Comments (3)
to quote the jail(8) man page:
devfs_ruleset
The number of the devfs ruleset that is enforced for mounting devfs in this jail. A value of zero (default) means no ruleset is enforced. Descendant jails inherit the parent jail's devfs ruleset enforcement. Mounting devfs inside a jail is possible only if the
allow.mount
andallow.mount.devfs
permissions are effective andenforce_statfs
is set to a value lower than 2. Devfs rules and rulesets cannot be viewed or modified from inside a jail.NOTE: It is important that only appropriate device nodes in devfs be exposed to a jail; access to disk devices in the jail may permit processes in the jail to bypass the jail sandboxing by modifying files outside of the jail. See devfs(8) for information on how to use devfs rules to limit access to entries in the per-jail devfs. A simple devfs ruleset for jails is available as ruleset
#4
in /etc/defaults/devfs.rules.
and
enforce_statfs
This determines what information processes in a jail are able to get about mount points. It affects the behaviour of the following syscalls: statfs(2), fstatfs(2), getfsstat(2), and fhstatfs(2) (as well as similar compatibility syscalls). When set to 0, all mount points are available without any restrictions. When set to 1, only mount points below the jail's chroot directory are visible. In addition to that, the path to the jail's chroot directory is removed from the front of their pathnames. When set to 2 (default), above syscalls can operate only on a mount-point where the jail's chroot directory is located.
from libioc.
results from further investigation:
this function
libioc/libioc/Config/Jail/BaseConfig.py
Lines 365 to 376 in 1563cd8
is never called
funnily enough, that function was only introduced in #727 — which is believed to be the cause of this issue.
from libioc.
fixed in #734
from libioc.
Related Issues (20)
- Exporting ZFS basejails includes basejail datasets
- provisioning does not cleanup mounted resources HOT 1
- ioc pkg no longer works HOT 2
- `ioc destroy -f` should call `ioc stop -f` HOT 3
- Disable sendmail, for real please
- Symlink race condition
- Broken create Jail with net address already available on host HOT 3
- FreeBSD package names can contain dots
- Exporting jails fails with AbsolutePath error
- Unable to build under 12.1-p2 (python3.7)
- ZFS root dataset is not mounted HOT 1
- METADATA is incomplete
- Missing files in sdist
- how to (remember to) reload /etc/pf.conf when (re)starting a jail HOT 3
- fdescfs is no longer necessary HOT 1
- libioc's pkg feature can conflict badly with its provisioning feature HOT 1
- Network's __create_new_epair_interface function parameter nic_suffix_b is ignored
- Export without fstab fails
- EOL Warnings fail download on FreeBSD 13
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libioc.