On 14.08.2003 15:36, Scot W. Hetzel wrote: > I just noticed a problem with periodic scripts inside a jail. I'm getting: > > Local system status: > tee: /dev/stderr: Operation not supported > > Mail in local queue: > tee: /dev/stderr: Operation not supported > > Mail in submit queue: > tee: /dev/stderr: Operation not supported > > in the periodic daily, weekly, monthly and security reports. But if I mount > the fdescfs on the jail, then these errors go away. > > So we need to add the following to the new jail script > > jail_start() > { > : > eval jail_devfs=\"\$jail_${_jail}_devfs\" > [ -z ${jail_devfs} ] && jail_devfs="NO": > > eval jail_fdescfs=\"\$jail_${_jail}_fdescfs\" > [ -z ${jail_fdescfs} ] && jail_fdescfs="NO" > : > if checkyesno jail_devfs ; then > mount -t devfs dev ${jail_devdir} > if checkyesno jail_fdescfs ; then > mount -t fdescfs fdesc ${jail_devdir}/fd > fi > : > fi > : > } > > jail_stop() > { > : > eval jail_devfs=\"\$jail_${_jail}_devfs\" > [ -z ${jail_devfs} ] && jail_devfs="NO": > > eval jail_fdescfs=\"\$jail_${_jail}_fdescfs\" > [ -z ${jail_fdescfs} ] && jail_fdescfs="NO" > : > if checkyesno jail_devfs ; then > if [ -d ${jail_devdir} ] ; then > if checkyesno jail_fdescfs; then > umount -f ${jail_devdir}/fd >/dev/null 2>&1 > fi > umount -f ${jail_devdir} >/dev/null 2>&1 > fi > fi > : > } > > The only decsion we need to make is wheter to always mount the fdescfs when > devfs is mounted on the jail, or have a variable to enable mounting of the > fdescfs (jail_*_fdescfs). > > Scot I don't run periodics in jails, because they are not allowed to mail out :-) But I wouldn't really care having fdescfs mounted every time as security problem, so I would decide to mount it ever (or defaultly). If someone cares, addition of jail_example_mount_fdescfs is recommented. I add a CC to security_at_, because of there may be one or other who has an important comment. Best, JensReceived on Fri Aug 15 2003 - 05:17:45 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:18 UTC