Re: chroots/jails in jails
On 7/9/13 8:42 PM, Hiroki Sato wrote: Julian Elischer wrote in <51dc0054.2040...@freebsd.org>: it occurs to me that the machine on which the jail is on is running 8.0 and maybe this was fixed since.. I guess I should have checked that first. ju> I'm making a build system for a project which creates a chroot in ju> which to do some of the building to avoid base-system contamination ju> (yeah I know lots of people do that). ju> the trick is that my test system is itself, a jail. ju> So I can not mount /dev in the chroot. ju> ju> I can not predict where a build will occur so I can not pre-mount the ju> devfs from outside the jail. (users may fire off builds in different ju> locations) ju> ju> Does anyone have any solution to this problem? ju> ju> We have hierarchical jails, but no way of allowing the parent jail to ju> give the child jail a devfs. ju> ju> Has anyone looked at what it would take to make devfs "jail friendly"? ju> ju> I'm guessing that the jail would have to get some devfs-rule parameter ju> and that mount_devfs or it's in-kernel parts would have to know what ju> to do.. ju> ju> seems like there should be someone out there who has hit this.. (and ju> solved it?) Allowing to mount devfs inside hierarchical jails should work like the following: # jail -c allow.mount.devfs=1 allow.mount=1 enforce_statfs=1 children.max=10 path=/ name=j1 persist # jexec j1 /bin/tcsh # mkdir /tmp/dev1 # mount -t devfs devfs /tmp/dev1 # jail -c allow.mount.devfs=1 allow.mount=1 enforce_statfs=1 path=/ name=j2 persist # jexec j2 /bin/tcsh # mkdir /tmp/dev2 # mount -t devfs devfs /tmp/dev2 -- Hiroki ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: chroots/jails in jails
On Tue, 09 Jul 2013 07:21:40 -0500, Julian Elischer wrote: seems like there should be someone out there who has hit this.. (and solved it?) Poudriere can itself be run in a jail... does it do hierarchical jails? I've never tested it myself. Bapt's loose documentation of it is here: https://fossil.etoilebsd.net/poudriere/doc/trunk/doc/poudriere_in_jail.wiki ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: chroots/jails in jails
Julian Elischer wrote in <51dc0054.2040...@freebsd.org>: ju> I'm making a build system for a project which creates a chroot in ju> which to do some of the building to avoid base-system contamination ju> (yeah I know lots of people do that). ju> the trick is that my test system is itself, a jail. ju> So I can not mount /dev in the chroot. ju> ju> I can not predict where a build will occur so I can not pre-mount the ju> devfs from outside the jail. (users may fire off builds in different ju> locations) ju> ju> Does anyone have any solution to this problem? ju> ju> We have hierarchical jails, but no way of allowing the parent jail to ju> give the child jail a devfs. ju> ju> Has anyone looked at what it would take to make devfs "jail friendly"? ju> ju> I'm guessing that the jail would have to get some devfs-rule parameter ju> and that mount_devfs or it's in-kernel parts would have to know what ju> to do.. ju> ju> seems like there should be someone out there who has hit this.. (and ju> solved it?) Allowing to mount devfs inside hierarchical jails should work like the following: # jail -c allow.mount.devfs=1 allow.mount=1 enforce_statfs=1 children.max=10 path=/ name=j1 persist # jexec j1 /bin/tcsh # mkdir /tmp/dev1 # mount -t devfs devfs /tmp/dev1 # jail -c allow.mount.devfs=1 allow.mount=1 enforce_statfs=1 path=/ name=j2 persist # jexec j2 /bin/tcsh # mkdir /tmp/dev2 # mount -t devfs devfs /tmp/dev2 -- Hiroki pgpWirjqA6819.pgp Description: PGP signature
chroots/jails in jails
I'm making a build system for a project which creates a chroot in which to do some of the building to avoid base-system contamination (yeah I know lots of people do that). the trick is that my test system is itself, a jail. So I can not mount /dev in the chroot. I can not predict where a build will occur so I can not pre-mount the devfs from outside the jail. (users may fire off builds in different locations) Does anyone have any solution to this problem? We have hierarchical jails, but no way of allowing the parent jail to give the child jail a devfs. Has anyone looked at what it would take to make devfs "jail friendly"? I'm guessing that the jail would have to get some devfs-rule parameter and that mount_devfs or it's in-kernel parts would have to know what to do.. seems like there should be someone out there who has hit this.. (and solved it?) Julian ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
