cups&samba jailed
Daniel Bye
danielby at slightlystrange.org
Wed Jun 24 15:30:27 UTC 2009
On Tue, Jun 23, 2009 at 08:07:19PM -0500, Derek Funk wrote:
> Attempting to setup cups and samba into a jail. How do you mount/add
> device node /dev/ulpt0 within a jail.
> Essentially I would like to know, how to add device nodes within jail
> /dev for specifically the devices I want?
You need to create some devfs rules, which live in a file called
/etc/devfs.rules in the HOST system. As an example to get you going, here
is what I use (edited for brevity):
[localrules=101]
add path 'da*' mode 0664 group operator
add path 'acd*' mode 0666 group operator
add path 'cd*' mode 0666 group operator
[hide_all=201]
add hide
[unhide_basic=301]
add path null unhide
add path zero unhide
add path crypto unhide
add path random unhide
add path urandom unhide
add path net unhide
add path net/lo0 unhide
add path net/nfe0 unhide
[unhide_login=401]
add path 'ptyp*' unhide
add path 'ptyq*' unhide
add path 'ptyr*' unhide
......
# Devices usually found in a jail.
#
[devfsrules_jail=501]
add include $hide_all
add include $unhide_basic
add include $unhide_login
And then in /etc/rc.conf, you'll need a couple of extra settings:
devfs_system_ruleset="localrules"
jail_jailname_devfs_ruleset="devfsrules_jail"
In your case, you'd want to put the printer device node in either one of
the already defined rulesets, or in a new set which you then include in
the [devfsrules_jail=501] section.
Dan
--
Daniel Bye
_
ASCII ribbon campaign ( )
- against HTML, vCards and X
- proprietary attachments in e-mail / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20090624/1bbcdfe8/attachment.pgp
More information about the freebsd-questions
mailing list