On 2/21/06, Andrew Hacking <[EMAIL PROTECTED]> wrote: > I am trying to setp a jail in RELENG_6, and cannot apply the jail > ruleset (ruleset 4) to the jail devfs mount point. The system also > hangs if I try to apply the rules individually. > > I raised PR/93423 for this issue. See > http://www.freebsd.org/cgi/query-pr.cgi?pr=93423 for details > > I am wondering if anyone else has had any success securing their jails > (ie removing device nodes such as those that provide raw access to > disks) ?
-- cut here -- jail_enable="YES" jail_list="j1" jail_j1_rootdir="/mnt/store/jails/j1" jail_j1_hostname="j1.freebsd.domain" jail_j1_ip="<ip>" jail_j1_exec_start="/bin/sh /etc/rc" jail_j1_exec_stop="/bin/sh /etc/rc.shutdown" jail_j1_devfs_enable="YES" jail_j1_devfs_ruleset="devfsrules_jail" jail_j1_fstab="" jail_j1_procfs_enable="YES" -- and here -- My /etc/devfs.rules is a symlink to /etc/defaults/devfs.rules. In the jail I can only see: -- cut here -- j1# ls /dev/ fd null ptyp1 ptyp3 random stdin ttyp0 ttyp2 ttyp4 zero log ptyp0 ptyp2 ptyp4 stderr stdout ttyp1 ttyp3 urandom j1# -- and here -- HTH. -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
