From owner-freebsd-jail@FreeBSD.ORG  Mon Nov 11 11:06:51 2013
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTP id 65832929
 for <freebsd-jail@FreeBSD.org>; Mon, 11 Nov 2013 11:06:51 +0000 (UTC)
 (envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2001:1900:2254:206c::16:87])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 52C5B2CB9
 for <freebsd-jail@FreeBSD.org>; Mon, 11 Nov 2013 11:06:51 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
 by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rABB6pEv082088
 for <freebsd-jail@FreeBSD.org>; Mon, 11 Nov 2013 11:06:51 GMT
 (envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
 by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rABB6owW082086
 for freebsd-jail@FreeBSD.org; Mon, 11 Nov 2013 11:06:50 GMT
 (envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 11 Nov 2013 11:06:50 GMT
Message-Id: <201311111106.rABB6owW082086@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
 owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@freebsd.org>
To: freebsd-jail@FreeBSD.org
Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Nov 2013 11:06:51 -0000

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o conf/181650  jail       [jail] [patch] /etc/rc.d/jail fails if  a kernel built
o kern/180916  jail       [jail] [regression] jail startup is broken for 8.4 wit
o kern/180067  jail       [jail] [patch] fix multicast support within jails
o bin/178302   jail       jail(8): unknown parameter: ip6.addr when kernel compi
o kern/176112  jail       [jail] [panic] kernel panic when starting jails
o kern/174902  jail       [jail] jail should provide validator for jail names
o bin/173469   jail       [jail] regression: security.jail.sysvipc_allowed=1 no 
o kern/169751  jail       [jail] reading routing information does not work in ja
o bin/167911   jail       new jail(8) problem with removal, ifconfg -alias and k
o kern/159918  jail       [jail] inter-jail communication failure
o kern/156111  jail       [jail] procstat -b not supported in jail
o misc/155765  jail       [patch] `buildworld' does not honors WITHOUT_JAIL
o conf/154246  jail       [jail] [patch] Bad symlink created if devfs mount poin
s conf/142972  jail       [jail] [patch] Support JAILv2 and vnet in rc.d/jail
o conf/141317  jail       [patch] uncorrect jail stop in /etc/rc.d/jail
o kern/133265  jail       [jail] is there a solution how to run nfs client in ja
o kern/119842  jail       [smbfs] [jail] "Bad address" with smbfs inside a jail
o bin/99566    jail       [jail] [patch] fstat(1) according to specified jid

18 problems total.


From owner-freebsd-jail@FreeBSD.ORG  Sat Nov 16 21:41:52 2013
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id B7745B38
 for <freebsd-jail@freebsd.org>; Sat, 16 Nov 2013 21:41:52 +0000 (UTC)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
 [212.227.126.187]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id B198B26A8
 for <freebsd-jail@freebsd.org>; Sat, 16 Nov 2013 21:41:49 +0000 (UTC)
Received: from [192.168.43.204] (178.115.128.178.wireless.dyn.drei.com
 [178.115.128.178])
 by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis)
 id 0MbJR6-1VyE2j0lMq-00JMzA; Sat, 16 Nov 2013 22:41:41 +0100
From: Jan Demter <jan-mailinglists@demter.de>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Subject: rc.d/jail not loading default devfs rulesets
Message-Id: <2632E87C-F5D4-4F24-B392-BA0626049A22@demter.de>
Date: Sat, 16 Nov 2013 22:41:47 +0100
To: freebsd-jail@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\))
X-Mailer: Apple Mail (2.1822)
X-Provags-ID: V02:K0:EDvhGJjwe31YI97B/AGxRAV2i2essN1YwiN5txWhaeC
 3ynrXBcmcgjwzhmLwQKormt8vlUe+zxF4vAyt8p3zcVokelcTr
 v5BoKvDyaA0SUTKITYld/RjeHhBqCAAEbAp5caRFxNlND4CV4q
 qHgH7S4xeYqyOdeJJAYx0rHAO5vCVHfPfYs7D+Dk7lljWmJfP0
 uAgrQmQ3M50OA7PZhQr7tjIjmqCMZaIOEkPK0lrFNmUz/fj8wp
 Le9KDTm+BFNp/XjNqaI6sTOjAWiH/s6Y+cdPM+mvKQ/BDo9NyY
 QdJOmD4YuqryZHtZd8BNnu4/L/kQw8lPwEqygTaI/FqwsNJSny
 eLvS+bZQC+F5l/grT8x2TXLT8QauV7wNkQhE4l8a/
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.16
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Nov 2013 21:41:52 -0000

Hi there,

is it intentional that rc.d/jail does not load the default devfs =
rulesets on current and 10.0? It used to work like this on 9.x and =
earlier, now you have to explicitly load them (e.g. with =
devfs_load_rulesets in rc.conf).
If you do not do this, ruleset 4 (devfsrules_jail) will just be created =
and left empty on mount of the in-jail /dev, making the normal set of =
device nodes available. That is quite an easy escape path :)
This does not seem to be documented anywhere and is somewhat surprising, =
so I suspect it is an oversight? Apart from that I really like the work =
on jail.conf, thanks a lot!

While looking around in the docs, I also noticed that jail(8) has =
contradicting info on the default ruleset for jails:
	devfs_ruleset: "A value of zero (default) means no ruleset is =
enforced."
	mount.devfs: =93[=85] or a default of ruleset 4: devfsrules_jail =
[=85]=94
The latter seems to be correct, though it will probably be an empty =
ruleset as described above.

Best wishes,
Jan