Previously posted to -questions: In my quest to get asterisk+iaxmodem+hylafax working together in a jail I've run into one final roadblock. I can't seem to figure out how to create a symbolic link (ln -s doesn't work) in /dev in the jail environment while in the jailed environment. When trying to create a link with ln I receive: ln -s somedev targetdev ln: targetdev: Operation not permitted Adding a link entry to devfs.conf in the jail fails too since it receives the same error. I can create a link in the jailed /dev from the host environment, so there seems to be some restriction on creating links in /dev while in the jail. The reason I need to be able to do this is that iaxmodem needs to create a /dev/ttyIAX device to point to the correct ttyp* device when it starts in the jail. Any suggestions would be appreciated. Thanks, -- Anish Mistry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060906/62f9da4f/attachment.pgp
On Sep 6, 2006, at 12:03 PM, Anish Mistry wrote:> able to do this is that iaxmodem needs to create a /dev/ttyIAX device > to point to the correct ttyp* device when it starts in the jail. > > Any suggestions would be appreciated.I don't think you can do that with devfs in a jail, and I don't see any sysctl tunable to allow it. Also, the devfs runs in the host, not the jail environment, so it seems unlikely you'll find success here unless you alter the devfs config on host as you've discovered.
On Wednesday 06 September 2006 18:57, Dewayne Geraghty wrote:> Generally there is a barrier accessing files/directories that exist > outside a jail. The best way is to create a mount point > (directory) in the jail, and mount_nullfs outside the jail. > E.g in the jail, mkdir /fun > Outside the jail, mount_nullfs /outside/jail/path/to/fun > /insidejail/fun This will make the jail see the "external" file or > directory.Right, I'm not trying to access anything outside of the jail. I've already exposed all of the required device nodes to the jail and it all works if I start iaxmodem and manually create the symlink from the host environment. The resulting link when viewed from the jail still points to the jailed environment, which is fine since that's what I want.> Good luck on getting asterisk and friends to work, that was too > hard, so a "friend" gave me a pabx on a linux machine...I'd be > interested if you're successful on Freebsd.My setup works perfect outside of a jailed environment. Asterisk works fine within the jail (eg. voicemail, menus, etc.), just not iaxmodem+hylafax due to the symlink issue. -- Anish Mistry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060906/738d4002/attachment.pgp
On 6. sep. 2006, at 18.03, Anish Mistry wrote:> Previously posted to -questions: > In my quest to get asterisk+iaxmodem+hylafax working together in a > jail I've run into one final roadblock. I can't seem to figure out > how to create a symbolic link (ln -s doesn't work) in /dev in the > jail environment while in the jailed environment. When trying to > create a link with ln I receive: > ln -s somedev targetdev > ln: targetdev: Operation not permitted > Adding a link entry to devfs.conf in the jail fails too since it > receives the same error. I can create a link in the jailed /dev from > the host environment, so there seems to be some restriction on > creating links in /dev while in the jail. The reason I need to be > able to do this is that iaxmodem needs to create a /dev/ttyIAX device > to point to the correct ttyp* device when it starts in the jail. > > Any suggestions would be appreciated.Have you tried to change the devfs ruleset? Try to boot up a jail without any devfs restrictions and see if your devfs.conf alias works then. Search for jail_example_devfs in /etc/defaults/rc.conf, and have a look at /etc/defaults/devfs.rules. I guess specifying jail_example_devfs_ruleset="" is enough to disable the rules. If you succeed, you will need to find some way of enforcing rules, but allowing what you want. Running a jail without devfs rules gives the jail too much access to the system. -- Frode Nordahl