From owner-freebsd-current@FreeBSD.ORG  Tue Jul 29 09:48:31 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 317E537B401
	for <current@freebsd.org>; Tue, 29 Jul 2003 09:48:31 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5597643FBD
	for <current@freebsd.org>; Tue, 29 Jul 2003 09:48:30 -0700 (PDT)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (localhost [127.0.0.1])
	by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h6TGlXai076433;
	Tue, 29 Jul 2003 12:47:33 -0400 (EDT)
	(envelope-from robert@fledge.watson.org)
Received: from localhost (robert@localhost)h6TGlXMw076430;
	Tue, 29 Jul 2003 12:47:33 -0400 (EDT)
Date: Tue, 29 Jul 2003 12:47:33 -0400 (EDT)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Jens Rehsack <rehsack@liwing.de>
In-Reply-To: <3F26A37A.7090402@liwing.de>
Message-ID: <Pine.NEB.3.96L.1030729124628.75304H-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: Clement Laforet <sheepkiller@cultdeadsheep.org>
cc: FreeBSD-Current List <current@freebsd.org>
Subject: Re: [PATCH] jail NG schript patch for mounting devfs and procfs
	automatically
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jul 2003 16:48:31 -0000


On Tue, 29 Jul 2003, Jens Rehsack wrote:

> I updated the rcng jail start script to mount devfs and procfs into the
> jail if wanted. Adding entries to /etc/fstab didn't work properly,
> because the jail filesystem wasn't mounted when the startup process
> wants to mount it. 
> 
> Going this way allows us to control which jail could be used via ssh (or
> another remote shell), too. 
> 
> Any comments gladly welcome. 
> 
> If it's useful for FreeBSD, I will write the rc.conf(5) update, too.
> Please inform me to do this. 

Neat.

Someone, and unfortunately I appear to have lost track of who, had some
tweaks to the rcNG scripts to set up some reasonable devfs rules for a
jail, and apply them to the devfs mounted in a jail.  Otherwise, you risk
exposing "undesired" device nodes to the virtual environment.  I suspect a
search of the -current archives will turn up who, but I think a necessary
part of a solution here will be to make sure jails are set up with the
right devfs contents. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Network Associates Laboratories