From owner-freebsd-arch@FreeBSD.ORG  Thu Oct 22 12:08:18 2009
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 23A04106566B;
	Thu, 22 Oct 2009 12:08:18 +0000 (UTC) (envelope-from ed@hoeg.nl)
Received: from palm.hoeg.nl (mx0.hoeg.nl [IPv6:2001:7b8:613:100::211])
	by mx1.freebsd.org (Postfix) with ESMTP id BC2E78FC17;
	Thu, 22 Oct 2009 12:08:17 +0000 (UTC)
Received: by palm.hoeg.nl (Postfix, from userid 1000)
	id 53D991CC4D; Thu, 22 Oct 2009 14:08:16 +0200 (CEST)
Date: Thu, 22 Oct 2009 14:08:16 +0200
From: Ed Schouten <ed@80386.nl>
To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>
Message-ID: <20091022120816.GK1293@hoeg.nl>
References: <20091021222054.GJ1293@hoeg.nl>
 <86ljj4s6hj.fsf@ds4.des.no>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="zH41lVBEV8cLJnCl"
Content-Disposition: inline
In-Reply-To: <86ljj4s6hj.fsf@ds4.des.no>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: FreeBSD Arch <arch@freebsd.org>, FreeBSD Jail <jail@freebsd.org>
Subject: Re: Setting the jail identifier from /etc/rc.conf
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2009 12:08:18 -0000


--zH41lVBEV8cLJnCl
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Dag-Erling,

* Dag-Erling Sm=F8rgrav <des@des.no> wrote:
> on the command line).  There is no rc.conf variable for it, but you can
> add "-n foo" to jail_foo_flags.

Well, good enough I guess.

I solved the entire getty thing by doing the following. I'm running a
jail called small.80386.nl, which is a temporary install I had, to see
what happens if you enable a lot of WITHOUT_* flags.

/etc/devfs.rules:
| [small_80386_nl=3D5]
| add include $devfsrules_hide_all
| add include $devfsrules_unhide_basic
| add include $devfsrules_unhide_login
| add path ttyv8 unhide

/etc/rc.conf:
| jail_small_flags=3D"-l -U root -n small_80386_nl"
| jail_small_devfs_ruleset=3D"small_80386_nl"

/etc/ttys:
| ttyv8 "/usr/sbin/jexec small_80386_nl /usr/libexec/getty Pc" cons25 on se=
cure

--=20
 Ed Schouten <ed@80386.nl>
 WWW: http://80386.nl/

--zH41lVBEV8cLJnCl
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (FreeBSD)

iEYEARECAAYFAkrgSzAACgkQ52SDGA2eCwVjigCffgZ/9igGufiv9bxmc2QnCMAO
PXYAn0ZF4o7g40qHvkiY6eAwjUtWhZic
=uO5V
-----END PGP SIGNATURE-----

--zH41lVBEV8cLJnCl--