From owner-freebsd-questions@FreeBSD.ORG Thu Jul 19 12:47:57 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 64D6316A403 for ; Thu, 19 Jul 2007 12:47:57 +0000 (UTC) (envelope-from tony@techvalley.ca) Received: from mail2.techvalley.ca (mail2.techvalley.ca [66.199.130.140]) by mx1.freebsd.org (Postfix) with ESMTP id 3C57813C428 for ; Thu, 19 Jul 2007 12:47:57 +0000 (UTC) (envelope-from tony@techvalley.ca) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail2.techvalley.ca (Postfix) with ESMTP id A70D12304B3; Thu, 19 Jul 2007 05:47:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at techvalley.ca Received: from mail2.techvalley.ca ([127.0.0.1]) by localhost (mail2.techvalley.ca [127.0.0.1]) (amavisd-new, port 10024) with LMTP id aOJ0csqIqc12; Thu, 19 Jul 2007 05:47:54 -0700 (PDT) Received: from mail.techvalley.ca (S010600121701f0ec.vs.shawcable.net [24.85.106.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail2.techvalley.ca (Postfix) with ESMTP id 754972301F5; Thu, 19 Jul 2007 05:47:54 -0700 (PDT) Received: from monsoon.techvalley.ca ([192.168.1.1]) by mail.techvalley.ca (8.13.8/8.13.8) with ESMTP id l6JCqWK6024440; Thu, 19 Jul 2007 05:52:36 -0700 (PDT) (envelope-from tony@techvalley.ca) Message-Id: <7.0.1.0.0.20070719051248.01c24ec0@techvalley.ca> X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0 Date: Thu, 19 Jul 2007 05:48:00 -0700 To: Christopher Cowart , freebsd-questions@freebsd.org From: Tech Valley Internet - Tony Kivits In-Reply-To: <7.0.1.0.0.20070718220030.01b8de00@techvalley.ca> References: <7.0.1.0.0.20070718181625.01d5eeb0@techvalley.ca> <20070719023259.GA27888@rescomp.berkeley.edu> <7.0.1.0.0.20070718202853.01bf3108@techvalley.ca> <20070719034250.GB27888@rescomp.berkeley.edu> <7.0.1.0.0.20070718204749.01c146a8@techvalley.ca> <20070719044912.GD27888@rescomp.berkeley.edu> <20070719045036.GE27888@rescomp.berkeley.edu> <7.0.1.0.0.20070718220030.01b8de00@techvalley.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: Subject: Re: /dev/random in jails X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jul 2007 12:47:57 -0000 At 10:02 PM 7/18/2007, Tech Valley Internet - Tony Kivits wrote: >At 09:50 PM 7/18/2007, Christopher Cowart wrote: >>On Wed, Jul 18, 2007 at 09:49:12PM -0700, Christopher Cowart wrote: >> > $ dd if=/dev/random bs=1 count=12 2>/dev/null | openssl base64 >> > Should give you a base64 encoding of some random data (base64 to prevent >> > it from messing up your terminal) if /dev/random is working. >> >>I meant to point if=jailroot/dev/random. Testing /dev/random for the >>host OS isn't going to be too meaningful. >> >>-- >>Chris Cowart >>Lead Systems Administrator >>Network & Infrastructure Services, RSSP-IT >>UC Berkeley > >Thanks Chris, > >I figured out what you meant. ;) > >I think with all my playing I managed to put a symlink in the dev >directory that I can't get out. > >I will try to do a reinstall of the machine and try all the >suggestions on a clean environment. > >Tony Ok. I now know what is happening. The random and urandom devices are in the jail's /dev directory when the jail is created and the test you gave me to try did work once tweaked a bit. But when I run the installation script for hsphere the two devices disappear out of the /dev directory. The devices are then inaccessible for all processes until the jail is restarted. I have looked in the usually log files and nothing is recorded there. My configuration is as follows.... # Jail info in host's rc.conf jail_enable="YES" jail_interface="xl0" jail_devfs_enable="YES" jail_procfs_enable="YES" jail_list="cp" jail_cp_rootdir="/usr/jails/cp" jail_cp_hostname="cp.example.ca" jail_cp_ip="192.168.1.71" jail_cp_mount_enable="YES" jail_cp_devfs_ruleset="devfsrules_thin_jail" #devfs.rules [devfsrules_thin_jail=100] add include $devfsrules_hide_all add include $devfsrules_unhide_basic