Bug 48095
| Summary: | Manual page for jail(8) does not mention mounting devfs under jail. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Documentation | Reporter: | Grzegorz Czaplinski <G.Czaplinski> | ||||
| Component: | Books & Articles | Assignee: | Giorgos Keramidas <keramida> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | Latest | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
Grzegorz Czaplinski
2003-02-08 20:10:07 UTC
On 2003-02-08 21:08, Grzegorz Czaplinski wrote:
> The manual for jail(8) does not mention anything about mounting
> devfs under jail's /dev.
This is true, but mentioning devfs only is probably incomplete. The
proper way to handle this is to mention that
# Jailed processes that need devices should have some sort of access
# to /dev nodes when they are inside the jail, imho. It is then up to
# the administrator to choose how to implement this. Either by
# mounting devfs under the /jail/dev directory or by manually calling
# MAKEDEV or mknod to create only those devices that are absolutely
# necessary.
Would a note like the above paragraph be ok?
On Sun, Feb 09, 2003 at 07:55:39PM +0200, Giorgos Keramidas wrote: > On 2003-02-08 21:08, Grzegorz Czaplinski wrote: > > The manual for jail(8) does not mention anything about mounting > > devfs under jail's /dev. > > This is true, but mentioning devfs only is probably incomplete. The > proper way to handle this is to mention that > > # Jailed processes that need devices should have some sort of access > # to /dev nodes when they are inside the jail, imho. It is then up to > # the administrator to choose how to implement this. Either by > # mounting devfs under the /jail/dev directory or by manually calling > # MAKEDEV or mknod to create only those devices that are absolutely > # necessary. > > Would a note like the above paragraph be ok? > I would put it that way: # Jailed processes that need devices should have some sort of access # to /dev nodes when they are inside the jail. Making device nodes with # MAKEDEV or mknod is not sufficient. To let devfs(5) allocate device # nodes in your jail transparently do: mount -t devfs devfs /jail/dev That was not sufficient for me to make device nodes with MAKEDEV or mknod. I have tested it rather heavily. Thanks, Grzegorz -- Grzegorz Czaplinski <gregory@prioris.mini.pw.edu.pl> "The Power to Serve, Right for the Power Users!" - http://www.FreeBSD.org/ Fingerprint: EB77 E19D CFA2 5736 810F 847C A70F A275 2489 469F On 2003-02-09 22:27, Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl> wrote: > On Sun, Feb 09, 2003 at 07:55:39PM +0200, Giorgos Keramidas wrote: > > # Jailed processes that need devices should have some sort of access > > # to /dev nodes when they are inside the jail, imho. It is then up to > > # the administrator to choose how to implement this. Either by > > # mounting devfs under the /jail/dev directory or by manually calling > > # MAKEDEV or mknod to create only those devices that are absolutely > > # necessary. > > I would put it that way: > # Jailed processes that need devices should have some sort of access > # to /dev nodes when they are inside the jail. Making device nodes with > # MAKEDEV or mknod is not sufficient. To let devfs(5) allocate device > # nodes in your jail transparently do: > mount -t devfs devfs /jail/dev Hmm, odd. Isn't mknod sufficient? I have problems building world right now in my current machine at home, so I can't test this by creating a new jail, but how/why did mknod within the jail fail to work for you? - Giorgos Looks like I did not send it to bug-followup@FreeBSD.org. Sorry. Grzegorz -- Grzegorz Czaplinski <gregory@prioris.mini.pw.edu.pl> "The Power to Serve, Right for the Power Users!" - http://www.FreeBSD.org/ Fingerprint: EB77 E19D CFA2 5736 810F 847C A70F A275 2489 469F Responsible Changed From-To: freebsd-doc->keramida I think I can handle this. State Changed From-To: open->patched I have removed the reference to MAKEDEV from -current. MAKEDEV is no longer supported in FreeBSD 5.X. State Changed From-To: patched->closed On second thought, there is nothing to MFC here. DEVFS works fine in current, but we don't need to change anything in RELENG_4 manpages. On Fri, Feb 28, 2003 at 03:49:45PM -0800, Giorgos Keramidas wrote: > Synopsis: Manual page for jail(8) does not mention mounting devfs under jail. > > State-Changed-From-To: patched->closed > State-Changed-By: keramida > State-Changed-When: Fri Feb 28 15:48:10 PST 2003 > State-Changed-Why: > On second thought, there is nothing to MFC here. DEVFS works fine in current, but > we don't need to change anything in RELENG_4 manpages. > We don't have to, that is right. Cheers, Grzegorz -- Grzegorz Czaplinski <gregory@prioris.mini.pw.edu.pl> "The Power to Serve, Right for the Power Users!" - http://www.FreeBSD.org/ Fingerprint: EB77 E19D CFA2 5736 810F 847C A70F A275 2489 469F On Fri, Feb 28, 2003 at 02:49:32PM -0800, Giorgos Keramidas wrote: > Synopsis: Manual page for jail(8) does not mention mounting devfs under jail. > > State-Changed-From-To: open->patched > State-Changed-By: keramida > State-Changed-When: Fri Feb 28 14:48:15 PST 2003 > State-Changed-Why: > I have removed the reference to MAKEDEV from -current. > MAKEDEV is no longer supported in FreeBSD 5.X. One question, did you add anything about mounting devfs under jail's dev? Thanks! Grzegorz -- Grzegorz Czaplinski <gregory@prioris.mini.pw.edu.pl> "The Power to Serve, Right for the Power Users!" - http://www.FreeBSD.org/ Fingerprint: EB77 E19D CFA2 5736 810F 847C A70F A275 2489 469F On 2003-03-05 19:18, Grzegorz Czaplinski <G.Czaplinski@prioris.mini.pw.edu.pl> wrote: > On Fri, Feb 28, 2003 at 02:49:32PM -0800, Giorgos Keramidas wrote: > > State-Changed-From-To: open->patched > > State-Changed-By: keramida > > State-Changed-When: Fri Feb 28 14:48:15 PST 2003 > > State-Changed-Why: > > I have removed the reference to MAKEDEV from -current. > > MAKEDEV is no longer supported in FreeBSD 5.X. > > One question, did you add anything about mounting devfs under jail's > dev? Yes. The new manpage uses the following as the sample jail command set: D=/here/is/the/jail cd /usr/src mkdir -p $D make world DESTDIR=$D cd etc make distribution DESTDIR=$D mount_devfs devfs $D/dev cd $D ln -sf dev/null kernel - Giorgos On Wed, Mar 05, 2003 at 10:19:00PM +0200, Giorgos Keramidas wrote: > > > State-Changed-From-To: open->patched > > > State-Changed-By: keramida > > > State-Changed-When: Fri Feb 28 14:48:15 PST 2003 > > > State-Changed-Why: > > > I have removed the reference to MAKEDEV from -current. > > > MAKEDEV is no longer supported in FreeBSD 5.X. > > > > One question, did you add anything about mounting devfs under jail's > > dev? > > Yes. > The new manpage uses the following as the sample jail command set: > > D=/here/is/the/jail > cd /usr/src > mkdir -p $D > make world DESTDIR=$D > cd etc > make distribution DESTDIR=$D > mount_devfs devfs $D/dev > cd $D > ln -sf dev/null kernel > > - Giorgos Hi! I just wanted to make sure. Thanks again Giorgos! Take care and all the best, Grzegorz -- Grzegorz Czaplinski <gregory@prioris.mini.pw.edu.pl> "The Power to Serve, Right for the Power Users!" - http://www.FreeBSD.org/ Fingerprint: EB77 E19D CFA2 5736 810F 847C A70F A275 2489 469F |
