devfs_ruleset not working in the new jail.conf (FreeBSD 10.0-RELEASE)
Folder
folder.trash at gmail.com
Sun Feb 23 07:11:49 UTC 2014
Hi,
I have used freeb up to 9 release by now. I now installed
FreeBSD 10.0-RELEASE and I am very disappointed with the new jail setup.
One of the reasons is that using devfs_ruleset has no effect
in jail.conf.
example:
DDNS {
host.hostname = "DDNS";
ip4.addr = "192.168.5.10";
ip4 = "inherit";
path = "/usr/local/JAIL/DDCLIENT/";
exec.start = "/bin/ddstart.sh &";
exec.consolelog = "/var/log/jail.DDNS.console.log";
devfs_ruleset = "5";
mount.devfs;
}
and devfs.rules:
[devfsrules_jailddns=5]
add hide
add path random unhide
add path urandom unhide
The result is mounting the hole jail tree in the jail... So much for
security in this release.
Even using the old jail setup in rc.conf , the /etc/rc.d/jail fails to
hide dev and mounts dev tree untouched under the jail:
jail_DDNS_rootdir="/usr/local/JAIL/DDCLIENT/"
jail_DDNS_hostname="DDNS"
jail_DDNS_ip="192.168.5.10"
jail_DDNS_exec_start="/bin/ddstart.sh &"
jail_DDNS_devfs_enable="YES"
jail_DDNS_devfs_ruleset="5"
More information about the freebsd-jail
mailing list