Date: Tue, 24 Apr 2018 14:13:46 +0000 From: Glen Barber <gjb@FreeBSD.org> To: Marc Branchaud <marcnarc@gmail.com> Cc: krad <kraduk@gmail.com>, KIRIYAMA Kazuhiko <kiri@kx.openedu.org>, "O'Connor, Daniel" <darius@dons.net.au>, freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: What should do in chrooted environment? Message-ID: <20180424141346.GD70329@FreeBSD.org> In-Reply-To: <5bfcd662-629c-43f0-0471-141cf6881a1f@gmail.com> References: <201804232228.w3NMS6UW042861@kx.openedu.org> <20180423224408.GC56778@FreeBSD.org> <A07CBD86-5B13-43A9-AF33-EA027B93F209@dons.net.au> <CALfReyeOOgJmnj4Lxxbr4O_YOO9GA_83%2B-Awaz5r4eZAnCJkXw@mail.gmail.com> <20180424132452.GB70329@FreeBSD.org> <5bfcd662-629c-43f0-0471-141cf6881a1f@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--0/kgSOzhNoDC5T3a Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 24, 2018 at 10:09:40AM -0400, Marc Branchaud wrote: > On 2018-04-24 09:24 AM, Glen Barber wrote: > > There are additional nits regarding jail(8) that chroot(8) does not have > > the same limitations. Setting/unsetting the immutable flag on something > > like /sbin/init, for example, comes to mind. >=20 > Try > allow.chflags > in your jail.conf. >=20 Sure, this works, but it requires (IMHO) more "intervention" than a simple devfs(5) mount in the target build environment. Glen > M. >=20 > > Glen > >=20 > > On Tue, Apr 24, 2018 at 11:49:46AM +0100, krad wrote: > > > wouldn't it just be easier to do this in a jail, and then all of these > > > little bits would be taken care of? > > >=20 > > > On 24 April 2018 at 01:48, O'Connor, Daniel <darius@dons.net.au> wrot= e: > > >=20 > > > >=20 > > > >=20 > > > > > On 24 Apr 2018, at 08:14, Glen Barber <gjb@FreeBSD.org> wrote: > > > > > I think you might not have the devfs mount in the image. With th= e paths > > > > > provided above, I think this should fix it: > > > > >=20 > > > > > # mount -t devfs devfs /mnt/dev > > > >=20 > > > > I wonder if it's worth doing a basic sanity check that /dev/null and > > > > /dev/zero look like device nodes. > > > >=20 > > > > I've made this mistake too and it produces some very confusing error > > > > messages :( > > > >=20 > > > > -- > > > > Daniel O'Connor > > > > "The nice thing about standards is that there > > > > are so many of them to choose from." > > > > -- Andrew Tanenbaum > > > > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > > > >=20 > > > > _______________________________________________ > > > > freebsd-stable@freebsd.org mailing list > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > > > > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebs= d.org" > > > >=20 >=20 --0/kgSOzhNoDC5T3a Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAlrfO5oACgkQAxRYpUeP 4pMxJQ/9FluPlsNhn3xBE5kaj5aNF6hoJ/3lsbujBhE/MmLpAU6mcHagfA+w+tC6 g7WPbORGKnb6ciWG/WiobOi1+h8iCAm/JHEeA1rs3FmJ3bQWrolJStVpw8degdE8 36YDRsp+pttOCiEx80NWo3CORXYo/nAj6dipdZD8jc0Uhu94v4oygTXY0Q1NfqDz 6nvTk9b0lWdsBU417uouhGxwB+OdHVMVPjQrvnB6K+Qp5snMjdMLT0tzLMhZCV4T rjIEjMDybXjdsi8KGKbYGGnFGgUU7UCyJp4hKFe9RASeBrsjiAnmgW+WolSTtqPg EFT4zpYzvR1eXfeH8354iVbePVPP3Ui1dQ4NPtVQiPB9bXvS1xF8fu/G4JsKeftu 27wPlviSTkb4Q/zpKmaEzOiZF5rhrMuvmkq/8cxVo1GhaE9jewDKG3vJ9/weldE8 acNzOvvSZL3TnzGjsvcJGuGYjCMlhRRC6GUXrh7Q2N9bkvP4Pq89SFOwrWUZxAzD DEBm0C9ZADTF6dpjPWzCiRLAJ2mKOtwqJg7zx298rzS3+Ru3xfEyIpUkWxeco+7u 0aKRRMoyEmEkS3CmuVomtr4U26/drI8yBT6s7SR6sfwS8WFjNsvW0NdtOZ/NYFHP kXR1FOw8DQu5bCbUhzUKhF6bzIrHsa4ZLSS+HtJwLW3D9mMl2h0= =8wqD -----END PGP SIGNATURE----- --0/kgSOzhNoDC5T3a--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180424141346.GD70329>