From owner-freebsd-current Sat Feb 3 11:50:59 2001 Delivered-To: freebsd-current@freebsd.org Received: from harmony.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id BC41837B401 for ; Sat, 3 Feb 2001 11:50:40 -0800 (PST) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.11.1/8.11.1) with ESMTP id f13Jm1961781; Sat, 3 Feb 2001 12:48:01 -0700 (MST) (envelope-from imp@harmony.village.org) Message-Id: <200102031948.f13Jm1961781@harmony.village.org> To: Poul-Henning Kamp Subject: Re: DEVFS newbie... Cc: Peter Wemm , freebsd-current@FreeBSD.ORG In-reply-to: Your message of "Sat, 03 Feb 2001 20:35:17 +0100." <14760.981228917@critter> References: <14760.981228917@critter> Date: Sat, 03 Feb 2001 12:48:00 -0700 From: Warner Losh Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <14760.981228917@critter> Poul-Henning Kamp writes: : In message <200102031932.f13JWo961621@harmony.village.org>, Warner Losh writes: : >In message <200102031748.f13HmuW44694@mobile.wemm.org> Peter Wemm writes: : >: As bizzare as it sounds, I like Julian's hack for populating this stuff... : >: ie: use a hard link to propagate nodes to the jailed /dev. : >: : >: eg: mount -t devfs -o empty /home/jail/dev : >: ln /dev/null /home/jail/dev/null : >: ln /dev/zero /home/jail/dev/zero : >: ... : >: mount -u -o ro /home/jail/dev : > : >But you can't do hard links accross file systems. Or is that a hack : >of devfs to allow it, [...] : : Yes, it was a hack, and it will not be hacked that way in my DEVFS. I seem to recall talking to you about having symbolic links in your devfs mean something "special" as a way around this problem. As you know, but others might not, the device name space is flat an unique (well, except for maybe /dev/fd, which is just unique and can be viewed as flat for the purposes of this discussion). As such, ln -s /dev/null /jail/dev/null could also be expressed as ln -s null /jail/dev/null. The symlink means not "follow this filesystem name space link" but instead "lookup this device name in your device namespace table." But I'm not sure that would work (being only dimly aware of the details of vfs layers and all). Nor am I sure about all the security implications of it (I'm not seeing any at the moment, since you could mount it empty, do the symlinks then remount it r/o). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message