Hierachical jails devfs and rc.conf
Holger Freyther
holger at freyther.de
Mon Mar 28 15:25:08 UTC 2011
Hi all,
in FreeBSD 8.2-RELEASE it does not seem to be possible to pass children.max=X
to a jail via rc.conf. What would be the best way of doing this? The next issue
is what kind of security review/testing is needed to declare nullfs jailsafe but
for now I can still bind my paths.
My biggest problem right now is the devfs. Is it possible to have /dev
statically populated and have it work inside a jail? E.g. an attempt to create
/dev/null and have it available to the jail is failing, I was cheating and
binding (via nullfs) a /dev from another jail and it started but I am having
difficulties when building things from the ports tree and it seems to be /dev
related.
So really quick question. Is there a way to statically populate the dev tree
with the minimum of needed descriptors? A first try with mknod /jail/dev/null
c 0... did not seem to work.
regards
holger
More information about the freebsd-questions
mailing list