From owner-freebsd-stable@freebsd.org  Tue Apr 24 14:09:43 2018
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A9871FA66D7
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Tue, 24 Apr 2018 14:09:43 +0000 (UTC)
 (envelope-from marcnarc@gmail.com)
Received: from mail-qt0-x244.google.com (mail-qt0-x244.google.com
 [IPv6:2607:f8b0:400d:c0d::244])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1738B6D957;
 Tue, 24 Apr 2018 14:09:43 +0000 (UTC)
 (envelope-from marcnarc@gmail.com)
Received: by mail-qt0-x244.google.com with SMTP id b13-v6so22186010qtp.12;
 Tue, 24 Apr 2018 07:09:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=subject:to:references:cc:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-language:content-transfer-encoding;
 bh=SNBqNHy/e09dSDqEEZPPUzIoaP3P3B33x3GkMKOytP8=;
 b=RaNcS1Qm0pZiuS1fNG0ZDZc2TVJYkU+PpNeNE+R4ung0j7HrdXkQkN1005uNePj2JB
 UjnPpXQ2WHWAm4rItwfT2Nd9N/BswsqfUq7hODcvYoiseb5zkqa2P4dEZo3A3m0om4O0
 n4aPbYoGkGTa/ATFuFSWs8cweeOcPDRRnjO8zIqbOIMn7xRlGgfGEroWF40Awxevoa3I
 Dpsut6a6S+se6yem64jEohmxrNYGWbr0UQCMExnHhxImtkefbGgvgIG+ub4yAhPeoCuw
 Ev6RGbY7ZWbucEC64rp5jVeK2aFSnbpYyugWmIHF0uQSK2gVSB0QHt0UBO19ECS9UEZY
 /kYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:references:cc:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=SNBqNHy/e09dSDqEEZPPUzIoaP3P3B33x3GkMKOytP8=;
 b=E8hjpAtsvheEYpieeCkWUPvHAnohMtqWWkHNVDhVgbmDaISebtFJNQAd87DqoI4QEi
 kicDb6FtcsUdvuZUPK7FEK0ujcadOFpO9srg61mGrgHAyPRGwyIqYQku0fYD3+vz1W1I
 Nz0yu7jexFNDfw665bbs+ZcPWbd1rOIDSzYhaYdqoM8mgfjGEi9w5/yPZASGLT+kJR1n
 Q/2o8OAz0P1yneXLT6Bce/ybPBeVRd0TlkKswGarZKBTmgfkXRDVik2bk/Q7NnLi4ehL
 V/RMwjNHwdEsX39KGFu1HvPxl3sVvddQQ6WLI/ENaZ+2PcrBJFeMLTtFT+gPp6R4j8s6
 ZFgg==
X-Gm-Message-State: ALQs6tDyT0l6U15uRqiPFobSMaksYm6mqHJ9aSe0QZB5VWhoMexbwhzn
 fjFMLXQhokA/VnnOMfQ6GQ3+civh
X-Google-Smtp-Source: AB8JxZoI26fDmd+8Mc739CWEsYa8F3/PkPjh/2skn00/QpK/qjdkKEJM+/ZrwZs3fQSva4Qak4mCpA==
X-Received: by 2002:ac8:2779:: with SMTP id
 h54-v6mr4992688qth.85.1524578982399; 
 Tue, 24 Apr 2018 07:09:42 -0700 (PDT)
Received: from [10.10.1.32] ([192.252.130.194])
 by smtp.gmail.com with ESMTPSA id i45-v6sm8437645qta.12.2018.04.24.07.09.41
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 24 Apr 2018 07:09:41 -0700 (PDT)
Subject: Re: What should do in chrooted environment?
To: Glen Barber <gjb@FreeBSD.org>, krad <kraduk@gmail.com>
References: <201804232228.w3NMS6UW042861@kx.openedu.org>
 <20180423224408.GC56778@FreeBSD.org>
 <A07CBD86-5B13-43A9-AF33-EA027B93F209@dons.net.au>
 <CALfReyeOOgJmnj4Lxxbr4O_YOO9GA_83+-Awaz5r4eZAnCJkXw@mail.gmail.com>
 <20180424132452.GB70329@FreeBSD.org>
Cc: KIRIYAMA Kazuhiko <kiri@kx.openedu.org>,
 "O'Connor, Daniel" <darius@dons.net.au>,
 freebsd-stable <freebsd-stable@freebsd.org>
From: Marc Branchaud <marcnarc@gmail.com>
Message-ID: <5bfcd662-629c-43f0-0471-141cf6881a1f@gmail.com>
Date: Tue, 24 Apr 2018 10:09:40 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <20180424132452.GB70329@FreeBSD.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Apr 2018 14:09:43 -0000

On 2018-04-24 09:24 AM, Glen Barber wrote:
> There are additional nits regarding jail(8) that chroot(8) does not have
> the same limitations.  Setting/unsetting the immutable flag on something
> like /sbin/init, for example, comes to mind.

Try
	allow.chflags
in your jail.conf.

		M.

> Glen
> 
> On Tue, Apr 24, 2018 at 11:49:46AM +0100, krad wrote:
>> wouldn't it just be easier to do this in a jail, and then all of these
>> little bits would be taken care of?
>>
>> On 24 April 2018 at 01:48, O'Connor, Daniel <darius@dons.net.au> wrote:
>>
>>>
>>>
>>>> On 24 Apr 2018, at 08:14, Glen Barber <gjb@FreeBSD.org> wrote:
>>>> I think you might not have the devfs mount in the image.  With the paths
>>>> provided above, I think this should fix it:
>>>>
>>>> # mount -t devfs devfs /mnt/dev
>>>
>>> I wonder if it's worth doing a basic sanity check that /dev/null and
>>> /dev/zero look like device nodes.
>>>
>>> I've made this mistake too and it produces some very confusing error
>>> messages :(
>>>
>>> --
>>> Daniel O'Connor
>>> "The nice thing about standards is that there
>>> are so many of them to choose from."
>>>   -- Andrew Tanenbaum
>>> GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
>>>
>>> _______________________________________________
>>> freebsd-stable@freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
>>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
>>>