Date: Wed, 18 Jul 2007 20:42:50 -0700 From: Christopher Cowart <ccowart@rescomp.berkeley.edu> To: Tech Valley Internet - Tony Kivits <tony@techvalley.ca> Cc: freebsd-questions@freebsd.org Subject: Re: /dev/random in jails Message-ID: <20070719034250.GB27888@rescomp.berkeley.edu> In-Reply-To: <7.0.1.0.0.20070718202853.01bf3108@techvalley.ca> References: <7.0.1.0.0.20070718181625.01d5eeb0@techvalley.ca> <20070719023259.GA27888@rescomp.berkeley.edu> <7.0.1.0.0.20070718202853.01bf3108@techvalley.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--zOhrINIRDRtNKIHr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 18, 2007 at 08:34:21PM -0700, Tech Valley Internet - Tony Kivit= s wrote: > At 07:32 PM 7/18/2007, Christopher Cowart wrote: > >On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet -=20 > >Tony Kivits wrote: > >> I am attempting to run portions (if not all) of the software called > >> HSphere inside of jailed subsystems of FreeBSD. I am able to create > >> the jails no problem but the devices /dev/random and /dev/urandom are > >> not created automatically in the jail despite the fact that a handful > >> of other devices are mounted correctly when the jail is created. > >> > >> Is there a specific reason for these devices not being created in a > >> jail or is there a way to create these devices so that they will be > >> available inside a jail? > > > >We run bind instances in FreeBSD jails. This is how we get /dev/random: > > > >| # /etc/devfs.rules: > >| [devfsrules_thin_jail=3D100] > >| add include $devfsrules_hide_all > >| add include $devfsrules_unhide_basic > > > >| # /etc/rc.conf: > >| jail_cachingdns_devfs_enable=3D"YES" > >| jail_cachingdns_devfs_ruleset=3D"devfsrules_thin_jail" > > > Thanks Chris, >=20 > So if my jail is called "cp", the only thing that I would have to=20 > change from your scripts would be replace to replace "cachingdns" with "c= p"? Yes. Are you configuring the jail via /etc/rc.conf already? Are you using the rc script /etc/rc.d/jail to start your jails? My complete config from /etc/rc.conf is: | # Enable jails | jail_enable=3D"YES" | jail_list=3D"cachingdns" |=20 | # Caching-nameserver jail | jail_cachingdns_hostname=3D"ns1.example.com" | jail_cachingdns_ip=3D"192.0.2.15" | jail_cachingdns_interface=3D"bge0" | jail_cachingdns_rootdir=3D"/var/jails/caching-dns" | jail_cachingdns_exec=3D"/usr/local/sbin/named" | jail_cachingdns_devfs_enable=3D"YES" | jail_cachingdns_devfs_ruleset=3D"devfsrules_thin_jail" You can replace cachingdns with cp or whatever else you want. You can also create multiple jails with different names. I don't know if you're following the typical FreeBSD jail documentation which gives you a complete FreeBSD installation inside the jail. Given that I only need to run named, I have not done that. Are you trying to run a complete FreeBSD install that allows user logins inside your jail? Or are you simply trying to jail a single process? My example above jails the single process named, and does not have an OS install inside the jail's root. --=20 Chris Cowart Lead Systems Administrator Network & Infrastructure Services, RSSP-IT UC Berkeley --zOhrINIRDRtNKIHr Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFGnt26V3SOqjnqPh0RAgvjAJwL3V8xAG19MD83+79D1yoZARJmRACggxfl ML+TI8SpzVpdErmPr4jgXmQ= =gz1C -----END PGP SIGNATURE----- --zOhrINIRDRtNKIHr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070719034250.GB27888>