Re: chroots/jails in jails
----Security_Multipart(Tue_Jul__9_21_42_28_2013_084)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Julian Elischer <julian@freebsd.org> wrote
in <51DC0054.2040703@freebsd.org>:
ju> I'm making a build system for a project which creates a chroot in
ju> which to do some of the building to avoid base-system contamination
ju> (yeah I know lots of people do that).
ju> the trick is that my test system is itself, a jail.
ju> So I can not mount /dev in the chroot.
ju>
ju> I can not predict where a build will occur so I can not pre-mount the
ju> devfs from outside the jail. (users may fire off builds in different
ju> locations)
ju>
ju> Does anyone have any solution to this problem?
ju>
ju> We have hierarchical jails, but no way of allowing the parent jail to
ju> give the child jail a devfs.
ju>
ju> Has anyone looked at what it would take to make devfs "jail friendly"?
ju>
ju> I'm guessing that the jail would have to get some devfs-rule parameter
ju> and that mount_devfs or it's in-kernel parts would have to know what
ju> to do..
ju>
ju> seems like there should be someone out there who has hit this.. (and
ju> solved it?)
Allowing to mount devfs inside hierarchical jails should work like
the following:
# jail -c allow.mount.devfs=1 allow.mount=1 enforce_statfs=1 children.max=10 path=/ name=j1 persist
# jexec j1 /bin/tcsh
# mkdir /tmp/dev1
# mount -t devfs devfs /tmp/dev1
# jail -c allow.mount.devfs=1 allow.mount=1 enforce_statfs=1 path=/ name=j2 persist
# jexec j2 /bin/tcsh
# mkdir /tmp/dev2
# mount -t devfs devfs /tmp/dev2
-- Hiroki
----Security_Multipart(Tue_Jul__9_21_42_28_2013_084)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (FreeBSD)
iEYEABECAAYFAlHcBTQACgkQTyzT2CeTzy1EpwCfUsApw7x8v/GO6Z7DWYIRXpQn
yjIAoM1nx4Q1BBGwV6Qt7wjyzqfF7D1R
=sncX
-----END PGP SIGNATURE-----
----Security_Multipart(Tue_Jul__9_21_42_28_2013_084)----
討論串 (同標題文章)