Date: Sun, 23 Feb 2014 09:11:43 +0200 From: Folder <folder.trash@gmail.com> To: freebsd-jail@freebsd.org Subject: devfs_ruleset not working in the new jail.conf (FreeBSD 10.0-RELEASE) Message-ID: <53099F2F.5030508@gmail.com>
index | next in thread | raw e-mail
Hi,
I have used freeb up to 9 release by now. I now installed
FreeBSD 10.0-RELEASE and I am very disappointed with the new jail setup.
One of the reasons is that using devfs_ruleset has no effect
in jail.conf.
example:
DDNS {
host.hostname = "DDNS";
ip4.addr = "192.168.5.10";
ip4 = "inherit";
path = "/usr/local/JAIL/DDCLIENT/";
exec.start = "/bin/ddstart.sh &";
exec.consolelog = "/var/log/jail.DDNS.console.log";
devfs_ruleset = "5";
mount.devfs;
}
and devfs.rules:
[devfsrules_jailddns=5]
add hide
add path random unhide
add path urandom unhide
The result is mounting the hole jail tree in the jail... So much for
security in this release.
Even using the old jail setup in rc.conf , the /etc/rc.d/jail fails to
hide dev and mounts dev tree untouched under the jail:
jail_DDNS_rootdir="/usr/local/JAIL/DDCLIENT/"
jail_DDNS_hostname="DDNS"
jail_DDNS_ip="192.168.5.10"
jail_DDNS_exec_start="/bin/ddstart.sh &"
jail_DDNS_devfs_enable="YES"
jail_DDNS_devfs_ruleset="5"
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53099F2F.5030508>