqSVq+IGy
qcBm4LE3v6kp6ENyzeJQYMjTfDw4bsCFryNcz10HEveLwdZkiYFGsTTbnIY1Ijwt
ACA6j2MH0HO1gkthu/yTOzg2DGm0khhzC3V/Wz8p4FJjLEtoS1twYVBv5nnHBxGD
dfHig+1HiPMrUxGdFvn3ZS0LxxPfi4HrkIjoEp8XW6ELOXRAOBKJXtPc59L5zOPZ
FFLNxyQTe9V6uFuU3JF6N90JWKVGv3LApNTCXQf+ijZBV/qqmvvtF7l/034vUXnZ
3zj6jkCsB3sCaLsTqWkrFH8zjM79NBiqjGBVRDInzkfl3yRMM6LXLV6Do2k563Y3
Qqjsd9SsW6PyyvH26369XnJMJ9QOjZV09Y+OBoq2I7IZI9kxTvf+NYdGS2wRdJsJ
YkG5QPrgO+KSZ/6dFrKp4WX3TOEYG0AXBdwL8L4QptqL3kSKEDgiLQCDV6qqZXMv
nGuXiCiDO6CShjL9DxpVb2V12Gqz58XpHD0GWPgWwNcXaM7neAA=
=BuyM
-----END PGP SIGNATURE-----

--dc+cDN39EJAMEtIO--