On 03/21/13 18:20, Miroslav Lachman wrote:
Jamie Gritton wrote:
On 03/21/13 17:59, Miroslav Lachman wrote:
Jeremie Le Hen wrote:
On Mon, Feb 18, 2013 at 09:54:42AM +0100, Harald Schmalzbauer wrote:
schrieb Jamie Gritton am 16.02.2013 00:40 (localtime):
On 02/15/13 09:27, Harald Schmalzbauer wrote:
Hello,
like already posted, on 9.1-R, I highly appreciate the new jail(8)
and
jail.conf capabilities. Thanks for that extension!
Accidentally I saw that "devfs_ruleset" seems to be ignored.
If I list /dev/ I see all the hosts disk devices etc.
I set "devfs_ruleset = 4;" and "enforce_statfs = 1;" in jail.conf.
Inside the jail,
sysctl security.jail.devfs_ruleset returnes "1".
But like mentioned, I can access all devices...
[...]
I can confirm mentioned problem on my FreeBSD 9.1-RELEASE amd64 GENERIC
I am now testing new jail.conf possibilities and I am seeing all devices
in /dev in jail.
Even if I set all this in my jail.conf
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;
devfs_ruleset = 4;
allow.set_hostname = false;
path = "/vol0/jail/$name";
exec.consolelog = "/var/log/jail/$name.console";
mount.fstab = "/etc/fstab.$name";
## Jail bali
bali {
host.hostname = "bali.XXXXXXX.YY;
ip4.addr = xx.xx.xx.xx;
devfs_ruleset = 4;
}
[...]
Is it a problem in my understanding of manpage / configuration, or is it
a bug in jail command on 9.1-RELEASE?
It's a bug (deficiency) in the jail command.
Is there a workaround or is it impossible to use jails with devfs on
FreeBSD 9.1?
Shouldn't it be mentioned in 9.1 errata?
Is it fixed in stable/9?
Thank you for your reply and your great work on new jails!
It's not fixed anywhere yet - it sometimes works in current, and
sometimes doesn't. I've been meaning to patch it up, but it the problem
is what I think it is, the patching up is a pretty big operation.
It doesn't mean you can't use jails with devfs in 9.1, just that you
can't use them with jail.conf. The old jail rc file that's all
shell-based is still the official jail startup method, and that one
still works. So existing systems will still work as expected, hence no
errata.
- Jamie
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
