current state of the art / best practice for devfs in a jail ?

Joshua Oreman oremanj at webserver.get-linux.org
Thu Jul 3 10:27:30 PDT 2003 

On Thu, Jul 03, 2003 at 04:00:46AM -0700 or thereabouts, Josh Brooks wrote:
> 
> I have been researching the various of ways people add devfs to a jail to
> give the jail certian /dev devices necessary to function ...

Well, all I did was test your research :-)

> 
> One strategy I saw was:
> 
> mount -t devfs devfs /home/jail/dev

Works (duh).

>  ( cd /home/jail/dev ; rm $devices_i_dont_want_in_my_jails )

Works.

>  mount -u -o nonewdev /home/jail/dev

Doesn't work (no `nonewdev' option).

> 
> However I do not know of a `nonewdev` option for mount - but does that
> even matter, since `mknod` does not work inside of a jail ?  Or does it in
> 5.x ?

AFAIK, `mknod' will not work in a jail. The only reason a nonewdev option
would be nice is that the kernel will put new devices in every devfs (I think),
so if you attach your FireWire hard drive, you'll have to remember to rm that
device in the jails :-)

> 
> --
> 
> Another strategy I saw was :
> 
> # mount -t devfs devfs /home/jail/dev

Works (duh).

> # cd /home/jail/dev

Works (duh).

> # rm -f *

rm: fd: Is a directory
rm: net: Is a directory

> # rm -W null zero tty console

rm: null: No such file or directory
rm: zero: No such file or directory
rm: tty: File exists
rm: console: No such file or directory

> # ls -l
> crw-------  1 phk   wheel    0,   0  2 Feb 01:09 console
> drwxr-xr-x  2 root  wheel         0  2 Feb 01:06 fd
> crw-rw-rw-  1 root  wheel    2,   2  3 Feb 21:25 null
> crw-rw-rw-  1 root  wheel    1,   0  3 Feb 17:27 tty
> crw-rw-rw-  1 root  wheel    2,  12  1 Jan  1970 zero

total 1
dr-xr-xr-x  2 root  wheel  512 Jul  3 10:28 fd/
dr-xr-xr-x  2 root  wheel  512 Jul  3 10:28 net/

# ls -l tty
crw-------  1 root  wheel   12,   2 Jul  3 10:29 tty

Weird, ain't it?

> #
> 
> 
> Does this even work ?

Nope.

> 
> --
> 
> So I guess I am asking two questions:
> 
> 1. in 5.x, is it still true that mknod will not work from within a jail (I
> sure hope it is still true)

I think so...

> 
> 2. what is the current "best practices" strategy for mounting up a devfs
> in a jail ?

I'd say option A + constant checking w/ regards to new devices.

-- Josh

> 
> 
> thank!
> 
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"

More information about the freebsd-hackers mailing list