request for (security) comments on this setup
Randy Schultz
schulra at earlham.edu
Mon Sep 22 14:04:53 UTC 2008
Heya,
I'm mounting some iSCSI storage in a jail. It's mounting in the jail via
fstab.<jailname>. When the jail is up and I'm logged into the jail I can cd
to the mount point, r/w etc., everything seems to work. What's weird tho' is,
while a df on the parent shows the partion mounted as expected, a df inside
the jail shows the local disk but not the iSCSI mount.
This is fbsd 7.1-prerelease, the jail's name is spectro.
On the parent:
Root Dude ? df -h|egrep data
/dev/da0s1d 1.3T 2.9G 1.2T 0% /usr/local/jails/spectro/data
Root Dude ? cat /etc/fstab.spectro
/usr/local/jails/basejail /usr/local/jails/spectro/basejail nullfs ro 0 0
/dev/da0s1d /usr/local/jails/spectro/data ufs rw 1 1
in the jail:
Dude ? df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/mirror/gm0s1e 178G 43G 121G 26% /
Root Dude ? dmesg|egrep da0
da0 at iscsi0 bus 0 target 0 lun 0
da0: <SUN SOLARIS 1> Fixed Direct Ac
Root Dude ? cd /data
Root Dude ? ls -l
total 5830386
drwxrwxr-x 2 root operator 512 Sep 19 17:52 .snap
-rw-r----- 1 root wheel 5967380480 Sep 22 09:44 all.5
Root Dude ? touch test
Root Dude ? ls -l
total 5836930
drwxrwxr-x 2 root operator 512 Sep 19 17:52 .snap
-rw-r----- 1 root wheel 5974065152 Sep 22 09:45 all.5
-rw-r--r-- 1 root wheel 0 Sep 22 09:44 test
Root Dude ? iostat 1
tty ad4 ad6 da0 cpu
tin tout KB/t tps MB/s KB/t tps MB/s KB/t tps MB/s us ni sy in id
0 5 33.42 4 0.12 33.43 4 0.12 62.62 2 0.11 0 0 0 0 100
0 232 64.00 6 0.37 64.00 4 0.25 58.95 19 1.09 0 0 0 0 100
0 78 60.57 14 0.83 61.00 16 0.95 53.09 22 1.14 0 0 0 0 100
^C
So, my first question is what am I missing, the second is does mounting things
this way into a jail pose any sort of risk for escaping the jail?
--
Randy (schulra at earlham.edu) 765.983.1283 <*>
Love with your heart, think with your head; not the other way around.
More information about the freebsd-jail
mailing list