What to put in devfs for a typical jail
Paul Hoffman
phoffman at proper.com
Sun Jul 29 19:21:09 UTC 2007
Greetings. I want to set up a jail for a web server. It only needs to
access the things a normal system would (its own disk space, the
network controller, the keyboard, and so on). I need to be SSHing
into the jailed system to control it.
The manpage for jail says:
NOTE: It is important that only appropriate device nodes in devfs be
exposed to a jail; access to disk devices in the jail may permit pro-
cesses in the jail to bypass the jail sandboxing by modifying files out-
side of the jail. See devfs(8) for information on how to use devfs rules
to limit access to entries in the per-jail devfs.
What should I do for /etc/devfs.rules on the host? What should I be excluding?
More information about the freebsd-jail
mailing list