What to put in devfs for a typical jail

albinootje albinootje at gmail.com
Sun Jul 29 21:16:20 UTC 2007 

Paul Hoffman wrote:

> Greetings. I want to set up a jail for a web server. It only needs to
> access the things a normal system would (its own disk space, the network
> controller, the keyboard, and so on). I need to be SSHing into the
> jailed system to control it.

# a piece from /etc/rc.conf from the host as example here :

jail_enable="YES"
jail_socket_unixiproute_only="YES"
jail_sysvipc_allow="NO"

jail_list="assp"

# assp-jail #
jail_assp_rootdir="/usr/jails/assp"
jail_assp_hostname="assp.mydomain.org"
jail_assp_ip="192.168.111.111"
jail_assp_exec="/bin/sh /etc/rc"
jail_assp_devfs_enable="YES"
jail_assp_devfs_ruleset="devfsrules_jail"
# ^^^^^^^^^^^^^^^^^^^^
jail_assp_interface=rl0

#

by using this approach ( including -->
jail_assp_devfs_ruleset="devfsrules_jail")
the jail itself ends up having a minimal /dev/ while all the software
from ports
(excluding audio-software perhaps ;] runs fine

ls -la /usr/jails/assp/dev/
total 1
dr-xr-xr-x  2 root  wheel       512 Jun 27 20:24 fd
lrwxr-xr-x  1 root  wheel        14 Jun 27 20:24 log -> ../var/run/log
crw-rw-rw-  1 root  wheel    0,  10 Jul 29 23:11 null
crw-rw-rw-  1 root  wheel    0,  95 Jul 29 23:07 ptyp0
crw-rw-rw-  1 root  wheel    0,  97 Jul 25 22:16 ptyp1
crw-rw-rw-  1 root  wheel    0, 101 Jul  8 16:36 ptyp2
crw-rw-rw-  1 root  wheel    0, 103 Jul 29 23:13 ptyp3
crw-rw-rw-  1 root  wheel    0, 105 Jul 27 15:13 ptyp4
crw-rw-rw-  1 root  wheel    0, 107 Jul  1 22:15 ptyp5
crw-rw-rw-  1 root  wheel    0,  13 Jun 15 21:40 random
lrwxr-xr-x  1 root  wheel         4 Jun 27 20:24 stderr -> fd/2
lrwxr-xr-x  1 root  wheel         4 Jun 27 20:24 stdin -> fd/0
lrwxr-xr-x  1 root  wheel         4 Jun 27 20:24 stdout -> fd/1
crw-rw-rw-  1 root  wheel    0,  96 Jul 29 23:13 ttyp0
crw-rw-rw-  1 root  wheel    0,  98 Jul 25 22:19 ttyp1
crw-rw-rw-  1 root  wheel    0, 102 Jul 29 23:13 ttyp2
crw-rw-rw-  1 root  wheel    0, 104 Jul 29 23:13 ttyp3
crw--w----  1 root  tty      0, 106 Jul 27 15:12 ttyp4
crw-rw-rw-  1 root  wheel    0, 108 Jul  1 23:11 ttyp5
lrwxr-xr-x  1 root  wheel         6 Jun 27 20:24 urandom -> random
crw-rw-rw-  1 root  wheel    0,  11 Jun 15 19:40 zero

More information about the freebsd-jail mailing list