From owner-freebsd-questions@FreeBSD.ORG  Sun Jan  7 16:02:29 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id C615D16A407
	for <freebsd-questions@freebsd.org>;
	Sun,  7 Jan 2007 16:02:29 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from mx00.pub.collaborativefusion.com
	(mx00.pub.collaborativefusion.com [206.210.89.199])
	by mx1.freebsd.org (Postfix) with ESMTP id 7575913C45D
	for <freebsd-questions@freebsd.org>;
	Sun,  7 Jan 2007 16:02:29 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from working (c-71-60-174-60.hsd1.pa.comcast.net [71.60.174.60])
	(AUTH: LOGIN wmoran, TLS: TLSv1/SSLv3,256bits,AES256-SHA)
	by wingspan with esmtp; Sun, 07 Jan 2007 11:02:28 -0500
	id 0005643F.45A11994.00017136
Date: Sun, 7 Jan 2007 11:02:27 -0500
From: Bill Moran <wmoran@collaborativefusion.com>
To: "Michael Grant" <mgrant@grant.org>
Message-Id: <20070107110227.c379e216.wmoran@collaborativefusion.com>
In-Reply-To: <62b856460701070753p62a3c531g63f08b164d23e6eb@mail.gmail.com>
References: <62b856460701070753p62a3c531g63f08b164d23e6eb@mail.gmail.com>
Organization: Collaborative Fusion Inc.
X-Mailer: Sylpheed version 2.2.10 (GTK+ 2.10.6; i386-portbld-freebsd6.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: /dev/null in a chroot
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jan 2007 16:02:29 -0000

"Michael Grant" <mgrant@grant.org> wrote:
>
> I chrooted apache to /www.
> 
> In order to run a java program from a web page, java needs a /dev/null
> inside the chroot.
> 
> I don't want to create another whole /dev/ dir with all the disk raw
> devices there to be read for anyone who cracks root.  I just want a
> /www/dev/null file.
> 
> I tried creating a node with mknod exactly like the node in /dev but
> it doesn't work in freebsd 6.  /dev/ is special now and you can't just
> create nodes anywhere like the old days.
> 
> Is there a way to create a /www/dev/null which acts just like /dev/null?

devfs does this now.  You can mount a second devfs under /www/dev/, or
anywhere else for that matter.

Controlling which device nodes show up is done by devfs rulsets.  See
the man page for devfs for details.

-Bill