In message <14760.981228917@critter> Poul-Henning Kamp writes:
: In message <[EMAIL PROTECTED]>, Warner Losh writes:
: >In message <[EMAIL PROTECTED]> Peter Wemm writes:
: >: As bizzare as it sounds, I like Julian's hack for populating this stuff...
: >: ie: use a hard link to propagate nodes to the jailed /dev.
: >:
: >: eg: mount -t devfs -o empty /home/jail/dev
: >: ln /dev/null /home/jail/dev/null
: >: ln /dev/zero /home/jail/dev/zero
: >: ...
: >: mount -u -o ro /home/jail/dev
: >
: >But you can't do hard links accross file systems. Or is that a hack
: >of devfs to allow it, [...]
:
: Yes, it was a hack, and it will not be hacked that way in my DEVFS.
I seem to recall talking to you about having symbolic links in your
devfs mean something "special" as a way around this problem.
As you know, but others might not, the device name space is flat an
unique (well, except for maybe /dev/fd, which is just unique and can
be viewed as flat for the purposes of this discussion). As such,
ln -s /dev/null /jail/dev/null
could also be expressed as ln -s null /jail/dev/null. The symlink
means not "follow this filesystem name space link" but instead "lookup
this device name in your device namespace table."
But I'm not sure that would work (being only dimly aware of the
details of vfs layers and all). Nor am I sure about all the security
implications of it (I'm not seeing any at the moment, since you could
mount it empty, do the symlinks then remount it r/o).
Warner
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
