From abc8a6b280714c69a9a82faefcf18405e4efb51d Mon Sep 17 00:00:00 2001 From: Chuck Tuffli Date: Fri, 4 Mar 2022 08:16:33 -0800 Subject: [PATCH] Allow Linux jails to see their mount points Some Linux packages (shakes fist angrily at Java) look to see if `/proc` is mounted as a part of the installation by running `mountpoint /proc` While the Linux jail can see the contents of its `/proc` directory, the linprocfs driver will not generate the correct contents for `/proc/mounts` or `/proc/self/mountinfo` as `kern_getfsstat()` will, by default, filter all mount points other than the jail's chroot directory. Fix is to set `enforce_statfs` to allow mount points below the jail's chroot directory to be visible. --- usr/local/share/bastille/create.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index b23306a..e37914f 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -170,6 +170,7 @@ ${NAME} { mount.fstab = ${bastille_jail_fstab}; path = ${bastille_jail_path}; devfs_ruleset = 4; + enforce_statfs = 1; exec.start = '/bin/true'; exec.stop = '/bin/true';