From owner-freebsd-questions@FreeBSD.ORG Thu Jul 19 04:49:13 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 54B6116A404 for ; Thu, 19 Jul 2007 04:49:13 +0000 (UTC) (envelope-from ccowart@hal.rescomp.berkeley.edu) Received: from rescomp.berkeley.edu (hal.Rescomp.Berkeley.EDU [169.229.70.150]) by mx1.freebsd.org (Postfix) with ESMTP id 3D04013C4B5 for ; Thu, 19 Jul 2007 04:49:13 +0000 (UTC) (envelope-from ccowart@hal.rescomp.berkeley.edu) Received: by rescomp.berkeley.edu (Postfix, from userid 1225) id D96015B775; Wed, 18 Jul 2007 21:49:12 -0700 (PDT) Date: Wed, 18 Jul 2007 21:49:12 -0700 From: Christopher Cowart To: Tech Valley Internet - Tony Kivits Message-ID: <20070719044912.GD27888@rescomp.berkeley.edu> Mail-Followup-To: Tech Valley Internet - Tony Kivits , freebsd-questions@freebsd.org References: <7.0.1.0.0.20070718181625.01d5eeb0@techvalley.ca> <20070719023259.GA27888@rescomp.berkeley.edu> <7.0.1.0.0.20070718202853.01bf3108@techvalley.ca> <20070719034250.GB27888@rescomp.berkeley.edu> <7.0.1.0.0.20070718204749.01c146a8@techvalley.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="o9w4P0ZCTVHZJ0iX" Content-Disposition: inline In-Reply-To: <7.0.1.0.0.20070718204749.01c146a8@techvalley.ca> Organization: RSSP-IT, UC Berkeley User-Agent: Mutt/1.5.9i Cc: freebsd-questions@freebsd.org Subject: Re: /dev/random in jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2007 04:49:13 -0000 --o9w4P0ZCTVHZJ0iX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 18, 2007 at 09:41:35PM -0700, Tech Valley Internet - Tony Kivit= s wrote: >At 08:42 PM 7/18/2007, Christopher Cowart wrote: >>On Wed, Jul 18, 2007 at 08:34:21PM -0700, Tech Valley Internet -=20 >>Tony Kivits wrote: >>>At 07:32 PM 7/18/2007, Christopher Cowart wrote: >>>>On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet - >>>>Tony Kivits wrote: >>>>> I am attempting to run portions (if not all) of the software called >>>>> HSphere inside of jailed subsystems of FreeBSD. I am able to create >>>>> the jails no problem but the devices /dev/random and /dev/urandom are >>>>> not created automatically in the jail despite the fact that a handful >>>>> of other devices are mounted correctly when the jail is created. >>>>> >>>>> Is there a specific reason for these devices not being created in a >>>>> jail or is there a way to create these devices so that they will be >>>>> available inside a jail? >>>> >>>>We run bind instances in FreeBSD jails. This is how we get /dev/random: >>>> >>>>| # /etc/devfs.rules: >>>>| [devfsrules_thin_jail=3D100] >>>>| add include $devfsrules_hide_all >>>>| add include $devfsrules_unhide_basic >>>> >>>>| # /etc/rc.conf: >>>>| jail_cachingdns_devfs_enable=3D"YES" >>>>| jail_cachingdns_devfs_ruleset=3D"devfsrules_thin_jail" >>>> >>> Thanks Chris, >>> >>> So if my jail is called "cp", the only thing that I would have to >>> change from your scripts would be replace to replace "cachingdns"=20 >>with "cp"? >> >>Yes. Are you configuring the jail via /etc/rc.conf already? Are you >>using the rc script /etc/rc.d/jail to start your jails? >> >>My complete config from /etc/rc.conf is: >> >>| # Enable jails >>| jail_enable=3D"YES" >>| jail_list=3D"cachingdns" >>| >>| # Caching-nameserver jail >>| jail_cachingdns_hostname=3D"ns1.example.com" >>| jail_cachingdns_ip=3D"192.0.2.15" >>| jail_cachingdns_interface=3D"bge0" >>| jail_cachingdns_rootdir=3D"/var/jails/caching-dns" >>| jail_cachingdns_exec=3D"/usr/local/sbin/named" >>| jail_cachingdns_devfs_enable=3D"YES" >>| jail_cachingdns_devfs_ruleset=3D"devfsrules_thin_jail" >> >>You can replace cachingdns with cp or whatever else you want. You can >>also create multiple jails with different names. >> >>I don't know if you're following the typical FreeBSD jail documentation >>which gives you a complete FreeBSD installation inside the jail. Given >>that I only need to run named, I have not done that. >> >>Are you trying to run a complete FreeBSD install that allows user logins >>inside your jail? Or are you simply trying to jail a single process? My >>example above jails the single process named, and does not have an OS >>install inside the jail's root. > > I am doing a complete OS inside the jail and am starting it through=20 > the rc.conf. The default devfs ruleset for jails (devfsrules_jail, found in /etc/defaults/devfs.rules) should work fine for you then. Perhaps try specifying that ruleset explicitly? > I have modified the devfs.rules so that they are now passing random=20 > and urandom as devices. But the installation software is still=20 > reporting that /dev/random is not working properly. Do you know of a=20 > way that I can test /dev/random to see if it is actually working? $ ls -l caching-dns/dev/random crw-rw-rw- 1 root wheel 0, 8 Jul 3 18:08 caching-dns/dev/random $ dd if=3D/dev/random bs=3D1 count=3D12 2>/dev/null | openssl base64 Should give you a base64 encoding of some random data (base64 to prevent it from messing up your terminal) if /dev/random is working. --=20 Chris Cowart Lead Systems Administrator Network & Infrastructure Services, RSSP-IT UC Berkeley --o9w4P0ZCTVHZJ0iX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFGnu1IV3SOqjnqPh0RAlL5AKCUSRFGpBlAK3GMWgmEufVNz2Q8yACfRsKW ZMM1KZHQeJsuHUwebvRxM24= =0IFE -----END PGP SIGNATURE----- --o9w4P0ZCTVHZJ0iX--