On 9/19/05, Martin Cracauer <cracauer_at_cons.org> wrote: > I noticed the creation of /dev/ entries outside of /dev doesn't work > anymore. This is needed for chroot environments, which rely on > /dev/null on a regular basis. > > I just created the appended message to freebsd-emulation but what I > suggest doesn't work either. It seems that even with the right major > and minor device number we won't get a working /dev/null outside of > /dev. > > Any suggestions? I think it is required to have some capability for > device entries in chrooted environments. > > The only working thing I came up with is this: > > mkdir /compat/linux/dev > mkdir /compat/linux/dev-hidden > mount -t devfs devfs /compat/linux/dev-hidden > cd /compat/linux/dev > rm -f null zero > ln -s ../dev-hidden/null . > ln -s ../dev-hidden/zero . > > Any ill effects to be expected from this hack? > > Yes, when you chrooted to /compat/linux, you still have access to the devices listed in /dev-hidden, which could cause a security issue. You best bet is to mount devfs on /compat/linux/dev, and then use devfs_rules to limit the devices available in the chroot area. > -- cut here -- > > /usr/ports/emulators/linux_base/pkg-message > recommendes: > > You may wish to create and populate /compat/linux/dev/ if you plan to > > chroot > > into your Linux installation. For example: > > > > mkdir /compat/linux/dev > > mknod /compat/linux/dev/null c 2 2 > > chmod 666 /compat/linux/dev/null > > The solution is to change the pkg-message to add an example for 5.X+ that shows howd to mount devfs on /compat/linux/dev, and uses devfs_rules to hide all devices except for the null & zero device. -- DISCLAIMER: No electrons were mamed while sending this message. Only slightly bruised.Received on Mon Sep 19 2005 - 15:20:03 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:43 UTC