Date: Mon, 5 Apr 2004 23:52:31 +0200 From: Melvyn Sopacua <freebsd-current@webteckies.org> To: current@FreeBSD.org Subject: Re: Jail problems Message-ID: <200404052352.36092.freebsd-current@webteckies.org> In-Reply-To: <4071764B.3040309@fer.hr> References: <40716941.5060101@fer.hr> <8765cezdco.fsf@strauser.com> <4071764B.3040309@fer.hr>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-00=_kUdcANiVvW41LAp
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
On Monday 05 April 2004 17:07, Ivan Voras wrote:
> Kirk Strauser wrote:
> > At 2004-04-05T14:12:17Z, Ivan Voras <ivoras@fer.hr> writes:
> >>This is probably something big and obvious I'm missing, but what?
> >
> > What version of FreeBSD are you using? If 5.x, do you have /dev mounted
> > inside each jail?
>
> You're right! I mis-mounted /dev! That, and some fiddling around solved the
> problems, thanks!
Maybe the attached makejail.sh script helps:
1) put it in /usr/src
2) create a /usr/src/ports-jail.sh which simply installs a default set of
ports (in our case postfix/apache/php and the excellent 'jailer' port).
3) if needed, create an rc.conf.jail in /etc/ which sets some sensible default
options (recent work done in the rc system could make this obsolete)
4) if needed create /etc/jailpatches/patch-login.conf - in our case it creates
the 'standard' class, with more restrictive defaults.
5) You also need "/sbin/mount_jaildev":
##!/bin/sh
. /etc/rc.subr
jail_root=$1
if [ -z "$2" ]; then
jail_ruleset=devfsrules_jail
else
jail_ruleset=$2
fi
devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules"
devfs_mount_jail $jail_root $jail_ruleset
--
Melvyn
=======================================================
FreeBSD sarevok.webteckies.org 5.2-CURRENT FreeBSD 5.2-CURRENT #3: Sun Apr 4
02:24:06 CEST 2004
root@sarevok.webteckies.org:/usr/obj/usr/src/sys/SAREVOK_NOAPM_NODEBUG i386
=======================================================
--Boundary-00=_kUdcANiVvW41LAp
Content-Type: text/plain;
charset="iso-8859-1";
name="makejail.sh.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="makejail.sh.txt"
#!/bin/sh
JAILROOT=/jail
IP=$1
CP='cp -v'
if [ -z "$2" ]; then
TESTIP=$IP
else
TESTIP=$2
fi
usage () {
echo $0 IP [TESTIP]
echo 'Make a jail distribution for IP'
echo 'If TESTIP is given, it is used to startup the jail and do'
echo 'the final configurations.'
exit
}
doit () {
echo ''
echo '---> ' $*
echo ''
eval "$*"
}
[ -z "$IP" ] && usage
D="${JAILROOT}/${IP}"
doit mkdir -p ${D}
doit cd /usr/src
make hierarchy DESTDIR=${D}
make obj
make depend
make all
make install DESTDIR=${D}
doit cd etc
make distribution DESTDIR=${D} -DNO_MAKEDEV_RUN
doit mount_jaildev ${D}/dev devfsrules_jail
doit cd ${D}
doit ln -fs dev/null kernel
doit cp -Rfp /usr/ports ${D}/usr/
${CP} /usr/src/ports-jail.sh ${D}/usr/ports/
doit chmod ugo+x ${D}/usr/ports/ports-jail.sh
${CP} /etc/resolv.conf ${D}/etc/
doit touch ${D}/etc/fstab
${CP} /etc/make.conf ${D}/etc/
doit ${CP} /etc/rc.conf.jail ${D}/etc/rc.conf
doit perl -pi.bak -e "\"s/^#ListenAddress 0\.0\.0\.0.*\$/ListenAddress ${IP}/\"" ${D}/etc/ssh/sshd_config
doit ${CP} /root/.profile /root/.bashrc /root/.shrc ${D}/root/
if [ -f /etc/jailpatches/patch-login.conf ]; then
echo Fixing login.conf
cd ${D}/etc
patch < /etc/jailpatches/patch-login.conf
cap_mkdb ${D}/etc/login.conf
fi
cd ${D}
ln -vfs usr/home home
doit jail ${D} jail-${IP}.idg.nl ${TESTIP} /usr/ports/ports-jail.sh
--Boundary-00=_kUdcANiVvW41LAp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404052352.36092.freebsd-current>