From owner-freebsd-questions@FreeBSD.ORG  Thu Sep 21 19:31:05 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@FreeBSD.org
Delivered-To: freebsd-questions@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B1A1316A417
	for <freebsd-questions@FreeBSD.org>;
	Thu, 21 Sep 2006 19:31:05 +0000 (UTC)
	(envelope-from tataz@tataz.chchile.org)
Received: from smtp2-g19.free.fr (smtp2-g19.free.fr [212.27.42.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1677643D5F
	for <freebsd-questions@FreeBSD.org>;
	Thu, 21 Sep 2006 19:31:04 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98])
	by smtp2-g19.free.fr (Postfix) with ESMTP id 3E1CF75D37
	for <freebsd-questions@FreeBSD.org>;
	Thu, 21 Sep 2006 21:31:04 +0200 (CEST)
Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25])
	by tatooine.tataz.chchile.org (Postfix) with ESMTP id B9D609B4C1;
	Thu, 21 Sep 2006 19:31:10 +0000 (UTC)
Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000)
	id 8DE1D408C; Thu, 21 Sep 2006 21:31:10 +0200 (CEST)
Date: Thu, 21 Sep 2006 21:31:10 +0200
From: Jeremie Le Hen <jeremie@le-hen.org>
To: freebsd-questions@FreeBSD.org
Message-ID: <20060921193110.GL15761@obiwan.tataz.chchile.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.12-2006-07-14
Cc: jeremie@le-hen.org
Subject: chrooted named in a jail
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Sep 2006 19:31:05 -0000

Hi list,

please Cc: me in your replies, I am not subscribed to this list.

I have a jail in which named(8) runs.  In order to make a possible bug
exploitation still more difficult, I would like to use the named_chrootdir
variable for rc.conf(5).

Unfortunately, rc.d/named tries to mount devfs in the named_chrootdir,
which is obviously not possible inside a jail.  I could hack the jail
startup bit in order to mount devfs in $jaildir/$named_chrootdir/dev,
but I find this a bit overkill and I am looking for a neater way to
achieve this.  I thought of using $jail_fstab and $jail_mount_enable
in order to mount_nullfs(8) $jaildir/dev onto $jaildir/$named_chrootdir/dev
but I am not sure this is allowed by the kernel (I'm scared to panic my
production box).

Any clue, idea ?

Thank you.
Best regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >