# Mount devfs and tmpfs inside jail. Operation not permited.



## bryn1u (Aug 26, 2017)

Hello guys,

I have been trying mount inside jail tmpfs and devfs but always get "operation not permited"
My steps:
Changed 0 -> 1 

```
root@HardenedBSD:/home/bryn1u # sysctl -a | grep -i tmpfs
security.jail.param.allow.mount.tmpfs: 0
security.jail.mount_tmpfs_allowed: 1
```
devfs
Changes 0 -> 1

```
root@HardenedBSD:/home/bryn1u # sysctl -a | grep -i devfs
security.jail.param.allow.mount.devfs: 0
security.jail.param.devfs_ruleset: 0
security.jail.devfs_ruleset: 0
security.jail.mount_devfs_allowed: 1
```
jail.conf

```
Proton {
        path = /zroot/jails/Proton;
        mount;
        allow.mount;
        mount.devfs;
        mount.procfs;
        exec.clean;
        exec.consolelog = "/var/log/jail_Proton_console.log";
        devfs_ruleset = 50;
        #mount.nodevfs;
        mount += "dev /zroot/jails/Proton/dev devfs rw,ruleset=50";
        mount += "fdesc /zroot/jails/Proton/dev/fd fdescfs rw", "proc /zroot/jails/Proton/proc procfs rw";
        mount += "tmpfs /zroot/jails/Proton/dev/shm tmpfs rw";
        host.hostname = proton.edu.pl;
        ip4.addr = 79.137.56.144;
        interface = em0;
        securelevel = 3;
        exec.start = "/bin/sh /etc/rc";
        exec.stop = "/bin/sh /etc/rc.shutdown";
}
```
Inside the jail im trying:

```
root@proton:/ # mount -t devfs devfs /dev
mount: devfs: Operation not permitted
root@proton:/ # mount -t tmpfs tmpfs /tmp
mount: tmpfs: Operation not permitted
root@proton:/ #
```
Someone can tell me what is wrong ?
Thanks !


----------



## ShelLuser (Aug 26, 2017)

First off: see the (edit): jail(8) manual page. Considering the stuff you're not quoting I think you missed some parts:



> Mounting devfs inside a jail is possible
> only if the allow.mount and allow.mount.devfs permissions are
> effective and enforce_statfs is set to a value lower than 2.
> Devfs rules and rulesets cannot be viewed or modified from inside
> a jail.


I see allow.mount but not allow.mount.devfs.

But why would you even want to bother? It might be easier (and safer) to use mount.fstab. Just point that to an fstab which is to be used for your jail and all the specified file systems will be mounted by the host during boot of the jail.


----------



## bryn1u (Aug 26, 2017)

Im asking becouse i have a problem with voice server. I've downloaded and trying run teamspeak but i got an error like below:

```
2017-08-25 20:09:08.555362|ERROR   |Accounting    |   |failed to register local accounting service
2017-08-25 20:09:08.555460|ERROR   |ServerLibPriv |   |Server() error while starting servermanager, error: instance check error
```

This problem
	
	



```
|ServerLibPriv |   |Server() error while starting servermanager, error: instance check error
```
 is related with:


> In some cases, the server process terminates on startup and the error message reads
> "Server() error while starting servermanager, error: instance check error".
> 
> As long as you don't have a license key embededded we make sure you only run exactly
> ...



Im looking for some solution for it to resolve in jail. There isn't something like /dev/shm in FreeBSD what is an equivalent of /dev/shm under FreeBSD ?
On host it works without any problems but inside jail doesn't.


----------



## Beastie (Aug 26, 2017)

bryn1u said:


> There isn't something like /dev/shm in FreeBSD what is an equivalent of /dev/shm under FreeBSD ?


tmpfs(5)?

```
tmpfs /tmp tmpfs rw,mode=777 0 0[code]
```
[/code]


----------



## ShelLuser (Aug 26, 2017)

Well, as I said, you can start by setting up a 'fstab.jail' to set up those file systems during boot and shutdown. Then specify that in your /etc/jail.conf using mount.fstab. But considering that this is about getting software to run inside a jail my advice would be to manually set up the mount on the host for now so that you can experiment and test this first.

One problem could be that FreeBSD doesn't know about /dev/shm but considering that it's only tmpfs you should be able to set that up.

So, on the host, try something like:
`# mount -t devfs -o ruleset=50 none /zroot/jails/Proton/dev`. I assume you set up ruleset 50 yourself, so then you might be able to use: `# mount -t tmpfs none /zroot/jails/Proton/dev/shm`.


----------



## bryn1u (Oct 27, 2017)

ShelLuser said:


> Well, as I said, you can start by setting up a 'fstab.jail' to set up those file systems during boot and shutdown. Then specify that in your /etc/jail.conf using mount.fstab. But considering that this is about getting software to run inside a jail my advice would be to manually set up the mount on the host for now so that you can experiment and test this first.
> 
> One problem could be that FreeBSD doesn't know about /dev/shm but considering that it's only tmpfs you should be able to set that up.
> 
> ...



I always mount from jail.conf but im trying to find some solution. When i put `# mount -t tmpfs none /zroot/jails/Proton/dev/shm` i receive: operation not permited. Why ?


----------



## SirDice (Oct 30, 2017)

bryn1u said:


> When I put  `mount -t tmpfs none /zroot/jails/Proton/dev/shm` I receive: operation not permitted. Why ?


Because the command is wrong.

`mount -t tmpfs tmpfs /zroot/jails/Proton/dev/shm`


```
EXAMPLES
     To mount a tmpfs memory file system:

           mount -t tmpfs tmpfs /tmp
```
From tmpfs(5).


----------

