Hi,
I have used freeb up to 9 release by now. I now installed
FreeBSD 10.0-RELEASE and I am very disappointed with the new jail setup.
One of the reasons is that using devfs_ruleset has no effect
in jail.conf.
example:
DDNS {
host.hostname = "DDNS";
ip4.addr = "192.168.5.10";
ip4 = "inherit";
path = "/usr/local/JAIL/DDCLIENT/";
exec.start = "/bin/ddstart.sh &";
exec.consolelog = "/var/log/jail.DDNS.console.log";
devfs_ruleset = "5";
mount.devfs;
}
and devfs.rules:
[devfsrules_jailddns=5]
add hide
add path random unhide
add path urandom unhide
The result is mounting the hole jail tree in the jail... So much for
security in this release.
Even using the old jail setup in rc.conf , the /etc/rc.d/jail fails to
hide dev and mounts dev tree untouched under the jail:
jail_DDNS_rootdir="/usr/local/JAIL/DDCLIENT/"
jail_DDNS_hostname="DDNS"
jail_DDNS_ip="192.168.5.10"
jail_DDNS_exec_start="/bin/ddstart.sh &"
jail_DDNS_devfs_enable="YES"
jail_DDNS_devfs_ruleset="5"
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
