On 14.08.2003 15:36, Scot W. Hetzel wrote:
I just noticed a problem with periodic scripts inside a jail. I'm getting:
Local system status:
tee: /dev/stderr: Operation not supported
Mail in local queue:
tee: /dev/stderr: Operation not supported
Mail in submit queue:
tee: /dev/stderr: Operation not supported
in the periodic daily, weekly, monthly and security reports. But if I mount
the fdescfs on the jail, then these errors go away.
So we need to add the following to the new jail script
jail_start()
{
:
eval jail_devfs=\"\$jail_${_jail}_devfs\"
[ -z ${jail_devfs} ] && jail_devfs="NO":
eval jail_fdescfs=\"\$jail_${_jail}_fdescfs\"
[ -z ${jail_fdescfs} ] && jail_fdescfs="NO"
:
if checkyesno jail_devfs ; then
mount -t devfs dev ${jail_devdir}
if checkyesno jail_fdescfs ; then
mount -t fdescfs fdesc ${jail_devdir}/fd
fi
:
fi
:
}
jail_stop()
{
:
eval jail_devfs=\"\$jail_${_jail}_devfs\"
[ -z ${jail_devfs} ] && jail_devfs="NO":
eval jail_fdescfs=\"\$jail_${_jail}_fdescfs\"
[ -z ${jail_fdescfs} ] && jail_fdescfs="NO"
:
if checkyesno jail_devfs ; then
if [ -d ${jail_devdir} ] ; then
if checkyesno jail_fdescfs; then
umount -f ${jail_devdir}/fd >/dev/null 2>&1
fi
umount -f ${jail_devdir} >/dev/null 2>&1
fi
fi
:
}
The only decsion we need to make is wheter to always mount the fdescfs when
devfs is mounted on the jail, or have a variable to enable mounting of the
fdescfs (jail_*_fdescfs).
Scot
I don't run periodics in jails, because they are not allowed to mail
out :-)
But I wouldn't really care having fdescfs mounted every time as
security problem, so I would decide to mount it ever (or defaultly).
If someone cares, addition of jail_example_mount_fdescfs is
recommented.
I add a CC to security@, because of there may be one or other who
has an important comment.
Best,
Jens
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
