2.5% daily for 200 days without any risk.

2010-04-06 Thread Yang
Hi freebsd-jail@freebsd.org,

I wanna tell you about a very solid investment I participate in 

since five month. I made 510% profit by now.  This is a Hong Kong traders  
company, active on stock, derivatives, and Forex markets. Their performance is 

very consistent, they make up to 3% daily and they pay  its 

members up to  2.5% each day. HYt fund is absolutely transparent, showing  
their trading 

data  and offering  phone, chat, and email support to its members.

I am sure they are the the group to stay with in 2010. Check them out: 
http://texugauto.com/jjwk634p

___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: bizarre mount_nullfs issue with jails / ezjail

2010-04-06 Thread Glen Barber
Hi Dan,

Dan Naumov wrote: 
> So, I want the basejail to only contain the world and link the ports
> tree from the host into each individual jail when it's time to update
> the ports inside them, but I am running into a bit of a bizarre issue:
> I can mount_nullfs /usr/ports elsewhere on the host just fine, but it
> doesn't work if I try to mount_nullfs it to /usr/ports inside the
> jail:
> 
> mount_nullfs /usr/ports/ /usr/ports2
> 
> df -H | grep ports
> cerberus/usr-ports34G241M 34G 1%/usr/ports
> cerberus/usr-ports-distfiles  34G  0B 34G 0%
> /usr/ports/distfiles
> cerberus/usr-ports-packages   34G  0B 34G 0%
> /usr/ports/packages
> /usr/ports34G241M 34G 1%/usr/ports2
> 
> mount | grep ports
> cerberus/usr-ports on /usr/ports (zfs, local)
> cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local)
> cerberus/usr-ports-packages on /usr/ports/packages (zfs, local)
> /usr/ports on /usr/ports2 (nullfs, local)
> 
> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
> mount_nullfs: /basejail: No such file or directory
> 
> What is going on here? I also note that the error actually wants a
> /basejail on the host, which is even more bizarre:
> 
> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
> mount_nullfs: /basejail: No such file or directory
> 
> mkdir /basejail
> 
> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
> mount_nullfs: /basejail/usr: No such file or directory
> 
> Yet, this works:
> 
> mkdir /usr/jails/semipublic/test
> mount_nullfs /usr/ports/ /usr/jails/semipublic/test
> umount /usr/jails/semipublic/test
> 
> Any ideas?
> 
> 

The ports directory in an ezjail is a link to /basejail/usr/ports (in the
jail).

Breaking the link (from the host) allows the mount to work successfully.

orion# ll usr/ports 
lrwxr-xr-x  1 root  wheel  19 Mar  8 18:06 usr/ports -> /basejail/usr/ports
orion# unlink usr/ports 
orion# mkdir usr/ports
orion# mount_nullfs /usr/ports usr/ports
orion#

Regards,

-- 
Glen Barber
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: bizarre mount_nullfs issue with jails / ezjail

2010-04-06 Thread Dan Naumov
On Wed, Apr 7, 2010 at 12:37 AM, Glen Barber  wrote:
> Hi Dan,
>
> Dan Naumov wrote:
>> So, I want the basejail to only contain the world and link the ports
>> tree from the host into each individual jail when it's time to update
>> the ports inside them, but I am running into a bit of a bizarre issue:
>> I can mount_nullfs /usr/ports elsewhere on the host just fine, but it
>> doesn't work if I try to mount_nullfs it to /usr/ports inside the
>> jail:
>>
>> mount_nullfs /usr/ports/ /usr/ports2
>>
>> df -H | grep ports
>> cerberus/usr-ports                34G    241M     34G     1%    /usr/ports
>> cerberus/usr-ports-distfiles      34G      0B     34G     0%
>> /usr/ports/distfiles
>> cerberus/usr-ports-packages       34G      0B     34G     0%
>> /usr/ports/packages
>> /usr/ports                        34G    241M     34G     1%    /usr/ports2
>>
>> mount | grep ports
>> cerberus/usr-ports on /usr/ports (zfs, local)
>> cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local)
>> cerberus/usr-ports-packages on /usr/ports/packages (zfs, local)
>> /usr/ports on /usr/ports2 (nullfs, local)
>>
>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
>> mount_nullfs: /basejail: No such file or directory
>>
>> What is going on here? I also note that the error actually wants a
>> /basejail on the host, which is even more bizarre:
>>
>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
>> mount_nullfs: /basejail: No such file or directory
>>
>> mkdir /basejail
>>
>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
>> mount_nullfs: /basejail/usr: No such file or directory
>>
>> Yet, this works:
>>
>> mkdir /usr/jails/semipublic/test
>> mount_nullfs /usr/ports/ /usr/jails/semipublic/test
>> umount /usr/jails/semipublic/test
>>
>> Any ideas?
>>
>>
>
> The ports directory in an ezjail is a link to /basejail/usr/ports (in the
> jail).
>
> Breaking the link (from the host) allows the mount to work successfully.
>
> orion# ll usr/ports
> lrwxr-xr-x  1 root  wheel  19 Mar  8 18:06 usr/ports -> /basejail/usr/ports
> orion# unlink usr/ports
> orion# mkdir usr/ports
> orion# mount_nullfs /usr/ports usr/ports
> orion#
>
> Regards,
>
> --
> Glen Barber

Thanks for the tip.

An additional question: how come "sade" and "sysinstall" which are run
inside the jail can see (and I can only assume they can also operate
on and damage) the real underlying disks of the host?

- Sincerely
Dan Naumov
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


bizarre mount_nullfs issue with jails / ezjail

2010-04-06 Thread Dan Naumov
So, I want the basejail to only contain the world and link the ports
tree from the host into each individual jail when it's time to update
the ports inside them, but I am running into a bit of a bizarre issue:
I can mount_nullfs /usr/ports elsewhere on the host just fine, but it
doesn't work if I try to mount_nullfs it to /usr/ports inside the
jail:

mount_nullfs /usr/ports/ /usr/ports2

df -H | grep ports
cerberus/usr-ports34G241M 34G 1%/usr/ports
cerberus/usr-ports-distfiles  34G  0B 34G 0%
/usr/ports/distfiles
cerberus/usr-ports-packages   34G  0B 34G 0%
/usr/ports/packages
/usr/ports34G241M 34G 1%/usr/ports2

mount | grep ports
cerberus/usr-ports on /usr/ports (zfs, local)
cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local)
cerberus/usr-ports-packages on /usr/ports/packages (zfs, local)
/usr/ports on /usr/ports2 (nullfs, local)

mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
mount_nullfs: /basejail: No such file or directory

What is going on here? I also note that the error actually wants a
/basejail on the host, which is even more bizarre:

mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
mount_nullfs: /basejail: No such file or directory

mkdir /basejail

mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
mount_nullfs: /basejail/usr: No such file or directory

Yet, this works:

mkdir /usr/jails/semipublic/test
mount_nullfs /usr/ports/ /usr/jails/semipublic/test
umount /usr/jails/semipublic/test

Any ideas?


- Sincerely,
Dan Naumov
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: kern/145444: [jail] sysinstall and sade can access host's disks from within a jail

2010-04-06 Thread linimon
Old Synopsis: sysinstall and sade can access host's disks from within a jail
New Synopsis: [jail] sysinstall and sade can access host's disks from within a 
jail

Responsible-Changed-From-To: freebsd-bugs->freebsd-jail
Responsible-Changed-By: linimon
Responsible-Changed-When: Tue Apr 6 23:18:07 UTC 2010
Responsible-Changed-Why: 
Perhaps the folks on the jail mailing list can comment.

http://www.freebsd.org/cgi/query-pr.cgi?pr=145444
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: kern/145444: [jail] sysinstall and sade can access host's disks from within a jail

2010-04-06 Thread delphij
Synopsis: [jail] sysinstall and sade can access host's disks from within a jail

State-Changed-From-To: open->feedback
State-Changed-By: delphij
State-Changed-When: Wed Apr 7 00:55:02 UTC 2010
State-Changed-Why: 
Dear submitter,

By default, FreeBSD applies a devfs rule called "jail" if the jail
is being started with rc.d script /etc/rc.d/jail.  Could you, please
make sure that you are also using it this way?  This issue sounds
like a security vulnerability but I can not reproduce on my own
system, so maybe it's just a misconfiguration...

Thanks for brining this to our attention!


Responsible-Changed-From-To: freebsd-jail->secteam
Responsible-Changed-By: delphij
Responsible-Changed-When: Wed Apr 7 00:55:02 UTC 2010
Responsible-Changed-Why: 
Take as sect...@.

http://www.freebsd.org/cgi/query-pr.cgi?pr=145444
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: bizarre mount_nullfs issue with jails / ezjail

2010-04-06 Thread Mars G Miro
On Wed, Apr 7, 2010 at 5:43 AM, Dan Naumov  wrote:
> On Wed, Apr 7, 2010 at 12:37 AM, Glen Barber  wrote:
>> Hi Dan,
>>
>> Dan Naumov wrote:
>>> So, I want the basejail to only contain the world and link the ports
>>> tree from the host into each individual jail when it's time to update
>>> the ports inside them, but I am running into a bit of a bizarre issue:
>>> I can mount_nullfs /usr/ports elsewhere on the host just fine, but it
>>> doesn't work if I try to mount_nullfs it to /usr/ports inside the
>>> jail:
>>>
>>> mount_nullfs /usr/ports/ /usr/ports2
>>>
>>> df -H | grep ports
>>> cerberus/usr-ports                34G    241M     34G     1%    /usr/ports
>>> cerberus/usr-ports-distfiles      34G      0B     34G     0%
>>> /usr/ports/distfiles
>>> cerberus/usr-ports-packages       34G      0B     34G     0%
>>> /usr/ports/packages
>>> /usr/ports                        34G    241M     34G     1%    /usr/ports2
>>>
>>> mount | grep ports
>>> cerberus/usr-ports on /usr/ports (zfs, local)
>>> cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local)
>>> cerberus/usr-ports-packages on /usr/ports/packages (zfs, local)
>>> /usr/ports on /usr/ports2 (nullfs, local)
>>>
>>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
>>> mount_nullfs: /basejail: No such file or directory
>>>
>>> What is going on here? I also note that the error actually wants a
>>> /basejail on the host, which is even more bizarre:
>>>
>>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
>>> mount_nullfs: /basejail: No such file or directory
>>>
>>> mkdir /basejail
>>>
>>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports
>>> mount_nullfs: /basejail/usr: No such file or directory
>>>
>>> Yet, this works:
>>>
>>> mkdir /usr/jails/semipublic/test
>>> mount_nullfs /usr/ports/ /usr/jails/semipublic/test
>>> umount /usr/jails/semipublic/test
>>>
>>> Any ideas?
>>>
>>>
>>
>> The ports directory in an ezjail is a link to /basejail/usr/ports (in the
>> jail).
>>
>> Breaking the link (from the host) allows the mount to work successfully.
>>
>> orion# ll usr/ports
>> lrwxr-xr-x  1 root  wheel  19 Mar  8 18:06 usr/ports -> /basejail/usr/ports
>> orion# unlink usr/ports
>> orion# mkdir usr/ports
>> orion# mount_nullfs /usr/ports usr/ports
>> orion#
>>
>> Regards,
>>
>> --
>> Glen Barber
>
> Thanks for the tip.
>
> An additional question: how come "sade" and "sysinstall" which are run
> inside the jail can see (and I can only assume they can also operate
> on and damage) the real underlying disks of the host?
>

Disks (as well as others you have in your host's /dev) aren't visible
inside jails.

> - Sincerely
> Dan Naumov
> ___
> freebsd-jail@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
>



-- 
cheers
mars
-
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: bizarre mount_nullfs issue with jails / ezjail

2010-04-06 Thread Dan Naumov
>> An additional question: how come "sade" and "sysinstall" which are run
>> inside the jail can see (and I can only assume they can also operate
>> on and damage) the real underlying disks of the host?
>>
>
> Disks (as well as others you have in your host's /dev) aren't visible
> inside jails.

Well, somehow they are on my system.

I guess I should've also clarified that the jail was installed using
ezjail and not completely manually

>From /usr/local/etc/ezjail/semipublic

export jail_semipublic_devfs_enable="YES"
export jail_semipublic_devfs_ruleset="devfsrules_jail"

- Sincerely,
Dan Naumov
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"


Re: bizarre mount_nullfs issue with jails / ezjail

2010-04-06 Thread Mars G Miro
On Wed, Apr 7, 2010 at 2:28 PM, Dan Naumov  wrote:
>>> An additional question: how come "sade" and "sysinstall" which are run
>>> inside the jail can see (and I can only assume they can also operate
>>> on and damage) the real underlying disks of the host?
>>>
>>
>> Disks (as well as others you have in your host's /dev) aren't visible
>> inside jails.
>
> Well, somehow they are on my system.
>
> I guess I should've also clarified that the jail was installed using
> ezjail and not completely manually
>
> From /usr/local/etc/ezjail/semipublic
>
> export jail_semipublic_devfs_enable="YES"
> export jail_semipublic_devfs_ruleset="devfsrules_jail"
>

Well I'm not entirely familiar w/ ezjail but I use jails all the time,
and I can tell you that /dev in jails is very limited, here's a /dev
jail of mine:

m...@spry9:~> ls -al /dev/
total 2
crw-rw-rw-  1 root  wheel0,  58 Mar 27 03:02 crypto
dr-xr-xr-x  2 root  wheel   512 Mar 27 03:12 fd
dr-xr-xr-x  2 root  wheel   512 Mar 30 20:00 iso9660
lrwxr-xr-x  1 root  wheel14 Mar 27 03:12 log -> ../var/run/log
crw-rw-rw-  1 root  wheel0,  33 Apr  7 14:33 null
crw-rw-rw-  1 root  wheel0,   7 Mar 27 03:02 ptmx
dr-xr-xr-x  2 root  wheel   512 Mar 27 03:22 pts
crw-rw-rw-  1 root  wheel0,  10 Mar 27 11:12 random
lrwxr-xr-x  1 root  wheel 4 Mar 27 03:12 stderr -> fd/2
lrwxr-xr-x  1 root  wheel 4 Mar 27 03:12 stdin -> fd/0
lrwxr-xr-x  1 root  wheel 4 Mar 27 03:12 stdout -> fd/1
lrwxr-xr-x  1 root  wheel 6 Mar 27 03:12 urandom -> random
crw-rw-rw-  1 root  wheel0,  34 Mar 27 03:02 zero
m...@spry9:~>

So I guess it's a configuration issue w/ your jails.

> - Sincerely,
> Dan Naumov
>



-- 
cheers
mars
-
___
freebsd-jail@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"