Jails in 6.0 and devfs woes
Igor Robul
igorr at speechpro.com
Tue Feb 21 03:51:47 PST 2006
On Tue, Feb 21, 2006 at 08:10:31PM +1000, Andrew Hacking wrote:
> I am trying to setp a jail in RELENG_6, and cannot apply the jail
> ruleset (ruleset 4) to the jail devfs mount point. The system also
> hangs if I try to apply the rules individually.
>
> I raised PR/93423 for this issue. See
> http://www.freebsd.org/cgi/query-pr.cgi?pr=93423 for details
>
> I am wondering if anyone else has had any success securing their jails
> (ie removing device nodes such as those that provide raw access to
> disks) ?
Jails and devfs rules work fine for me:
%uname -a
FreeBSD s2.stc 6.0-STABLE FreeBSD 6.0-STABLE #0: Fri Nov 11 04:03:19 MSK
2005 igorr at s2.stc:/usr/build/usr/src/sys/S2 i386
%jls
JID IP Address Hostname Path
3 192.168.2.52 samba-pdc.stc /home/jail/samba
2 192.168.2.51 mail2.stc /home/jail/mail
1 192.168.2.50 ldap.stc /home/jail/ldap
%mount
...
/dev/mirror/home on /home (ufs, local, soft-updates)
devfs on /home/jail/ldap/dev (devfs, local)
devfs on /home/jail/mail/dev (devfs, local)
devfs on /home/jail/samba/dev (devfs, local)
%ls /home/jail/samba/dev/
fd null ptyp1 stderr stdout ttyp1 zero
log ptyp0 random stdin ttyp0 urandom
%grep devfs /etc/rc.conf
jail_mail_devfs_enable="YES"
jail_samba_devfs_enable="YES"
jail_ldap_devfs_enable="YES"
More information about the freebsd-stable
mailing list