/dev/random in jails
ccowart at rescomp.berkeley.edu
Thu Jul 19 04:49:13 UTC 2007
On Wed, Jul 18, 2007 at 09:41:35PM -0700, Tech Valley Internet - Tony Kivits wrote:
>At 08:42 PM 7/18/2007, Christopher Cowart wrote:
>>On Wed, Jul 18, 2007 at 08:34:21PM -0700, Tech Valley Internet -
>>Tony Kivits wrote:
>>>At 07:32 PM 7/18/2007, Christopher Cowart wrote:
>>>>On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet -
>>>>Tony Kivits wrote:
>>>>> I am attempting to run portions (if not all) of the software called
>>>>> HSphere inside of jailed subsystems of FreeBSD. I am able to create
>>>>> the jails no problem but the devices /dev/random and /dev/urandom are
>>>>> not created automatically in the jail despite the fact that a handful
>>>>> of other devices are mounted correctly when the jail is created.
>>>>> Is there a specific reason for these devices not being created in a
>>>>> jail or is there a way to create these devices so that they will be
>>>>> available inside a jail?
>>>>We run bind instances in FreeBSD jails. This is how we get /dev/random:
>>>>| # /etc/devfs.rules:
>>>>| add include $devfsrules_hide_all
>>>>| add include $devfsrules_unhide_basic
>>>>| # /etc/rc.conf:
>>> Thanks Chris,
>>> So if my jail is called "cp", the only thing that I would have to
>>> change from your scripts would be replace to replace "cachingdns"
>>Yes. Are you configuring the jail via /etc/rc.conf already? Are you
>>using the rc script /etc/rc.d/jail to start your jails?
>>My complete config from /etc/rc.conf is:
>>| # Enable jails
>>| # Caching-nameserver jail
>>You can replace cachingdns with cp or whatever else you want. You can
>>also create multiple jails with different names.
>>I don't know if you're following the typical FreeBSD jail documentation
>>which gives you a complete FreeBSD installation inside the jail. Given
>>that I only need to run named, I have not done that.
>>Are you trying to run a complete FreeBSD install that allows user logins
>>inside your jail? Or are you simply trying to jail a single process? My
>>example above jails the single process named, and does not have an OS
>>install inside the jail's root.
> I am doing a complete OS inside the jail and am starting it through
> the rc.conf.
The default devfs ruleset for jails (devfsrules_jail, found in
/etc/defaults/devfs.rules) should work fine for you then. Perhaps try
specifying that ruleset explicitly?
> I have modified the devfs.rules so that they are now passing random
> and urandom as devices. But the installation software is still
> reporting that /dev/random is not working properly. Do you know of a
> way that I can test /dev/random to see if it is actually working?
$ ls -l caching-dns/dev/random
crw-rw-rw- 1 root wheel 0, 8 Jul 3 18:08 caching-dns/dev/random
$ dd if=/dev/random bs=1 count=12 2>/dev/null | openssl base64
Should give you a base64 encoding of some random data (base64 to prevent
it from messing up your terminal) if /dev/random is working.
Lead Systems Administrator
Network & Infrastructure Services, RSSP-IT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20070719/460cb0e4/attachment.pgp
More information about the freebsd-questions