Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 29 Jul 2007 11:57:45 -0700
From:      Paul Hoffman <phoffman@proper.com>
To:        freebsd-jail@freebsd.org
Subject:   What to put in devfs for a typical jail
Message-ID:  <p0624081fc2d292d4ed73@[10.20.30.108]>

next in thread | raw e-mail | index | archive | help
Greetings. I want to set up a jail for a web server. It only needs to 
access the things a normal system would (its own disk space, the 
network controller, the keyboard, and so on). I need to be SSHing 
into the jailed system to control it.

The manpage for jail says:
      NOTE: It is important that only appropriate device nodes in devfs be
      exposed to a jail; access to disk devices in the jail may permit pro-
      cesses in the jail to bypass the jail sandboxing by modifying files out-
      side of the jail.  See devfs(8) for information on how to use devfs rules
      to limit access to entries in the per-jail devfs.


What should I do for /etc/devfs.rules on the host? What should I be excluding?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0624081fc2d292d4ed73>