init in a jail
Michael W. Lucas
mwlucas at michaelwlucas.com
Mon Feb 11 15:48:24 UTC 2019
Hi,
Sadly, my google-fu has turned up thousands of man pages but no real
discussion on this.
According to init(8), you can run init inside a jail.
If init is run in a jail, the security level of the "host system" will
not be affected. Part of the information set up in the kernel to support
a jail is a per-jail security level. This allows running a higher
security level inside of a jail than that of the host system. See
jail(8) for more information about jails.
If you actually try, though, the jail dies:
storm~;jail -vc loghost
loghost: run command: /sbin/ifconfig jailether inet 198.51.100.225 netmask
255.255.255.255 alias
loghost: run command: /sbin/mount -t devfs -oruleset=4 . /jail/loghost/dev
loghost: run command: logger trying to start jail loghost...
loghost: jail_set(JAIL_CREATE) persist name=loghost path=/jail/loghost
host.hostname=loghost.mwl.io ip4.addr=19 8.51.100.225
loghost: created
loghost: run command in jail: /sbin/init
jail: loghost: /sbin/init: failed
loghost: removed
loghost: run command: /sbin/umount /jail/loghost/dev
loghost: run command: /sbin/ifconfig jailether inet 198.51.100.225 netmask
255.255.255.255 -alias
Is that init(8) text left over from an earlier jail incarnation? Or is
there some other way to run init in a jail?
And WHY would you run init in a jail?
Thanks,
==ml
--
Michael W. Lucas https://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...
More information about the freebsd-jail
mailing list