From owner-freebsd-jail@FreeBSD.ORG Mon Sep 22 14:04:53 2008 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07ABD106564A for ; Mon, 22 Sep 2008 14:04:53 +0000 (UTC) (envelope-from schulra@earlham.edu) Received: from sipala.earlham.edu (sipala.earlham.edu [159.28.1.75]) by mx1.freebsd.org (Postfix) with ESMTP id AB5FD8FC19 for ; Mon, 22 Sep 2008 14:04:52 +0000 (UTC) (envelope-from schulra@earlham.edu) Received: from tdream.lly.earlham.edu ([10.159.28.9]) by sipala.earlham.edu (8.13.6/8.13.6) with ESMTP id m8MDmw51022109 for ; Mon, 22 Sep 2008 09:48:58 -0400 (EDT) X-Authentication-Warning: sipala.earlham.edu: Host [10.159.28.9] claimed to be tdream.lly.earlham.edu Received: from tdream.lly.earlham.edu (tdream.lly.earlham.edu [159.28.7.241]) by tdream.lly.earlham.edu (Postfix) with ESMTP id DA56821F8B4 for ; Mon, 22 Sep 2008 09:49:24 -0400 (EDT) Date: Mon, 22 Sep 2008 09:49:24 -0400 (EDT) From: Randy Schultz X-X-Sender: schulra@tdream.lly.earlham.edu To: freebsd-jail@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Subject: request for (security) comments on this setup X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2008 14:04:53 -0000 Heya, I'm mounting some iSCSI storage in a jail. It's mounting in the jail via fstab.. When the jail is up and I'm logged into the jail I can cd to the mount point, r/w etc., everything seems to work. What's weird tho' is, while a df on the parent shows the partion mounted as expected, a df inside the jail shows the local disk but not the iSCSI mount. This is fbsd 7.1-prerelease, the jail's name is spectro. On the parent: Root Dude ? df -h|egrep data /dev/da0s1d 1.3T 2.9G 1.2T 0% /usr/local/jails/spectro/data Root Dude ? cat /etc/fstab.spectro /usr/local/jails/basejail /usr/local/jails/spectro/basejail nullfs ro 0 0 /dev/da0s1d /usr/local/jails/spectro/data ufs rw 1 1 in the jail: Dude ? df -h Filesystem Size Used Avail Capacity Mounted on /dev/mirror/gm0s1e 178G 43G 121G 26% / Root Dude ? dmesg|egrep da0 da0 at iscsi0 bus 0 target 0 lun 0 da0: Fixed Direct Ac Root Dude ? cd /data Root Dude ? ls -l total 5830386 drwxrwxr-x 2 root operator 512 Sep 19 17:52 .snap -rw-r----- 1 root wheel 5967380480 Sep 22 09:44 all.5 Root Dude ? touch test Root Dude ? ls -l total 5836930 drwxrwxr-x 2 root operator 512 Sep 19 17:52 .snap -rw-r----- 1 root wheel 5974065152 Sep 22 09:45 all.5 -rw-r--r-- 1 root wheel 0 Sep 22 09:44 test Root Dude ? iostat 1 tty ad4 ad6 da0 cpu tin tout KB/t tps MB/s KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 5 33.42 4 0.12 33.43 4 0.12 62.62 2 0.11 0 0 0 0 100 0 232 64.00 6 0.37 64.00 4 0.25 58.95 19 1.09 0 0 0 0 100 0 78 60.57 14 0.83 61.00 16 0.95 53.09 22 1.14 0 0 0 0 100 ^C So, my first question is what am I missing, the second is does mounting things this way into a jail pose any sort of risk for escaping the jail? -- Randy (schulra@earlham.edu) 765.983.1283 <*> Love with your heart, think with your head; not the other way around.