Jails in 6.0 and devfs woes
Vlad GALU
vladgalu at gmail.com
Tue Feb 21 11:27:41 PST 2006
On 2/21/06, Andrew Hacking <ahacking at gmail.com> wrote:
> I am trying to setp a jail in RELENG_6, and cannot apply the jail
> ruleset (ruleset 4) to the jail devfs mount point. The system also
> hangs if I try to apply the rules individually.
>
> I raised PR/93423 for this issue. See
> http://www.freebsd.org/cgi/query-pr.cgi?pr=93423 for details
>
> I am wondering if anyone else has had any success securing their jails
> (ie removing device nodes such as those that provide raw access to
> disks) ?
-- cut here --
jail_enable="YES"
jail_list="j1"
jail_j1_rootdir="/mnt/store/jails/j1"
jail_j1_hostname="j1.freebsd.domain"
jail_j1_ip="<ip>"
jail_j1_exec_start="/bin/sh /etc/rc"
jail_j1_exec_stop="/bin/sh /etc/rc.shutdown"
jail_j1_devfs_enable="YES"
jail_j1_devfs_ruleset="devfsrules_jail"
jail_j1_fstab=""
jail_j1_procfs_enable="YES"
-- and here --
My /etc/devfs.rules is a symlink to /etc/defaults/devfs.rules.
In the jail I can only see:
-- cut here --
j1# ls /dev/
fd null ptyp1 ptyp3 random stdin ttyp0 ttyp2 ttyp4 zero
log ptyp0 ptyp2 ptyp4 stderr stdout ttyp1 ttyp3 urandom
j1#
-- and here --
HTH.
--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
More information about the freebsd-stable
mailing list