2.5% daily for 200 days without any risk.
Hi freebsd-jail@freebsd.org, I wanna tell you about a very solid investment I participate in since five month. I made 510% profit by now. This is a Hong Kong traders company, active on stock, derivatives, and Forex markets. Their performance is very consistent, they make up to 3% daily and they pay its members up to 2.5% each day. HYt fund is absolutely transparent, showing their trading data and offering phone, chat, and email support to its members. I am sure they are the the group to stay with in 2010. Check them out: http://texugauto.com/jjwk634p ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: bizarre mount_nullfs issue with jails / ezjail
Hi Dan, Dan Naumov wrote: > So, I want the basejail to only contain the world and link the ports > tree from the host into each individual jail when it's time to update > the ports inside them, but I am running into a bit of a bizarre issue: > I can mount_nullfs /usr/ports elsewhere on the host just fine, but it > doesn't work if I try to mount_nullfs it to /usr/ports inside the > jail: > > mount_nullfs /usr/ports/ /usr/ports2 > > df -H | grep ports > cerberus/usr-ports34G241M 34G 1%/usr/ports > cerberus/usr-ports-distfiles 34G 0B 34G 0% > /usr/ports/distfiles > cerberus/usr-ports-packages 34G 0B 34G 0% > /usr/ports/packages > /usr/ports34G241M 34G 1%/usr/ports2 > > mount | grep ports > cerberus/usr-ports on /usr/ports (zfs, local) > cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local) > cerberus/usr-ports-packages on /usr/ports/packages (zfs, local) > /usr/ports on /usr/ports2 (nullfs, local) > > mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports > mount_nullfs: /basejail: No such file or directory > > What is going on here? I also note that the error actually wants a > /basejail on the host, which is even more bizarre: > > mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports > mount_nullfs: /basejail: No such file or directory > > mkdir /basejail > > mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports > mount_nullfs: /basejail/usr: No such file or directory > > Yet, this works: > > mkdir /usr/jails/semipublic/test > mount_nullfs /usr/ports/ /usr/jails/semipublic/test > umount /usr/jails/semipublic/test > > Any ideas? > > The ports directory in an ezjail is a link to /basejail/usr/ports (in the jail). Breaking the link (from the host) allows the mount to work successfully. orion# ll usr/ports lrwxr-xr-x 1 root wheel 19 Mar 8 18:06 usr/ports -> /basejail/usr/ports orion# unlink usr/ports orion# mkdir usr/ports orion# mount_nullfs /usr/ports usr/ports orion# Regards, -- Glen Barber ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: bizarre mount_nullfs issue with jails / ezjail
On Wed, Apr 7, 2010 at 12:37 AM, Glen Barber wrote: > Hi Dan, > > Dan Naumov wrote: >> So, I want the basejail to only contain the world and link the ports >> tree from the host into each individual jail when it's time to update >> the ports inside them, but I am running into a bit of a bizarre issue: >> I can mount_nullfs /usr/ports elsewhere on the host just fine, but it >> doesn't work if I try to mount_nullfs it to /usr/ports inside the >> jail: >> >> mount_nullfs /usr/ports/ /usr/ports2 >> >> df -H | grep ports >> cerberus/usr-ports 34G 241M 34G 1% /usr/ports >> cerberus/usr-ports-distfiles 34G 0B 34G 0% >> /usr/ports/distfiles >> cerberus/usr-ports-packages 34G 0B 34G 0% >> /usr/ports/packages >> /usr/ports 34G 241M 34G 1% /usr/ports2 >> >> mount | grep ports >> cerberus/usr-ports on /usr/ports (zfs, local) >> cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local) >> cerberus/usr-ports-packages on /usr/ports/packages (zfs, local) >> /usr/ports on /usr/ports2 (nullfs, local) >> >> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports >> mount_nullfs: /basejail: No such file or directory >> >> What is going on here? I also note that the error actually wants a >> /basejail on the host, which is even more bizarre: >> >> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports >> mount_nullfs: /basejail: No such file or directory >> >> mkdir /basejail >> >> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports >> mount_nullfs: /basejail/usr: No such file or directory >> >> Yet, this works: >> >> mkdir /usr/jails/semipublic/test >> mount_nullfs /usr/ports/ /usr/jails/semipublic/test >> umount /usr/jails/semipublic/test >> >> Any ideas? >> >> > > The ports directory in an ezjail is a link to /basejail/usr/ports (in the > jail). > > Breaking the link (from the host) allows the mount to work successfully. > > orion# ll usr/ports > lrwxr-xr-x 1 root wheel 19 Mar 8 18:06 usr/ports -> /basejail/usr/ports > orion# unlink usr/ports > orion# mkdir usr/ports > orion# mount_nullfs /usr/ports usr/ports > orion# > > Regards, > > -- > Glen Barber Thanks for the tip. An additional question: how come "sade" and "sysinstall" which are run inside the jail can see (and I can only assume they can also operate on and damage) the real underlying disks of the host? - Sincerely Dan Naumov ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
bizarre mount_nullfs issue with jails / ezjail
So, I want the basejail to only contain the world and link the ports tree from the host into each individual jail when it's time to update the ports inside them, but I am running into a bit of a bizarre issue: I can mount_nullfs /usr/ports elsewhere on the host just fine, but it doesn't work if I try to mount_nullfs it to /usr/ports inside the jail: mount_nullfs /usr/ports/ /usr/ports2 df -H | grep ports cerberus/usr-ports34G241M 34G 1%/usr/ports cerberus/usr-ports-distfiles 34G 0B 34G 0% /usr/ports/distfiles cerberus/usr-ports-packages 34G 0B 34G 0% /usr/ports/packages /usr/ports34G241M 34G 1%/usr/ports2 mount | grep ports cerberus/usr-ports on /usr/ports (zfs, local) cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local) cerberus/usr-ports-packages on /usr/ports/packages (zfs, local) /usr/ports on /usr/ports2 (nullfs, local) mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory What is going on here? I also note that the error actually wants a /basejail on the host, which is even more bizarre: mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail: No such file or directory mkdir /basejail mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports mount_nullfs: /basejail/usr: No such file or directory Yet, this works: mkdir /usr/jails/semipublic/test mount_nullfs /usr/ports/ /usr/jails/semipublic/test umount /usr/jails/semipublic/test Any ideas? - Sincerely, Dan Naumov ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: kern/145444: [jail] sysinstall and sade can access host's disks from within a jail
Old Synopsis: sysinstall and sade can access host's disks from within a jail New Synopsis: [jail] sysinstall and sade can access host's disks from within a jail Responsible-Changed-From-To: freebsd-bugs->freebsd-jail Responsible-Changed-By: linimon Responsible-Changed-When: Tue Apr 6 23:18:07 UTC 2010 Responsible-Changed-Why: Perhaps the folks on the jail mailing list can comment. http://www.freebsd.org/cgi/query-pr.cgi?pr=145444 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: kern/145444: [jail] sysinstall and sade can access host's disks from within a jail
Synopsis: [jail] sysinstall and sade can access host's disks from within a jail State-Changed-From-To: open->feedback State-Changed-By: delphij State-Changed-When: Wed Apr 7 00:55:02 UTC 2010 State-Changed-Why: Dear submitter, By default, FreeBSD applies a devfs rule called "jail" if the jail is being started with rc.d script /etc/rc.d/jail. Could you, please make sure that you are also using it this way? This issue sounds like a security vulnerability but I can not reproduce on my own system, so maybe it's just a misconfiguration... Thanks for brining this to our attention! Responsible-Changed-From-To: freebsd-jail->secteam Responsible-Changed-By: delphij Responsible-Changed-When: Wed Apr 7 00:55:02 UTC 2010 Responsible-Changed-Why: Take as sect...@. http://www.freebsd.org/cgi/query-pr.cgi?pr=145444 ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: bizarre mount_nullfs issue with jails / ezjail
On Wed, Apr 7, 2010 at 5:43 AM, Dan Naumov wrote: > On Wed, Apr 7, 2010 at 12:37 AM, Glen Barber wrote: >> Hi Dan, >> >> Dan Naumov wrote: >>> So, I want the basejail to only contain the world and link the ports >>> tree from the host into each individual jail when it's time to update >>> the ports inside them, but I am running into a bit of a bizarre issue: >>> I can mount_nullfs /usr/ports elsewhere on the host just fine, but it >>> doesn't work if I try to mount_nullfs it to /usr/ports inside the >>> jail: >>> >>> mount_nullfs /usr/ports/ /usr/ports2 >>> >>> df -H | grep ports >>> cerberus/usr-ports 34G 241M 34G 1% /usr/ports >>> cerberus/usr-ports-distfiles 34G 0B 34G 0% >>> /usr/ports/distfiles >>> cerberus/usr-ports-packages 34G 0B 34G 0% >>> /usr/ports/packages >>> /usr/ports 34G 241M 34G 1% /usr/ports2 >>> >>> mount | grep ports >>> cerberus/usr-ports on /usr/ports (zfs, local) >>> cerberus/usr-ports-distfiles on /usr/ports/distfiles (zfs, local) >>> cerberus/usr-ports-packages on /usr/ports/packages (zfs, local) >>> /usr/ports on /usr/ports2 (nullfs, local) >>> >>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports >>> mount_nullfs: /basejail: No such file or directory >>> >>> What is going on here? I also note that the error actually wants a >>> /basejail on the host, which is even more bizarre: >>> >>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports >>> mount_nullfs: /basejail: No such file or directory >>> >>> mkdir /basejail >>> >>> mount_nullfs /usr/ports/ /usr/jails/semipublic/usr/ports >>> mount_nullfs: /basejail/usr: No such file or directory >>> >>> Yet, this works: >>> >>> mkdir /usr/jails/semipublic/test >>> mount_nullfs /usr/ports/ /usr/jails/semipublic/test >>> umount /usr/jails/semipublic/test >>> >>> Any ideas? >>> >>> >> >> The ports directory in an ezjail is a link to /basejail/usr/ports (in the >> jail). >> >> Breaking the link (from the host) allows the mount to work successfully. >> >> orion# ll usr/ports >> lrwxr-xr-x 1 root wheel 19 Mar 8 18:06 usr/ports -> /basejail/usr/ports >> orion# unlink usr/ports >> orion# mkdir usr/ports >> orion# mount_nullfs /usr/ports usr/ports >> orion# >> >> Regards, >> >> -- >> Glen Barber > > Thanks for the tip. > > An additional question: how come "sade" and "sysinstall" which are run > inside the jail can see (and I can only assume they can also operate > on and damage) the real underlying disks of the host? > Disks (as well as others you have in your host's /dev) aren't visible inside jails. > - Sincerely > Dan Naumov > ___ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org" > -- cheers mars - ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: bizarre mount_nullfs issue with jails / ezjail
>> An additional question: how come "sade" and "sysinstall" which are run >> inside the jail can see (and I can only assume they can also operate >> on and damage) the real underlying disks of the host? >> > > Disks (as well as others you have in your host's /dev) aren't visible > inside jails. Well, somehow they are on my system. I guess I should've also clarified that the jail was installed using ezjail and not completely manually >From /usr/local/etc/ezjail/semipublic export jail_semipublic_devfs_enable="YES" export jail_semipublic_devfs_ruleset="devfsrules_jail" - Sincerely, Dan Naumov ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"
Re: bizarre mount_nullfs issue with jails / ezjail
On Wed, Apr 7, 2010 at 2:28 PM, Dan Naumov wrote: >>> An additional question: how come "sade" and "sysinstall" which are run >>> inside the jail can see (and I can only assume they can also operate >>> on and damage) the real underlying disks of the host? >>> >> >> Disks (as well as others you have in your host's /dev) aren't visible >> inside jails. > > Well, somehow they are on my system. > > I guess I should've also clarified that the jail was installed using > ezjail and not completely manually > > From /usr/local/etc/ezjail/semipublic > > export jail_semipublic_devfs_enable="YES" > export jail_semipublic_devfs_ruleset="devfsrules_jail" > Well I'm not entirely familiar w/ ezjail but I use jails all the time, and I can tell you that /dev in jails is very limited, here's a /dev jail of mine: m...@spry9:~> ls -al /dev/ total 2 crw-rw-rw- 1 root wheel0, 58 Mar 27 03:02 crypto dr-xr-xr-x 2 root wheel 512 Mar 27 03:12 fd dr-xr-xr-x 2 root wheel 512 Mar 30 20:00 iso9660 lrwxr-xr-x 1 root wheel14 Mar 27 03:12 log -> ../var/run/log crw-rw-rw- 1 root wheel0, 33 Apr 7 14:33 null crw-rw-rw- 1 root wheel0, 7 Mar 27 03:02 ptmx dr-xr-xr-x 2 root wheel 512 Mar 27 03:22 pts crw-rw-rw- 1 root wheel0, 10 Mar 27 11:12 random lrwxr-xr-x 1 root wheel 4 Mar 27 03:12 stderr -> fd/2 lrwxr-xr-x 1 root wheel 4 Mar 27 03:12 stdin -> fd/0 lrwxr-xr-x 1 root wheel 4 Mar 27 03:12 stdout -> fd/1 lrwxr-xr-x 1 root wheel 6 Mar 27 03:12 urandom -> random crw-rw-rw- 1 root wheel0, 34 Mar 27 03:02 zero m...@spry9:~> So I guess it's a configuration issue w/ your jails. > - Sincerely, > Dan Naumov > -- cheers mars - ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"