From owner-freebsd-current@FreeBSD.ORG Wed Apr 5 20:40:16 2006 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39CFD16A422; Wed, 5 Apr 2006 20:40:16 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 72E6C43D70; Wed, 5 Apr 2006 20:40:11 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id E9CB8200141; Wed, 5 Apr 2006 22:40:08 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 21CBC200137; Wed, 5 Apr 2006 22:40:06 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id A7D44444F41; Wed, 5 Apr 2006 20:39:32 +0000 (UTC) Date: Wed, 5 Apr 2006 20:39:32 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: John Baldwin In-Reply-To: <200604051525.42680.jhb@freebsd.org> Message-ID: <20060405203200.N76259@maildrop.int.zabbadoz.net> References: <20060327093503.G60206@p-i-n.com> <200603291154.18847.jhb@freebsd.org> <20060405162714.L60206@p-i-n.com> <200604051525.42680.jhb@freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de Cc: freebsd-current@freebsd.org, "Raphael H. Becker" Subject: Re: devfs ruleset 4 (jails) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Apr 2006 20:40:16 -0000 On Wed, 5 Apr 2006, John Baldwin wrote: > On Wednesday 05 April 2006 10:27, Raphael H. Becker wrote: >> On Wed, Mar 29, 2006 at 11:54:17AM -0500, John Baldwin wrote: >>> On Wednesday 29 March 2006 11:32, Raphael H. Becker wrote: >>>> On Wed, Mar 29, 2006 at 06:07:05PM +0200, Raphael H. Becker wrote: >>>>> PS: the box crashed just while writing this (while using devfs >>>>> ) so I'll need to powercycle it before leaving my office. >>>> crash: >> [...] >>>> I don't know much about the debugger, so I just resetted the box by >>>> typing "reset" at the prompt. >>>> Hope that helps a little. >>> Well, it means that it's broken in HEAD as well at least. >> >> Is there a workaround to hide "critical" devices from a mounted devfs? >> ... any patches to test? >> >> From my point of view this is a critical situation for machines with >> jails and "foreign" roots in them while I (host admin) cannot hide disk >> devices (and other critical stuff) from the jails. > > No, someone needs to sit down and debug it. I don't know about the crash but the usual thing from startup scripts: jail_foo...=... jail_foo_devfs_ruleset="devfsrules_jail" jail_foo...=... does the right thing on a RELENG_6 box so things must work. It even works for some manually added rulesets. See /etc/defaults/rc.conf for a complete sample. And it did also work some days or perhaps weeks ago on current. Perhaps looking what is done in /etc/rc.subr (from /etc/rc.d/jail) might be a good start to find out how to do things correctly. I suspect the >>>> # devfs -m /data/jails/pinserv3j01.p-i-n.com/dev/ ruleset 4 is missing an apply? -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT