Hi stable@, jail@ [jail@ plz cc me as I'm not subscribed]
I'm having some problems setting up some jails for semi-isolated
development (ie, so we can isolate the developers into a jail, give them
all the root access they want, and not worry about them blowing up more
than their own jail) on 6.2-RELEASE-p5.
I have set up a jail, using ezjail, which appeared to work fine. I can
start the jail, and use jexec to spawn a shell inside the jail. However,
if I then try to ssh from the jail to another box, ssh fails with the
error message (with -v):
debug1: read_passphrase: can't open /dev/tty: Device busy
Host key verification failed.
The only ezjail.conf option I changed/added from default was to set
ezjail_jaildir. I left ezjail_devfs_enable="YES",
ezjail_devfs_ruleset="devfsrules_jail", the defaults.
From outside the jail, devfs appears to be mounted:
/data2/ezjails/basejail on /data2/ezjails/monotest/basejail (nullfs,
local, read-only)
devfs on /data2/ezjails/monotest/dev (devfs, local)
fdescfs on /data2/ezjails/monotest/dev/fd (fdescfs)
procfs on /data2/ezjails/monotest/proc (procfs, local)
From inside the jail, there doesn't appear to be a /dev/tty, unless you
look for it:
# ls /dev
fd ptyp0 ptyp3 ptyp6 stdin ttyp1 ttyp4 urandom
log ptyp1 ptyp4 random stdout ttyp2 ttyp5 zero
null ptyp2 ptyp5 stderr ttyp0 ttyp3 ttyp6
# ls -l /dev/tty
crw-rw-rw- 1 root wheel 0, 91 Oct 3 16:57 /dev/tty
I found a posting from 2005 describing the same problem [1], but
unfortunately without a resolution. I'm sure this should be possible and
I'm doing/not doing something that stops it. Any hints, tips would be
appreciated. If there's any additional information I can provide..
Cheers
Tom
[1]
http://lists.freebsd.org/pipermail/freebsd-hackers/2005-November/014423.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20071003/66839c8c/attachment.pgp