Re: /dev/random in jails
At 10:02 PM 7/18/2007, Tech Valley Internet - Tony Kivits wrote: At 09:50 PM 7/18/2007, Christopher Cowart wrote: On Wed, Jul 18, 2007 at 09:49:12PM -0700, Christopher Cowart wrote: $ dd if=/dev/random bs=1 count=12 2/dev/null | openssl base64 Should give you a base64 encoding of some random data (base64 to prevent it from messing up your terminal) if /dev/random is working. I meant to point if=jailroot/dev/random. Testing /dev/random for the host OS isn't going to be too meaningful. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Thanks Chris, I figured out what you meant. ;) I think with all my playing I managed to put a symlink in the dev directory that I can't get out. I will try to do a reinstall of the machine and try all the suggestions on a clean environment. Tony Ok. I now know what is happening. The random and urandom devices are in the jail's /dev directory when the jail is created and the test you gave me to try did work once tweaked a bit. But when I run the installation script for hsphere the two devices disappear out of the /dev directory. The devices are then inaccessible for all processes until the jail is restarted. I have looked in the usually log files and nothing is recorded there. My configuration is as follows # Jail info in host's rc.conf jail_enable=YES jail_interface=xl0 jail_devfs_enable=YES jail_procfs_enable=YES jail_list=cp jail_cp_rootdir=/usr/jails/cp jail_cp_hostname=cp.example.ca jail_cp_ip=192.168.1.71 jail_cp_mount_enable=YES jail_cp_devfs_ruleset=devfsrules_thin_jail #devfs.rules [devfsrules_thin_jail=100] add include $devfsrules_hide_all add include $devfsrules_unhide_basic ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
/dev/random in jails
Hello, I am attempting to run portions (if not all) of the software called HSphere inside of jailed subsystems of FreeBSD. I am able to create the jails no problem but the devices /dev/random and /dev/urandom are not created automatically in the jail despite the fact that a handful of other devices are mounted correctly when the jail is created. Is there a specific reason for these devices not being created in a jail or is there a way to create these devices so that they will be available inside a jail? Any help on this would be much appreciated. Thank you, Tony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /dev/random in jails
On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet - Tony Kivits wrote: I am attempting to run portions (if not all) of the software called HSphere inside of jailed subsystems of FreeBSD. I am able to create the jails no problem but the devices /dev/random and /dev/urandom are not created automatically in the jail despite the fact that a handful of other devices are mounted correctly when the jail is created. Is there a specific reason for these devices not being created in a jail or is there a way to create these devices so that they will be available inside a jail? We run bind instances in FreeBSD jails. This is how we get /dev/random: | # /etc/devfs.rules: | [devfsrules_thin_jail=100] | add include $devfsrules_hide_all | add include $devfsrules_unhide_basic | # /etc/rc.conf: | jail_cachingdns_devfs_enable=YES | jail_cachingdns_devfs_ruleset=devfsrules_thin_jail HTH, -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley signature.asc Description: Digital signature
Re: /dev/random in jails
At 07:32 PM 7/18/2007, Christopher Cowart wrote: On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet - Tony Kivits wrote: I am attempting to run portions (if not all) of the software called HSphere inside of jailed subsystems of FreeBSD. I am able to create the jails no problem but the devices /dev/random and /dev/urandom are not created automatically in the jail despite the fact that a handful of other devices are mounted correctly when the jail is created. Is there a specific reason for these devices not being created in a jail or is there a way to create these devices so that they will be available inside a jail? We run bind instances in FreeBSD jails. This is how we get /dev/random: | # /etc/devfs.rules: | [devfsrules_thin_jail=100] | add include $devfsrules_hide_all | add include $devfsrules_unhide_basic | # /etc/rc.conf: | jail_cachingdns_devfs_enable=YES | jail_cachingdns_devfs_ruleset=devfsrules_thin_jail HTH, -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Thanks Chris, So if my jail is called cp, the only thing that I would have to change from your scripts would be replace to replace cachingdns with cp? Tony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /dev/random in jails
On Wed, Jul 18, 2007 at 08:34:21PM -0700, Tech Valley Internet - Tony Kivits wrote: At 07:32 PM 7/18/2007, Christopher Cowart wrote: On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet - Tony Kivits wrote: I am attempting to run portions (if not all) of the software called HSphere inside of jailed subsystems of FreeBSD. I am able to create the jails no problem but the devices /dev/random and /dev/urandom are not created automatically in the jail despite the fact that a handful of other devices are mounted correctly when the jail is created. Is there a specific reason for these devices not being created in a jail or is there a way to create these devices so that they will be available inside a jail? We run bind instances in FreeBSD jails. This is how we get /dev/random: | # /etc/devfs.rules: | [devfsrules_thin_jail=100] | add include $devfsrules_hide_all | add include $devfsrules_unhide_basic | # /etc/rc.conf: | jail_cachingdns_devfs_enable=YES | jail_cachingdns_devfs_ruleset=devfsrules_thin_jail Thanks Chris, So if my jail is called cp, the only thing that I would have to change from your scripts would be replace to replace cachingdns with cp? Yes. Are you configuring the jail via /etc/rc.conf already? Are you using the rc script /etc/rc.d/jail to start your jails? My complete config from /etc/rc.conf is: | # Enable jails | jail_enable=YES | jail_list=cachingdns | | # Caching-nameserver jail | jail_cachingdns_hostname=ns1.example.com | jail_cachingdns_ip=192.0.2.15 | jail_cachingdns_interface=bge0 | jail_cachingdns_rootdir=/var/jails/caching-dns | jail_cachingdns_exec=/usr/local/sbin/named | jail_cachingdns_devfs_enable=YES | jail_cachingdns_devfs_ruleset=devfsrules_thin_jail You can replace cachingdns with cp or whatever else you want. You can also create multiple jails with different names. I don't know if you're following the typical FreeBSD jail documentation which gives you a complete FreeBSD installation inside the jail. Given that I only need to run named, I have not done that. Are you trying to run a complete FreeBSD install that allows user logins inside your jail? Or are you simply trying to jail a single process? My example above jails the single process named, and does not have an OS install inside the jail's root. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley signature.asc Description: Digital signature
Re: /dev/random in jails
At 08:42 PM 7/18/2007, Christopher Cowart wrote: On Wed, Jul 18, 2007 at 08:34:21PM -0700, Tech Valley Internet - Tony Kivits wrote: At 07:32 PM 7/18/2007, Christopher Cowart wrote: On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet - Tony Kivits wrote: I am attempting to run portions (if not all) of the software called HSphere inside of jailed subsystems of FreeBSD. I am able to create the jails no problem but the devices /dev/random and /dev/urandom are not created automatically in the jail despite the fact that a handful of other devices are mounted correctly when the jail is created. Is there a specific reason for these devices not being created in a jail or is there a way to create these devices so that they will be available inside a jail? We run bind instances in FreeBSD jails. This is how we get /dev/random: | # /etc/devfs.rules: | [devfsrules_thin_jail=100] | add include $devfsrules_hide_all | add include $devfsrules_unhide_basic | # /etc/rc.conf: | jail_cachingdns_devfs_enable=YES | jail_cachingdns_devfs_ruleset=devfsrules_thin_jail Thanks Chris, So if my jail is called cp, the only thing that I would have to change from your scripts would be replace to replace cachingdns with cp? Yes. Are you configuring the jail via /etc/rc.conf already? Are you using the rc script /etc/rc.d/jail to start your jails? My complete config from /etc/rc.conf is: | # Enable jails | jail_enable=YES | jail_list=cachingdns | | # Caching-nameserver jail | jail_cachingdns_hostname=ns1.example.com | jail_cachingdns_ip=192.0.2.15 | jail_cachingdns_interface=bge0 | jail_cachingdns_rootdir=/var/jails/caching-dns | jail_cachingdns_exec=/usr/local/sbin/named | jail_cachingdns_devfs_enable=YES | jail_cachingdns_devfs_ruleset=devfsrules_thin_jail You can replace cachingdns with cp or whatever else you want. You can also create multiple jails with different names. I don't know if you're following the typical FreeBSD jail documentation which gives you a complete FreeBSD installation inside the jail. Given that I only need to run named, I have not done that. Are you trying to run a complete FreeBSD install that allows user logins inside your jail? Or are you simply trying to jail a single process? My example above jails the single process named, and does not have an OS install inside the jail's root. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Thanks Chris, I am doing a complete OS inside the jail and am starting it through the rc.conf. I have modified the devfs.rules so that they are now passing random and urandom as devices. But the installation software is still reporting that /dev/random is not working properly. Do you know of a way that I can test /dev/random to see if it is actually working? Thanks again, Tony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: /dev/random in jails
On Wed, Jul 18, 2007 at 09:41:35PM -0700, Tech Valley Internet - Tony Kivits wrote: At 08:42 PM 7/18/2007, Christopher Cowart wrote: On Wed, Jul 18, 2007 at 08:34:21PM -0700, Tech Valley Internet - Tony Kivits wrote: At 07:32 PM 7/18/2007, Christopher Cowart wrote: On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet - Tony Kivits wrote: I am attempting to run portions (if not all) of the software called HSphere inside of jailed subsystems of FreeBSD. I am able to create the jails no problem but the devices /dev/random and /dev/urandom are not created automatically in the jail despite the fact that a handful of other devices are mounted correctly when the jail is created. Is there a specific reason for these devices not being created in a jail or is there a way to create these devices so that they will be available inside a jail? We run bind instances in FreeBSD jails. This is how we get /dev/random: | # /etc/devfs.rules: | [devfsrules_thin_jail=100] | add include $devfsrules_hide_all | add include $devfsrules_unhide_basic | # /etc/rc.conf: | jail_cachingdns_devfs_enable=YES | jail_cachingdns_devfs_ruleset=devfsrules_thin_jail Thanks Chris, So if my jail is called cp, the only thing that I would have to change from your scripts would be replace to replace cachingdns with cp? Yes. Are you configuring the jail via /etc/rc.conf already? Are you using the rc script /etc/rc.d/jail to start your jails? My complete config from /etc/rc.conf is: | # Enable jails | jail_enable=YES | jail_list=cachingdns | | # Caching-nameserver jail | jail_cachingdns_hostname=ns1.example.com | jail_cachingdns_ip=192.0.2.15 | jail_cachingdns_interface=bge0 | jail_cachingdns_rootdir=/var/jails/caching-dns | jail_cachingdns_exec=/usr/local/sbin/named | jail_cachingdns_devfs_enable=YES | jail_cachingdns_devfs_ruleset=devfsrules_thin_jail You can replace cachingdns with cp or whatever else you want. You can also create multiple jails with different names. I don't know if you're following the typical FreeBSD jail documentation which gives you a complete FreeBSD installation inside the jail. Given that I only need to run named, I have not done that. Are you trying to run a complete FreeBSD install that allows user logins inside your jail? Or are you simply trying to jail a single process? My example above jails the single process named, and does not have an OS install inside the jail's root. I am doing a complete OS inside the jail and am starting it through the rc.conf. The default devfs ruleset for jails (devfsrules_jail, found in /etc/defaults/devfs.rules) should work fine for you then. Perhaps try specifying that ruleset explicitly? I have modified the devfs.rules so that they are now passing random and urandom as devices. But the installation software is still reporting that /dev/random is not working properly. Do you know of a way that I can test /dev/random to see if it is actually working? $ ls -l caching-dns/dev/random crw-rw-rw- 1 root wheel 0, 8 Jul 3 18:08 caching-dns/dev/random $ dd if=/dev/random bs=1 count=12 2/dev/null | openssl base64 Should give you a base64 encoding of some random data (base64 to prevent it from messing up your terminal) if /dev/random is working. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley signature.asc Description: Digital signature
Re: /dev/random in jails
On Wed, Jul 18, 2007 at 09:49:12PM -0700, Christopher Cowart wrote: $ dd if=/dev/random bs=1 count=12 2/dev/null | openssl base64 Should give you a base64 encoding of some random data (base64 to prevent it from messing up your terminal) if /dev/random is working. I meant to point if=jailroot/dev/random. Testing /dev/random for the host OS isn't going to be too meaningful. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley signature.asc Description: Digital signature
Re: /dev/random in jails
At 09:50 PM 7/18/2007, Christopher Cowart wrote: On Wed, Jul 18, 2007 at 09:49:12PM -0700, Christopher Cowart wrote: $ dd if=/dev/random bs=1 count=12 2/dev/null | openssl base64 Should give you a base64 encoding of some random data (base64 to prevent it from messing up your terminal) if /dev/random is working. I meant to point if=jailroot/dev/random. Testing /dev/random for the host OS isn't going to be too meaningful. -- Chris Cowart Lead Systems Administrator Network Infrastructure Services, RSSP-IT UC Berkeley Thanks Chris, I figured out what you meant. ;) I think with all my playing I managed to put a symlink in the dev directory that I can't get out. I will try to do a reinstall of the machine and try all the suggestions on a clean environment. Tony ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
