current state of the art / best practice for devfs in a jail ?
Joshua Oreman
oremanj at webserver.get-linux.org
Thu Jul 3 10:27:30 PDT 2003
On Thu, Jul 03, 2003 at 04:00:46AM -0700 or thereabouts, Josh Brooks wrote:
>
> I have been researching the various of ways people add devfs to a jail to
> give the jail certian /dev devices necessary to function ...
Well, all I did was test your research :-)
>
> One strategy I saw was:
>
> mount -t devfs devfs /home/jail/dev
Works (duh).
> ( cd /home/jail/dev ; rm $devices_i_dont_want_in_my_jails )
Works.
> mount -u -o nonewdev /home/jail/dev
Doesn't work (no `nonewdev' option).
>
> However I do not know of a `nonewdev` option for mount - but does that
> even matter, since `mknod` does not work inside of a jail ? Or does it in
> 5.x ?
AFAIK, `mknod' will not work in a jail. The only reason a nonewdev option
would be nice is that the kernel will put new devices in every devfs (I think),
so if you attach your FireWire hard drive, you'll have to remember to rm that
device in the jails :-)
>
> --
>
> Another strategy I saw was :
>
> # mount -t devfs devfs /home/jail/dev
Works (duh).
> # cd /home/jail/dev
Works (duh).
> # rm -f *
rm: fd: Is a directory
rm: net: Is a directory
> # rm -W null zero tty console
rm: null: No such file or directory
rm: zero: No such file or directory
rm: tty: File exists
rm: console: No such file or directory
> # ls -l
> crw------- 1 phk wheel 0, 0 2 Feb 01:09 console
> drwxr-xr-x 2 root wheel 0 2 Feb 01:06 fd
> crw-rw-rw- 1 root wheel 2, 2 3 Feb 21:25 null
> crw-rw-rw- 1 root wheel 1, 0 3 Feb 17:27 tty
> crw-rw-rw- 1 root wheel 2, 12 1 Jan 1970 zero
total 1
dr-xr-xr-x 2 root wheel 512 Jul 3 10:28 fd/
dr-xr-xr-x 2 root wheel 512 Jul 3 10:28 net/
# ls -l tty
crw------- 1 root wheel 12, 2 Jul 3 10:29 tty
Weird, ain't it?
> #
>
>
> Does this even work ?
Nope.
>
> --
>
> So I guess I am asking two questions:
>
> 1. in 5.x, is it still true that mknod will not work from within a jail (I
> sure hope it is still true)
I think so...
>
> 2. what is the current "best practices" strategy for mounting up a devfs
> in a jail ?
I'd say option A + constant checking w/ regards to new devices.
-- Josh
>
>
> thank!
>
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
More information about the freebsd-hackers
mailing list