/dev/random in jails

[Tech Valley Internet - Tony Kivits]

At 10:02 PM 7/18/2007, Tech Valley Internet - Tony Kivits wrote:
>At 09:50 PM 7/18/2007, Christopher Cowart wrote:
>>On Wed, Jul 18, 2007 at 09:49:12PM -0700, Christopher Cowart wrote:
>> > $ dd if=/dev/random bs=1 count=12 2>/dev/null | openssl base64
>> > Should give you a base64 encoding of some random data (base64 to prevent
>> > it from messing up your terminal) if /dev/random is working.
>>
>>I meant to point if=jailroot/dev/random. Testing /dev/random for the
>>host OS isn't going to be too meaningful.
>>
>>--
>>Chris Cowart
>>Lead Systems Administrator
>>Network & Infrastructure Services, RSSP-IT
>>UC Berkeley
>
>Thanks Chris,
>
>I figured out what you meant.  ;)
>
>I think with all my playing I managed to put a symlink in the dev 
>directory that I can't get out.
>
>I will try to do a reinstall of the machine and try all the 
>suggestions on a clean environment.
>
>Tony


Ok.  I now know what is happening.

The random and urandom devices are in the jail's /dev directory when 
the jail is created and the test you gave me to try did work once 
tweaked a bit.  But when I run the installation script for hsphere 
the two devices disappear out of the /dev directory.

The devices are then inaccessible for all processes until the jail is 
restarted.

I have looked in the usually log files and nothing is recorded there.

My configuration is as follows....

# Jail info in host's rc.conf
jail_enable="YES"
jail_interface="xl0"
jail_devfs_enable="YES"
jail_procfs_enable="YES"
jail_list="cp"
jail_cp_rootdir="/usr/jails/cp"
jail_cp_hostname="cp.example.ca"
jail_cp_ip="192.168.1.71"
jail_cp_mount_enable="YES"
jail_cp_devfs_ruleset="devfsrules_thin_jail"


#devfs.rules
[devfsrules_thin_jail=100]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic