From owner-freebsd-questions@FreeBSD.ORG  Fri Dec 16 03:23:41 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 16E4216A41F
	for <freebsd-questions@freebsd.org>;
	Fri, 16 Dec 2005 03:23:41 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F92443D66
	for <freebsd-questions@freebsd.org>;
	Fri, 16 Dec 2005 03:23:40 +0000 (GMT)
	(envelope-from kris@obsecurity.org)
Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196])
	by elvis.mu.org (Postfix) with ESMTP id 376351A3C1C;
	Thu, 15 Dec 2005 19:23:40 -0800 (PST)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id E920C514D7; Thu, 15 Dec 2005 22:23:38 -0500 (EST)
Date: Thu, 15 Dec 2005 22:23:38 -0500
From: Kris Kennaway <kris@obsecurity.org>
To: Dieter <freebsd@sopwith.solgatos.com>
Message-ID: <20051216032338.GA41927@xor.obsecurity.org>
References: <200512160318.DAA13843@sopwith.solgatos.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="tThc/1wpZn/ma/RB"
Content-Disposition: inline
In-Reply-To: <200512160318.DAA13843@sopwith.solgatos.com>
User-Agent: Mutt/1.4.2.1i
Cc: freebsd-questions@freebsd.org
Subject: Re: chroot and /dev
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Dec 2005 03:23:41 -0000


--tThc/1wpZn/ma/RB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Dec 15, 2005 at 07:18:11PM +0000, Dieter wrote:
> How does one provide one or two devices, e.g. /dev/null
> for a chroot environment?
>=20
> Device nodes created by mknod do not work.
>=20
> mount_devfs creates an entire device tree, negating
> the security of the chroot.

See the jail manpage (jail is better than chroot if security is your
goal).

Kris

--tThc/1wpZn/ma/RB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFDojM5Wry0BWjoQKURAksoAJ4t04Ee5iO90JPClcSqeavGyouNlwCg3f5k
KO79Zcpnj41AGf/BqnFwpzw=
=dkXg
-----END PGP SIGNATURE-----

--tThc/1wpZn/ma/RB--