Date: Wed, 18 Jul 2007 21:41:35 -0700 From: Tech Valley Internet - Tony Kivits <tony@techvalley.ca> To: Christopher Cowart <ccowart@rescomp.berkeley.edu> Cc: freebsd-questions@freebsd.org Subject: Re: /dev/random in jails Message-ID: <7.0.1.0.0.20070718204749.01c146a8@techvalley.ca> In-Reply-To: <20070719034250.GB27888@rescomp.berkeley.edu> References: <7.0.1.0.0.20070718181625.01d5eeb0@techvalley.ca> <20070719023259.GA27888@rescomp.berkeley.edu> <7.0.1.0.0.20070718202853.01bf3108@techvalley.ca> <20070719034250.GB27888@rescomp.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 08:42 PM 7/18/2007, Christopher Cowart wrote: >On Wed, Jul 18, 2007 at 08:34:21PM -0700, Tech Valley Internet - >Tony Kivits wrote: > > At 07:32 PM 7/18/2007, Christopher Cowart wrote: > > >On Wed, Jul 18, 2007 at 06:30:50PM -0700, Tech Valley Internet - > > >Tony Kivits wrote: > > >> I am attempting to run portions (if not all) of the software called > > >> HSphere inside of jailed subsystems of FreeBSD. I am able to create > > >> the jails no problem but the devices /dev/random and /dev/urandom are > > >> not created automatically in the jail despite the fact that a handful > > >> of other devices are mounted correctly when the jail is created. > > >> > > >> Is there a specific reason for these devices not being created in a > > >> jail or is there a way to create these devices so that they will be > > >> available inside a jail? > > > > > >We run bind instances in FreeBSD jails. This is how we get /dev/random: > > > > > >| # /etc/devfs.rules: > > >| [devfsrules_thin_jail=100] > > >| add include $devfsrules_hide_all > > >| add include $devfsrules_unhide_basic > > > > > >| # /etc/rc.conf: > > >| jail_cachingdns_devfs_enable="YES" > > >| jail_cachingdns_devfs_ruleset="devfsrules_thin_jail" > > > > > Thanks Chris, > > > > So if my jail is called "cp", the only thing that I would have to > > change from your scripts would be replace to replace "cachingdns" > with "cp"? > >Yes. Are you configuring the jail via /etc/rc.conf already? Are you >using the rc script /etc/rc.d/jail to start your jails? > >My complete config from /etc/rc.conf is: > >| # Enable jails >| jail_enable="YES" >| jail_list="cachingdns" >| >| # Caching-nameserver jail >| jail_cachingdns_hostname="ns1.example.com" >| jail_cachingdns_ip="192.0.2.15" >| jail_cachingdns_interface="bge0" >| jail_cachingdns_rootdir="/var/jails/caching-dns" >| jail_cachingdns_exec="/usr/local/sbin/named" >| jail_cachingdns_devfs_enable="YES" >| jail_cachingdns_devfs_ruleset="devfsrules_thin_jail" > >You can replace cachingdns with cp or whatever else you want. You can >also create multiple jails with different names. > >I don't know if you're following the typical FreeBSD jail documentation >which gives you a complete FreeBSD installation inside the jail. Given >that I only need to run named, I have not done that. > >Are you trying to run a complete FreeBSD install that allows user logins >inside your jail? Or are you simply trying to jail a single process? My >example above jails the single process named, and does not have an OS >install inside the jail's root. > >-- >Chris Cowart >Lead Systems Administrator >Network & Infrastructure Services, RSSP-IT >UC Berkeley > Thanks Chris, I am doing a complete OS inside the jail and am starting it through the rc.conf. I have modified the devfs.rules so that they are now passing random and urandom as devices. But the installation software is still reporting that /dev/random is not working properly. Do you know of a way that I can test /dev/random to see if it is actually working? Thanks again, Tony
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7.0.1.0.0.20070718204749.01c146a8>