Jens Rehsack
2003-Aug-15 07:18 UTC
[PATCH] jail NG schript patch for mounting devfs and procfsautomatically
On 14.08.2003 15:36, Scot W. Hetzel wrote:> I just noticed a problem with periodic scripts inside a jail. I'm getting: > > Local system status: > tee: /dev/stderr: Operation not supported > > Mail in local queue: > tee: /dev/stderr: Operation not supported > > Mail in submit queue: > tee: /dev/stderr: Operation not supported > > in the periodic daily, weekly, monthly and security reports. But if I mount > the fdescfs on the jail, then these errors go away. > > So we need to add the following to the new jail script > > jail_start() > { > : > eval jail_devfs=\"\$jail_${_jail}_devfs\" > [ -z ${jail_devfs} ] && jail_devfs="NO": > > eval jail_fdescfs=\"\$jail_${_jail}_fdescfs\" > [ -z ${jail_fdescfs} ] && jail_fdescfs="NO" > : > if checkyesno jail_devfs ; then > mount -t devfs dev ${jail_devdir} > if checkyesno jail_fdescfs ; then > mount -t fdescfs fdesc ${jail_devdir}/fd > fi > : > fi > : > } > > jail_stop() > { > : > eval jail_devfs=\"\$jail_${_jail}_devfs\" > [ -z ${jail_devfs} ] && jail_devfs="NO": > > eval jail_fdescfs=\"\$jail_${_jail}_fdescfs\" > [ -z ${jail_fdescfs} ] && jail_fdescfs="NO" > : > if checkyesno jail_devfs ; then > if [ -d ${jail_devdir} ] ; then > if checkyesno jail_fdescfs; then > umount -f ${jail_devdir}/fd >/dev/null 2>&1 > fi > umount -f ${jail_devdir} >/dev/null 2>&1 > fi > fi > : > } > > The only decsion we need to make is wheter to always mount the fdescfs when > devfs is mounted on the jail, or have a variable to enable mounting of the > fdescfs (jail_*_fdescfs). > > ScotI don't run periodics in jails, because they are not allowed to mail out :-) But I wouldn't really care having fdescfs mounted every time as security problem, so I would decide to mount it ever (or defaultly). If someone cares, addition of jail_example_mount_fdescfs is recommented. I add a CC to security@, because of there may be one or other who has an important comment. Best, Jens
Reasonably Related Threads
- /etc/rc.d/jail: losing IPs if jail_x_interface set and syntax error in jails /etc/rc?
- crash on 7.2-RC1 when inserting an empty DVD: supervisor write, page not present
- Mounting devfs over to ZFS from fstab fails
- FreeBSD Security Advisory FreeBSD-SA-07:01.jail
- FreeBSD Security Advisory FreeBSD-SA-07:01.jail [REVISED]
Wisdom of the Ancients
