Date: Sun, 13 Nov 2011 13:04:36 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: How to login to my jail from host itself (normal user) Message-ID: <4EBFC064.9040205@infracaninophile.co.uk> In-Reply-To: <20111113102449.GA16065@external.screwed.box> References: <1321152864.63708.YahooMailNeo@web122210.mail.ne1.yahoo.com> <4EBF8CAD.8000003@infracaninophile.co.uk> <20111113102449.GA16065@external.screwed.box>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig7926672EF8B23B33C78E8CF2
Content-Type: text/plain; charset=KOI8-R
Content-Transfer-Encoding: quoted-printable
On 13/11/2011 12:31, Peter Vereshagin wrote:
> I'd find it obvious to try to launch getty by mean of jexec by setting =
the command in /etc/ttys?
>=20
> Something like that:
>=20
> ttyv0 "/usr/sbin/jexec `cat /var/run/some_jail.id` /usr/libexec/g=
etty Pc" cons25 on secure
>=20
That might work. Needs testing though -- when someone logs in does init
in the host system recognize that the jailed login has taken over the
vty from the jail? Or does it just keep spawning new getty processes?
Lets see...
lucid-nonsense:/etc:# diff -u ttys.save ttys
--- ttys.save 2011-11-13 12:49:28.868350588 +0000
+++ ttys 2011-11-13 12:50:10.609176357 +0000
@@ -38,7 +38,7 @@
ttyv4 "/usr/libexec/getty Pc" cons25 on secure
ttyv5 "/usr/libexec/getty Pc" cons25 on secure
ttyv6 "/usr/libexec/getty Pc" cons25 on secure
-ttyv7 "/usr/libexec/getty Pc" cons25 on secure
+ttyv7 "/usr/sbin/jexec 1 /usr/libexec/getty Pc" cons25 on secure
ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
# Serial terminals
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
lucid-nonsense:/etc:# kill -HUP 1
lucid-nonsense:/etc:# jexec 1 ps -ax | grep getty
22182 v7 Is+J 0:00.01 /usr/libexec/getty Pc ttyv7
Looking good so far...
<fx> Wanders into the other room and logs in on the console -- vty7,
which identifies itself as the jail.
lucid-nonsense:/etc:# ps -auxwww | grep v7
root 22182 0.0 0.0 21700 1676 v7 IsJ 12:50PM 0:00.06 login
[pam] (login)
matthew 22293 0.0 0.0 10312 2524 v7 IJ 12:53PM 0:00.07 -tcsh
(tcsh)
matthew 22299 0.0 0.0 9372 1668 v7 S+J 12:53PM 0:00.11 top
root 22362 0.0 0.0 9124 1192 1 S+ 12:56PM 0:00.00 grep v=
7
Seems to work nicely. Now, does logout work properly?
<fx>Logs out of the jail
lucid-nonsense:/etc:# ps -auxwww | grep v7
root 22390 0.0 0.0 6916 1028 v7 Is+J 12:59PM 0:00.01
/usr/libexec/getty Pc ttyv7
Yep. All works nicely. That's really cool.
Definitely needs care to make sure the jail ID matches up to the
intended jail. Using mm@freebsd.org's updated jail init stuff from the
sysutils/jailrc port and enabling persistent jails probably the way to
go there.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
--------------enig7926672EF8B23B33C78E8CF2
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6/wG0ACgkQ8Mjk52CukIymdACfdcRJ1ueCvp0UCIlwXLxQr+cx
XT0AnijK1HKp8ADzzzpOw5P9qiVCPoQ4
=X+dI
-----END PGP SIGNATURE-----
--------------enig7926672EF8B23B33C78E8CF2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EBFC064.9040205>