From owner-freebsd-current@FreeBSD.ORG Sun Nov 7 18:08:14 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 900DD16A4E1 for ; Sun, 7 Nov 2004 18:08:14 +0000 (GMT) Received: from ip212-226-164-78.adsl.kpnqwest.fi (ip212-226-164-93.adsl.kpnqwest.fi [212.226.164.93]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1997843D3F for ; Sun, 7 Nov 2004 18:08:13 +0000 (GMT) (envelope-from mjraiha@ip212-226-164-78.adsl.kpnqwest.fi) Received: from ip212-226-164-78.adsl.kpnqwest.fi (localhost [127.0.0.1]) iA7I890o089735 for ; Sun, 7 Nov 2004 20:08:09 +0200 (EET) (envelope-from mjraiha@ip212-226-164-78.adsl.kpnqwest.fi) Received: (from mjraiha@localhost)iA7I88UA089734 for freebsd-current@freebsd.org; Sun, 7 Nov 2004 20:08:08 +0200 (EET) (envelope-from mjraiha) Date: Sun, 7 Nov 2004 20:08:08 +0200 From: Marko Raiha To: freebsd-current@freebsd.org Message-ID: <20041107180808.GA89550@daemon.adsl.kpnqwest.fi> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.4.2.1i X-Time-Zone: FI EET, 3 hours east of GMT. X-Operating-System: FreeBSD 5.3-RC1 i386 Subject: DEVFS ruleset misbehaves with Jail X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Nov 2004 18:08:14 -0000 Hi, Although this concerns only stable release with me, I mail this to freebsd-current because I guess this propably concerns also current and should then MFCd to STABLE. I have configured jails with RELEN_5_3 and there seems to be some odd behaviour when using devfs rulesets with jails. Jails do run wonderfully, but devfs rulesets aren't. I have this kind of setup in /etc/rc.conf: # base system /etc/rc.conf jail settings: # Jails jail_enable="YES" jail_list="mail" jail_set_hostname_allow="NO" jail_mail_rootdir="/jail/mail" jail_mail_hostname="mail.example.domain" jail_mail_ip="192.168.42.42" jail_mail_exec="/bin/sh /etc/rc" jail_mail_devfs_enable="YES" jail_mail_devfs_ruleset="4" When starting jails with "/etc/rc.d/jail start"-command I get this error: WARNING devfs_set_ruleset: you must specify a ruleset number Jail is started without ruleset 4 defined in /etc/default/devfs.rules. So, all devices are seen inside /jail/mail/dev. If this can be repeated and confirmed to be true and not my misconfiguration then this is clearly a security risk with jails. devfs_set_ruleset -function is found in file /etc/rc.subr on lines 1192-1209 (FreeBSD: src/etc/rc.subr,v 1.31 2004/07/30 17:19:35 mtm Exp). It seems that in line 1195 script evaluates ruleset incorrectly as empty one. I am not familiar with rc-scripts but I tried this simple fix with success: fortytwo# diff -u /etc/rc.subr-old /etc/rc.subr-new @@ -1192,7 +1192,7 @@ devfs_set_ruleset() { local devdir rs _me - [ -n "$1" ] && eval rs=\$$1 || rs= + [ -n "$1" ] && eval rs=\$1 || rs= [ -n "$2" ] && devdir="-m "$2"" || devdir= _me="devfs_set_ruleset" I am not sure whether bug is in this function or caller giving wrong type of parameter. I would appreciate it if someone rc-script wizard would check this and make proper repair. Regards, -- Marko Räihä