From owner-freebsd-questions@FreeBSD.ORG Wed Apr 7 06:43:13 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3ED4E106566C; Wed, 7 Apr 2010 06:43:13 +0000 (UTC) (envelope-from spry@anarchy.in.the.ph) Received: from mail-pz0-f197.google.com (mail-pz0-f197.google.com [209.85.222.197]) by mx1.freebsd.org (Postfix) with ESMTP id 156CC8FC0C; Wed, 7 Apr 2010 06:43:12 +0000 (UTC) Received: by pzk35 with SMTP id 35so614479pzk.3 for ; Tue, 06 Apr 2010 23:43:12 -0700 (PDT) MIME-Version: 1.0 Received: by 10.114.76.10 with HTTP; Tue, 6 Apr 2010 23:43:11 -0700 (PDT) In-Reply-To: References: <20100406213711.GA38637@orion.hsd1.pa.comcast.net> Date: Wed, 7 Apr 2010 14:43:11 +0800 Received: by 10.114.22.5 with SMTP id 5mr2777386wav.51.1270622591786; Tue, 06 Apr 2010 23:43:11 -0700 (PDT) Message-ID: From: Mars G Miro To: Dan Naumov Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-jail@freebsd.org, Glen Barber , freebsd-questions@freebsd.org Subject: Re: bizarre mount_nullfs issue with jails / ezjail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Apr 2010 06:43:13 -0000 On Wed, Apr 7, 2010 at 2:28 PM, Dan Naumov wrote: >>> An additional question: how come "sade" and "sysinstall" which are run >>> inside the jail can see (and I can only assume they can also operate >>> on and damage) the real underlying disks of the host? >>> >> >> Disks (as well as others you have in your host's /dev) aren't visible >> inside jails. > > Well, somehow they are on my system. > > I guess I should've also clarified that the jail was installed using > ezjail and not completely manually > > From /usr/local/etc/ezjail/semipublic > > export jail_semipublic_devfs_enable="YES" > export jail_semipublic_devfs_ruleset="devfsrules_jail" > Well I'm not entirely familiar w/ ezjail but I use jails all the time, and I can tell you that /dev in jails is very limited, here's a /dev jail of mine: mars@spry9:~> ls -al /dev/ total 2 crw-rw-rw- 1 root wheel 0, 58 Mar 27 03:02 crypto dr-xr-xr-x 2 root wheel 512 Mar 27 03:12 fd dr-xr-xr-x 2 root wheel 512 Mar 30 20:00 iso9660 lrwxr-xr-x 1 root wheel 14 Mar 27 03:12 log -> ../var/run/log crw-rw-rw- 1 root wheel 0, 33 Apr 7 14:33 null crw-rw-rw- 1 root wheel 0, 7 Mar 27 03:02 ptmx dr-xr-xr-x 2 root wheel 512 Mar 27 03:22 pts crw-rw-rw- 1 root wheel 0, 10 Mar 27 11:12 random lrwxr-xr-x 1 root wheel 4 Mar 27 03:12 stderr -> fd/2 lrwxr-xr-x 1 root wheel 4 Mar 27 03:12 stdin -> fd/0 lrwxr-xr-x 1 root wheel 4 Mar 27 03:12 stdout -> fd/1 lrwxr-xr-x 1 root wheel 6 Mar 27 03:12 urandom -> random crw-rw-rw- 1 root wheel 0, 34 Mar 27 03:02 zero mars@spry9:~> So I guess it's a configuration issue w/ your jails. > - Sincerely, > Dan Naumov > -- cheers mars -----