# Running webcamd(8) inside a Jail



## sickboy (Jan 24, 2019)

I’m trying to run webcamd(8) inside a Jail. On the host, I have set `vfs.usermount=1`, loaded the `cuse` Kernel module, and added the following lines to /etc/devfs.rules:

```
[devfsrules_jail=4]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'cuse' unhide
add path 'ugen*' unhide
add path 'usb/*' unhide
add path 'video*' unhide
add path usb unhide
add path usbctl unhide
add path zfs unhide
```

Inside the Jail, `usbconfig` lists all attached USB devices and `webcamd -d 0.6` states that the video devices for the webcam are created:

```
# webcamd -d 0.6
Attached to ugen0.6[0]
Creating /dev/video0
Creating /dev/video1
```
But there are no `video*` devices:

```
# ls -al /dev
total 11
dr-xr-xr-x  10 root  wheel      512 Jan 24 17:41 .
drwxr-xr-x  17 root  wheel       22 Jan 24 16:38 ..
crw-------   1 root  operator  0xf2 Jan 24 16:43 cuse
dr-xr-xr-x   2 root  wheel      512 Jan 24 17:41 fd
crw-rw-rw-   1 root  wheel     0x1a Jan 24 20:50 null
dr-xr-xr-x   2 root  wheel      512 Jan 24 17:41 pts
crw-r--r--   1 root  wheel      0x9 Aug 21 08:01 random
lrwxr-xr-x   1 root  wheel        4 Jan 24 17:41 stderr -> fd/2
lrwxr-xr-x   1 root  wheel        4 Jan 24 17:41 stdin -> fd/0
lrwxr-xr-x   1 root  wheel        4 Jan 24 17:41 stdout -> fd/1
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen0.1 -> usb/0.1.0
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen0.2 -> usb/0.2.0
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen0.3 -> usb/0.3.0
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen0.4 -> usb/0.4.0
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen0.5 -> usb/0.5.0
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen0.6 -> usb/0.6.0
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen1.1 -> usb/1.1.0
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen1.2 -> usb/1.2.0
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen2.1 -> usb/2.1.0
lrwxr-xr-x   1 root  wheel        9 Jan 24 17:41 ugen2.2 -> usb/2.2.0
lrwxr-xr-x   1 root  wheel        6 Jan 24 17:41 urandom -> random
dr-xr-xr-x   2 root  wheel      512 Jan 24 17:41 usb
crw-r--r--   1 root  operator  0x4c Aug 21 08:01 usbctl
crw-rw-rw-   1 root  wheel     0x1b Aug 21 10:01 zero
crw-rw-rw-   1 root  operator  0x49 Aug 21 08:01 zfs
```

Any hints on what went wrong?


----------



## olli@ (Jan 24, 2019)

I'm afraid webcamd won't work inside a jail.
The required privilege to create device nodes is denied for jailed processes.

If you're willing to manipulate the FreeBSD kernel source code, you can add `PRIV_DRIVER` to the list of allowed privileges in the function `prison_priv_check` in the file sys/kern/kern_jail.c, then rebuild your kernel and reboot. Then webcamd should work in a jail. Of course, you do that at your own risk.


----------



## sickboy (Jan 25, 2019)

Thank you for the clarification. I will run webcamd(8) on the host instead.


----------



## BawdyAnarchist (Jan 17, 2021)

sickboy said:


> Thank you for the clarification. I will run webcamd(8) on the host instead.


Hi, just wondering how this worked out for you. I have a webcam that I want to use inside a jailed environment. Were you able to run webcamd on host and then at least pass the device to the jail?


----------



## olli@ (Jan 18, 2021)

BawdyAnarchist said:


> Hi, just wondering how this worked out for you. I have a webcam that I want to use inside a jailed environment. Were you able to run webcamd on host and then at least pass the device to the jail?


That should work. However, note that DEVFS is usually mounted with restrictions inside jails, i.e. only some of the devices nodes are visible. This is a default setting, and it is configurable, so just make sure that DEVFS is configured to show the video device nodes for the webcam inside your jail.


----------



## sickboy (Jan 21, 2021)

BawdyAnarchist said:


> Hi, just wondering how this worked out for you. I have a webcam that I want to use inside a jailed environment. Were you able to run webcamd on host and then at least pass the device to the jail?


I did not continue to use webcamd(8) in a jailed environment, but I remember that it worked without problems.


----------



## BawdyAnarchist (Jan 26, 2021)

Yeah, I ended up getting it working, along with the microphone. I did a whole writeup on it, in case you might find it useful. 









						How To: Webcam and Microphone Inside of GUI Jail
					

One-stop guide on how to get your webcam working inside of a GUI jail, including the microphone. Assumes you already have GUI set up inside the jail. My hardware:  Ryzen Threadripper 3960x, NVIDIA 2080 RTX, Logitec C920 Webcam  OVERVIEW    - Background Info    - Load Kernel Modules    - Install...




					forums.freebsd.org


----------

