Date: Fri, 14 Mar 2003 04:42:13 +0100 From: Andy <andy-freebsd@splashground.de> To: Attila Nagy <bra@fsn.hu> Cc: freebsd-current@FreeBSD.ORG Subject: Re: MAKEDEV lost in 5.0-CURRENT? Message-ID: <20030314034213.GA22028@splashground.de> In-Reply-To: <Pine.LNX.4.53.0303131245170.24221@scribble.fsn.hu> References: <20030312164305.G52780@klima.physik.uni-mainz.de> <20030312154721.GA424@freebsd.org.ru> <20030312165908.O52780@klima.physik.uni-mainz.de> <20030312171808.GA28320@unixdaemons.com> <20030313111027.GA13250@splashground.de> <Pine.LNX.4.53.0303131245170.24221@scribble.fsn.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 13, 2003 at 12:47:50PM +0100, Attila Nagy wrote: [...] > You can mount devfs into any places. For example a jail. > BTW, take extreme care, when doing this, because if you don't set up > devfs rules, anybody, who can become root in any jails can do things, > which will irreversibly change your day. (reinstall/restore from backup) > > Hint: cp /dev/null /dev/[what is your root device outside the jail] > > BTW, it would be good to have an ipf.rules like file to set up those devfs > rules. :) What really would be great, was a /usr/share/examples/devfs/jail.rules and some updates to the manpages. Maybe we could work out a jail.rules example in this thread. What did you do about the mem/kmem/console/log devices in your setup? Is it planned to have names/aliases (default, jail, ...) for rulesets instead of numbers (1, 2, ... )? It would also be interesting to be able to print the rules of ruleset 0. Is there a trick to get those? Andy post scriptum: Think the jail(8) man page should also mention the -D switch to mergemaster. Something like: ----8<---- Updating the Jail. make installworld DESTDIR=$D mergemaster -i -D $D ---->8---- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030314034213.GA22028>