Mount devfs and tmpfs inside jail. Operation not permited.

B

bryn1u

Hello guys,

I have been trying mount inside jail tmpfs and devfs but always get "operation not permited"
My steps:
Changed 0 -> 1
Code: 
root@HardenedBSD:/home/bryn1u # sysctl -a | grep -i tmpfs
security.jail.param.allow.mount.tmpfs: 0
security.jail.mount_tmpfs_allowed: 1
devfs
Changes 0 -> 1
Code: 
root@HardenedBSD:/home/bryn1u # sysctl -a | grep -i devfs
security.jail.param.allow.mount.devfs: 0
security.jail.param.devfs_ruleset: 0
security.jail.devfs_ruleset: 0
security.jail.mount_devfs_allowed: 1
jail.conf
Code: 
Proton {
        path = /zroot/jails/Proton;
        mount;
        allow.mount;
        mount.devfs;
        mount.procfs;
        exec.clean;
        exec.consolelog = "/var/log/jail_Proton_console.log";
        devfs_ruleset = 50;
        #mount.nodevfs;
        mount += "dev /zroot/jails/Proton/dev devfs rw,ruleset=50";
        mount += "fdesc /zroot/jails/Proton/dev/fd fdescfs rw", "proc /zroot/jails/Proton/proc procfs rw";
        mount += "tmpfs /zroot/jails/Proton/dev/shm tmpfs rw";
        host.hostname = proton.edu.pl;
        ip4.addr = 79.137.56.144;
        interface = em0;
        securelevel = 3;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
}
Inside the jail im trying:
Code: 
root@proton:/ # mount -t devfs devfs /dev
mount: devfs: Operation not permitted
root@proton:/ # mount -t tmpfs tmpfs /tmp
mount: tmpfs: Operation not permitted
root@proton:/ #
Someone can tell me what is wrong ?
Thanks !
 
First off: see the (edit): jail(8) manual page. Considering the stuff you're not quoting I think you missed some parts:

Mounting devfs inside a jail is possible
only if the allow.mount and allow.mount.devfs permissions are
effective and enforce_statfs is set to a value lower than 2.
Devfs rules and rulesets cannot be viewed or modified from inside
a jail.
Click to expand...
I see allow.mount but not allow.mount.devfs.

But why would you even want to bother? It might be easier (and safer) to use mount.fstab. Just point that to an fstab which is to be used for your jail and all the specified file systems will be mounted by the host during boot of the jail.
 
Im asking becouse i have a problem with voice server. I've downloaded and trying run teamspeak but i got an error like below:
Code: 
2017-08-25 20:09:08.555362|ERROR   |Accounting    |   |failed to register local accounting service
2017-08-25 20:09:08.555460|ERROR   |ServerLibPriv |   |Server() error while starting servermanager, error: instance check error

This problem
Code: 
|ServerLibPriv |   |Server() error while starting servermanager, error: instance check error
is related with:
In some cases, the server process terminates on startup and the error message reads
"Server() error while starting servermanager, error: instance check error".

As long as you don't have a license key embededded we make sure you only run exactly
one instance of the TS3 server free unregistered version. We use shared memory to
facilitate the communication to detect other running instances, which requires tmpfs
to be mounted at /dev/shm. If you (for whatever reason) do not have this mounted, the
above error will occur.

To fix this problem, the following commands or file edits need to be done as root user
(or using something like sudo). This is a temporary fix until your next reboot.

mount -t tmpfs tmpfs /dev/shm

Now, to make sure this mount is done automatically upon reboot edit the file /etc/fstab
and add the line:

tmpfs /dev/shm tmpfs defaults 0 0
Click to expand...

Im looking for some solution for it to resolve in jail. There isn't something like /dev/shm in FreeBSD what is an equivalent of /dev/shm under FreeBSD ?
On host it works without any problems but inside jail doesn't.
 
Well, as I said, you can start by setting up a 'fstab.jail' to set up those file systems during boot and shutdown. Then specify that in your /etc/jail.conf using mount.fstab. But considering that this is about getting software to run inside a jail my advice would be to manually set up the mount on the host for now so that you can experiment and test this first.

One problem could be that FreeBSD doesn't know about /dev/shm but considering that it's only tmpfs you should be able to set that up.

So, on the host, try something like:
# mount -t devfs -o ruleset=50 none /zroot/jails/Proton/dev. I assume you set up ruleset 50 yourself, so then you might be able to use: # mount -t tmpfs none /zroot/jails/Proton/dev/shm.
 
ShelLuser said:
Well, as I said, you can start by setting up a 'fstab.jail' to set up those file systems during boot and shutdown. Then specify that in your /etc/jail.conf using mount.fstab. But considering that this is about getting software to run inside a jail my advice would be to manually set up the mount on the host for now so that you can experiment and test this first.

One problem could be that FreeBSD doesn't know about /dev/shm but considering that it's only tmpfs you should be able to set that up.

So, on the host, try something like:
# mount -t devfs -o ruleset=50 none /zroot/jails/Proton/dev. I assume you set up ruleset 50 yourself, so then you might be able to use: # mount -t tmpfs none /zroot/jails/Proton/dev/shm.
Click to expand...

I always mount from jail.conf but im trying to find some solution. When i put # mount -t tmpfs none /zroot/jails/Proton/dev/shm i receive: operation not permited. Why ?
 
bryn1u said:
When I put mount -t tmpfs none /zroot/jails/Proton/dev/shm I receive: operation not permitted. Why ?
Click to expand...
Because the command is wrong.

mount -t tmpfs tmpfs /zroot/jails/Proton/dev/shm

Code: 
EXAMPLES
     To mount a tmpfs memory file system:

           mount -t tmpfs tmpfs /tmp
From tmpfs(5).
 
You must log in or register to reply here.
Back
Top