Re: bizarre mount_nullfs issue with jails / ezjail
An additional question: how come sade and sysinstall which are run inside the jail can see (and I can only assume they can also operate on and damage) the real underlying disks of the host? Disks (as well as others you have in your host's /dev) aren't visible inside jails. Well, somehow they are on my system. I guess I should've also clarified that the jail was installed using ezjail and not completely manually From /usr/local/etc/ezjail/semipublic export jail_semipublic_devfs_enable=YES export jail_semipublic_devfs_ruleset=devfsrules_jail - Sincerely, Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bizarre mount_nullfs issue with jails / ezjail
On Wed, Apr 7, 2010 at 2:28 PM, Dan Naumov dan.nau...@gmail.com wrote: An additional question: how come sade and sysinstall which are run inside the jail can see (and I can only assume they can also operate on and damage) the real underlying disks of the host? Disks (as well as others you have in your host's /dev) aren't visible inside jails. Well, somehow they are on my system. I guess I should've also clarified that the jail was installed using ezjail and not completely manually From /usr/local/etc/ezjail/semipublic export jail_semipublic_devfs_enable=YES export jail_semipublic_devfs_ruleset=devfsrules_jail Well I'm not entirely familiar w/ ezjail but I use jails all the time, and I can tell you that /dev in jails is very limited, here's a /dev jail of mine: m...@spry9:~ ls -al /dev/ total 2 crw-rw-rw- 1 root wheel0, 58 Mar 27 03:02 crypto dr-xr-xr-x 2 root wheel 512 Mar 27 03:12 fd dr-xr-xr-x 2 root wheel 512 Mar 30 20:00 iso9660 lrwxr-xr-x 1 root wheel14 Mar 27 03:12 log - ../var/run/log crw-rw-rw- 1 root wheel0, 33 Apr 7 14:33 null crw-rw-rw- 1 root wheel0, 7 Mar 27 03:02 ptmx dr-xr-xr-x 2 root wheel 512 Mar 27 03:22 pts crw-rw-rw- 1 root wheel0, 10 Mar 27 11:12 random lrwxr-xr-x 1 root wheel 4 Mar 27 03:12 stderr - fd/2 lrwxr-xr-x 1 root wheel 4 Mar 27 03:12 stdin - fd/0 lrwxr-xr-x 1 root wheel 4 Mar 27 03:12 stdout - fd/1 lrwxr-xr-x 1 root wheel 6 Mar 27 03:12 urandom - random crw-rw-rw- 1 root wheel0, 34 Mar 27 03:02 zero m...@spry9:~ So I guess it's a configuration issue w/ your jails. - Sincerely, Dan Naumov -- cheers mars - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bizarre mount_nullfs issue with jails / ezjail
Dan Naumov wrote: An additional question: how come sade and sysinstall which are run inside the jail can see (and I can only assume they can also operate on and damage) the real underlying disks of the host? Disks (as well as others you have in your host's /dev) aren't visible inside jails. Well, somehow they are on my system. I guess I should've also clarified that the jail was installed using ezjail and not completely manually From /usr/local/etc/ezjail/semipublic export jail_semipublic_devfs_enable=YES export jail_semipublic_devfs_ruleset=devfsrules_jail - Sincerely, Dan Naumov You are not in a jail but as the host. Use ezjail-admin console jailname and things will look alot different. What you are playing with are ezjails system control files. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bizarre mount_nullfs issue with jails / ezjail
On Wed, Apr 7, 2010 at 10:10 AM, Aiza aiz...@comclark.com wrote: Dan Naumov wrote: An additional question: how come sade and sysinstall which are run inside the jail can see (and I can only assume they can also operate on and damage) the real underlying disks of the host? Disks (as well as others you have in your host's /dev) aren't visible inside jails. Well, somehow they are on my system. I guess I should've also clarified that the jail was installed using ezjail and not completely manually From /usr/local/etc/ezjail/semipublic export jail_semipublic_devfs_enable=YES export jail_semipublic_devfs_ruleset=devfsrules_jail - Sincerely, Dan Naumov You are not in a jail but as the host. Use ezjail-admin console jailname and things will look alot different. What you are playing with are ezjails system control files. No, I am not, I am running sade / sysinstall INSIDE THE JAIL (AFTER ezjail-admin console jailname or after connecting to the jail via ssh). - Sincerely, Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
bizarre mount_nullfs issue with jails / ezjail
So, I want the basejail to only contain the world and link the ports tree from the host into each individual jail when it's time to update the ports inside them, but I am running into a bit of a bizarre issue: I can mount_nullfs /usr/ports elsewhere on the host just fine, but it doesn't work if I try to mount_nullfs it to /usr/ports inside the jail: mount_nullfs /usr/ports/ /usr/ports2 df -H | grep ports cerberus/usr-ports34G241M 34G 1%/usr/ports cerberus/usr-ports-distfiles 34G 0B 34G 0% /usr/ports/distfiles cerberus/usr-ports-packages 34G 0B 34G 0% /usr/ports/packages /usr/ports34G241M 34G 1%/usr/ports2 mount | grep ports cerberus/usr-ports on /usr/ports (zfs, local) cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local) cerberus/usr-ports-packages on /usr/ports/packages (zfs, local) /usr/ports on /usr/ports2 (nullfs, local) mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory What is going on here? I also note that the error actually wants a /basejail on the host, which is even more bizarre: mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory mkdir /basejail mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail/usr: No such file or directory Yet, this works: mkdir /usr/jails/semipublic/test mount_nullfs /usr/ports/ /usr/jails/semipublic/test umount /usr/jails/semipublic/test Any ideas? - Sincerely, Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bizarre mount_nullfs issue with jails / ezjail
Hi Dan, Dan Naumov wrote: So, I want the basejail to only contain the world and link the ports tree from the host into each individual jail when it's time to update the ports inside them, but I am running into a bit of a bizarre issue: I can mount_nullfs /usr/ports elsewhere on the host just fine, but it doesn't work if I try to mount_nullfs it to /usr/ports inside the jail: mount_nullfs /usr/ports/ /usr/ports2 df -H | grep ports cerberus/usr-ports34G241M 34G 1%/usr/ports cerberus/usr-ports-distfiles 34G 0B 34G 0% /usr/ports/distfiles cerberus/usr-ports-packages 34G 0B 34G 0% /usr/ports/packages /usr/ports34G241M 34G 1%/usr/ports2 mount | grep ports cerberus/usr-ports on /usr/ports (zfs, local) cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local) cerberus/usr-ports-packages on /usr/ports/packages (zfs, local) /usr/ports on /usr/ports2 (nullfs, local) mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory What is going on here? I also note that the error actually wants a /basejail on the host, which is even more bizarre: mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory mkdir /basejail mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail/usr: No such file or directory Yet, this works: mkdir /usr/jails/semipublic/test mount_nullfs /usr/ports/ /usr/jails/semipublic/test umount /usr/jails/semipublic/test Any ideas? The ports directory in an ezjail is a link to /basejail/usr/ports (in the jail). Breaking the link (from the host) allows the mount to work successfully. orion# ll usr/ports lrwxr-xr-x 1 root wheel 19 Mar 8 18:06 usr/ports - /basejail/usr/ports orion# unlink usr/ports orion# mkdir usr/ports orion# mount_nullfs /usr/ports usr/ports orion# Regards, -- Glen Barber ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bizarre mount_nullfs issue with jails / ezjail
On Wed, Apr 7, 2010 at 12:37 AM, Glen Barber glen.j.bar...@gmail.com wrote: Hi Dan, Dan Naumov wrote: So, I want the basejail to only contain the world and link the ports tree from the host into each individual jail when it's time to update the ports inside them, but I am running into a bit of a bizarre issue: I can mount_nullfs /usr/ports elsewhere on the host just fine, but it doesn't work if I try to mount_nullfs it to /usr/ports inside the jail: mount_nullfs /usr/ports/ /usr/ports2 df -H | grep ports cerberus/usr-ports 34G 241M 34G 1% /usr/ports cerberus/usr-ports-distfiles 34G 0B 34G 0% /usr/ports/distfiles cerberus/usr-ports-packages 34G 0B 34G 0% /usr/ports/packages /usr/ports 34G 241M 34G 1% /usr/ports2 mount | grep ports cerberus/usr-ports on /usr/ports (zfs, local) cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local) cerberus/usr-ports-packages on /usr/ports/packages (zfs, local) /usr/ports on /usr/ports2 (nullfs, local) mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory What is going on here? I also note that the error actually wants a /basejail on the host, which is even more bizarre: mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory mkdir /basejail mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail/usr: No such file or directory Yet, this works: mkdir /usr/jails/semipublic/test mount_nullfs /usr/ports/ /usr/jails/semipublic/test umount /usr/jails/semipublic/test Any ideas? The ports directory in an ezjail is a link to /basejail/usr/ports (in the jail). Breaking the link (from the host) allows the mount to work successfully. orion# ll usr/ports lrwxr-xr-x 1 root wheel 19 Mar 8 18:06 usr/ports - /basejail/usr/ports orion# unlink usr/ports orion# mkdir usr/ports orion# mount_nullfs /usr/ports usr/ports orion# Regards, -- Glen Barber Thanks for the tip. An additional question: how come sade and sysinstall which are run inside the jail can see (and I can only assume they can also operate on and damage) the real underlying disks of the host? - Sincerely Dan Naumov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: bizarre mount_nullfs issue with jails / ezjail
On Wed, Apr 7, 2010 at 5:43 AM, Dan Naumov dan.nau...@gmail.com wrote: On Wed, Apr 7, 2010 at 12:37 AM, Glen Barber glen.j.bar...@gmail.com wrote: Hi Dan, Dan Naumov wrote: So, I want the basejail to only contain the world and link the ports tree from the host into each individual jail when it's time to update the ports inside them, but I am running into a bit of a bizarre issue: I can mount_nullfs /usr/ports elsewhere on the host just fine, but it doesn't work if I try to mount_nullfs it to /usr/ports inside the jail: mount_nullfs /usr/ports/ /usr/ports2 df -H | grep ports cerberus/usr-ports 34G 241M 34G 1% /usr/ports cerberus/usr-ports-distfiles 34G 0B 34G 0% /usr/ports/distfiles cerberus/usr-ports-packages 34G 0B 34G 0% /usr/ports/packages /usr/ports 34G 241M 34G 1% /usr/ports2 mount | grep ports cerberus/usr-ports on /usr/ports (zfs, local) cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local) cerberus/usr-ports-packages on /usr/ports/packages (zfs, local) /usr/ports on /usr/ports2 (nullfs, local) mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory What is going on here? I also note that the error actually wants a /basejail on the host, which is even more bizarre: mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory mkdir /basejail mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail/usr: No such file or directory Yet, this works: mkdir /usr/jails/semipublic/test mount_nullfs /usr/ports/ /usr/jails/semipublic/test umount /usr/jails/semipublic/test Any ideas? The ports directory in an ezjail is a link to /basejail/usr/ports (in the jail). Breaking the link (from the host) allows the mount to work successfully. orion# ll usr/ports lrwxr-xr-x 1 root wheel 19 Mar 8 18:06 usr/ports - /basejail/usr/ports orion# unlink usr/ports orion# mkdir usr/ports orion# mount_nullfs /usr/ports usr/ports orion# Regards, -- Glen Barber Thanks for the tip. An additional question: how come sade and sysinstall which are run inside the jail can see (and I can only assume they can also operate on and damage) the real underlying disks of the host? Disks (as well as others you have in your host's /dev) aren't visible inside jails. - Sincerely Dan Naumov ___ freebsd-j...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org -- cheers mars - ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org