Date: Thu, 21 Sep 2006 21:31:10 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: freebsd-questions@FreeBSD.org Cc: jeremie@le-hen.org Subject: chrooted named in a jail Message-ID: <20060921193110.GL15761@obiwan.tataz.chchile.org>
next in thread | raw e-mail | index | archive | help
Hi list, please Cc: me in your replies, I am not subscribed to this list. I have a jail in which named(8) runs. In order to make a possible bug exploitation still more difficult, I would like to use the named_chrootdir variable for rc.conf(5). Unfortunately, rc.d/named tries to mount devfs in the named_chrootdir, which is obviously not possible inside a jail. I could hack the jail startup bit in order to mount devfs in $jaildir/$named_chrootdir/dev, but I find this a bit overkill and I am looking for a neater way to achieve this. I thought of using $jail_fstab and $jail_mount_enable in order to mount_nullfs(8) $jaildir/dev onto $jaildir/$named_chrootdir/dev but I am not sure this is allowed by the kernel (I'm scared to panic my production box). Any clue, idea ? Thank you. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060921193110.GL15761>