mknod within a jail ...
Marc G. Fournier
scrappy at freebsd.org
Mon Nov 13 00:16:16 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --On Sunday, November 12, 2006 17:11:23 -0500 Kris Kennaway
<kris at obsecurity.org> wrote:
> Any approach that "requires" running mknod is misguided, since you
> can't do this outside of devfs on modern FreeBSD. Mounting devfs
> (with appropriate rulesets) is the correct approach.
The problem with mounting devfs is that it would involve giving root in the
jail some means to do the mount from within the jail ... is there some way of
doing a restricted shell that would work similar to chroot?
For instance, rbash will do a restricted shell that still allows programs like
sftp to work from within it ... but, breaking out of rbash is as easy as typing
'bash' again, and you are back in an unrestricted shell :(
- ----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email . scrappy at hub.org MSN . scrappy at hub.org
Yahoo . yscrappy Skype: hub.org ICQ . 7615664
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
iD8DBQFFV7lS4QvfyHIvDvMRAjlBAKDVGP84RztsaiHxM9e3wbgeLRTA0wCgme2h
4u6FbuFX3R0d18Aw5CFyXSc=
=kVVR
-----END PGP SIGNATURE-----
More information about the freebsd-questions
mailing list