While attempting to find a functional jail with the smallest number of
devices, I was surprised that a jail with only
jail3# ls /dev/
crypto null random urandom zero
was actually functional. (I expected it to require /dev/{stdin, stdout,
stderr, fs*}
From the base system, I start "jexec jail3 tcsh", and when that started,
jail3# fstat
USER CMD PID FD MOUNT INUM MODE SZ|DV R/W
root fstat 40606 text /bj 12241168 -r-xr-xr-x 18360 r
root fstat 40606 ctty /bj 235 crw--w---- pts/4 rw
root fstat 40606 wd / 7384356 drwxr-xr-x 1024 r
root fstat 40606 root / 7384356 drwxr-xr-x 1024 r
root fstat 40606 jail / 7384356 drwxr-xr-x 1024 r
root fstat 40606 0 / 235 crw--w---- pts/4 rw
root fstat 40606 1 / 235 crw--w---- pts/4 rw
root fstat 40606 2 / 235 crw--w---- pts/4 rw
root fstat 40606 3 / 7389794 -rw------- 40960 r
sh ...
tcsh...
So after some further testing it appears to use std{in,out,err},
multiple filedescriptors and well, functional.
Is something causing the jail to inherit std{in,out,err} functionality.
If there is, are there others? And the pts device seems to be inherited
from the parent/base jail, even though there is no /dev/pts in the jail?
This is on FreeBSD 11.1-STABLE r327954M amd64 1101506 1101506 with
/etc/jail.conf entry reads:
b6 { persist; ip4.addr = "10.0.7.96,10.0.5.126"; devfs_ruleset = "4"; }
(My intent is for a teeny jail to start, run a script (PKI key
generation stuff) then terminate and yes the base system only: starts
jails & runs ntp in a chroot).
Kind regards, Dewayne.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
