On Tue, Feb 21, 2006 at 08:10:31PM +1000, Andrew Hacking wrote: > I am trying to setp a jail in RELENG_6, and cannot apply the jail > ruleset (ruleset 4) to the jail devfs mount point. The system also > hangs if I try to apply the rules individually. > > I raised PR/93423 for this issue. See > http://www.freebsd.org/cgi/query-pr.cgi?pr=93423 for details > > I am wondering if anyone else has had any success securing their jails > (ie removing device nodes such as those that provide raw access to > disks) ? Jails and devfs rules work fine for me: %uname -a FreeBSD s2.stc 6.0-STABLE FreeBSD 6.0-STABLE #0: Fri Nov 11 04:03:19 MSK 2005 [EMAIL PROTECTED]:/usr/build/usr/src/sys/S2 i386 %jls JID IP Address Hostname Path 3 192.168.2.52 samba-pdc.stc /home/jail/samba 2 192.168.2.51 mail2.stc /home/jail/mail 1 192.168.2.50 ldap.stc /home/jail/ldap
%mount ... /dev/mirror/home on /home (ufs, local, soft-updates) devfs on /home/jail/ldap/dev (devfs, local) devfs on /home/jail/mail/dev (devfs, local) devfs on /home/jail/samba/dev (devfs, local) %ls /home/jail/samba/dev/ fd null ptyp1 stderr stdout ttyp1 zero log ptyp0 random stdin ttyp0 urandom %grep devfs /etc/rc.conf jail_mail_devfs_enable="YES" jail_samba_devfs_enable="YES" jail_ldap_devfs_enable="YES" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
