Hello,
I'm trying to access a device at "low level" from inside a Debian jail. I created the jail using this howto, without any problems: https://forums.freebsd.org/threads/41470/
What I'm really going to do is to use cryptsetup inside the jail:
Looking at the source code shows that the problem occours, because I'm not allowed to open the device (read only):
Other Problems relating to the same permission problems:
So there seems no way to access the devices, even not for read.
This is my jail config:
Any ideas what other permissions I could set?
Or is this even possible from inside a jail?
I'm trying to access a device at "low level" from inside a Debian jail. I created the jail using this howto, without any problems: https://forums.freebsd.org/threads/41470/
What I'm really going to do is to use cryptsetup inside the jail:
debian:~# ls -lahtr container_file
-rw-r--r-- 1 root root 250M Dec 4 14:25 container_file
debian:~# cryptsetup luksFormat container_file
WARNING!
========
This will overwrite data on container_file irrevocably.
Are you sure? (Type uppercase yes): YES
mlockall failed: Operation not permitted
WARNING!!! Possibly insecure memory. Are you root?
Enter LUKS passphrase:
Verify passphrase:
Command failed: Unable to obtain sector size for container_file
Looking at the source code shows that the problem occours, because I'm not allowed to open the device (read only):
Code:
int sector_size_for_device(const char *device)
{
int fd = open(device, O_RDONLY);
int r;
if(fd < 0)
return -EINVAL;
r = sector_size(fd);
close(fd);
return r;
}
Other Problems relating to the same permission problems:
debian:~# cryptsetup luksFormat /dev/ada0s4
WARNING!
========
This will overwrite data on /dev/ada0s4 irrevocably.
Are you sure? (Type uppercase yes): YES
mlockall failed: Operation not permitted
WARNING!!! Possibly insecure memory. Are you root?
Command failed: Can not access device
debian:~# mkfs.ext4 /dev/ada0s4
mke2fs 1.41.3 (12-Oct-2008)
/dev/ada0s4 is not a block special device.
Proceed anyway? (y,n) y
/dev/ada0s4: Operation not permitted while setting up superblock
So there seems no way to access the devices, even not for read.
This is my jail config:
Code:
root@workstation:~ # cat /jailz/etc/jail.conf
debian {
path = /jailz/debian;
allow.mount;
allow.mount.devfs;
mount.devfs;
devfs_ruleset = 0;
enforce_statfs = 0;
host.hostname = debian;
mount.fstab="/jailz/etc/fstab.debian";
ip4.addr = 127.0.0.10;
interface = lo0;
exec.start = "/etc/init.d/rc 3";
exec.stop = "/etc/init.d/rc 0";
}
Any ideas what other permissions I could set?
Or is this even possible from inside a jail?