new jail(8) ignoring devfs_ruleset?
Miroslav Lachman
000.fbsd at quip.cz
Fri Mar 22 00:20:44 UTC 2013
Jamie Gritton wrote:
> On 03/21/13 17:59, Miroslav Lachman wrote:
>> Jeremie Le Hen wrote:
>>> On Mon, Feb 18, 2013 at 09:54:42AM +0100, Harald Schmalzbauer wrote:
>>>> schrieb Jamie Gritton am 16.02.2013 00:40 (localtime):
>>>>> On 02/15/13 09:27, Harald Schmalzbauer wrote:
>>>>>> Hello,
>>>>>>
>>>>>> like already posted, on 9.1-R, I highly appreciate the new jail(8)
>>>>>> and
>>>>>> jail.conf capabilities. Thanks for that extension!
>>>>>>
>>>>>> Accidentally I saw that "devfs_ruleset" seems to be ignored.
>>>>>> If I list /dev/ I see all the hosts disk devices etc.
>>>>>> I set "devfs_ruleset = 4;" and "enforce_statfs = 1;" in jail.conf.
>>>>>> Inside the jail,
>>>>>> sysctl security.jail.devfs_ruleset returnes "1".
>>>>>> But like mentioned, I can access all devices...
[...]
>> I can confirm mentioned problem on my FreeBSD 9.1-RELEASE amd64 GENERIC
>>
>> I am now testing new jail.conf possibilities and I am seeing all devices
>> in /dev in jail.
>>
>> Even if I set all this in my jail.conf
>>
>> exec.start = "/bin/sh /etc/rc";
>> exec.stop = "/bin/sh /etc/rc.shutdown";
>> exec.clean;
>> mount.devfs;
>> devfs_ruleset = 4;
>> allow.set_hostname = false;
>>
>> path = "/vol0/jail/$name";
>> exec.consolelog = "/var/log/jail/$name.console";
>> mount.fstab = "/etc/fstab.$name";
>>
>> ## Jail bali
>> bali {
>> host.hostname = "bali.XXXXXXX.YY;
>> ip4.addr = xx.xx.xx.xx;
>> devfs_ruleset = 4;
>> }
[...]
>> Is it a problem in my understanding of manpage / configuration, or is it
>> a bug in jail command on 9.1-RELEASE?
>>
>> Miroslav Lachman
>
> It's a bug (deficiency) in the jail command.
Is there a workaround or is it impossible to use jails with devfs on
FreeBSD 9.1?
Shouldn't it be mentioned in 9.1 errata?
Is it fixed in stable/9?
Thank you for your reply and your great work on new jails!
Miroslav Lachman
More information about the freebsd-stable
mailing list