Date: Sat, 16 Nov 2013 22:41:47 +0100 From: Jan Demter <jan-mailinglists@demter.de> To: freebsd-jail@freebsd.org Subject: rc.d/jail not loading default devfs rulesets Message-ID: <2632E87C-F5D4-4F24-B392-BA0626049A22@demter.de>
next in thread | raw e-mail | index | archive | help
Hi there, is it intentional that rc.d/jail does not load the default devfs = rulesets on current and 10.0? It used to work like this on 9.x and = earlier, now you have to explicitly load them (e.g. with = devfs_load_rulesets in rc.conf). If you do not do this, ruleset 4 (devfsrules_jail) will just be created = and left empty on mount of the in-jail /dev, making the normal set of = device nodes available. That is quite an easy escape path :) This does not seem to be documented anywhere and is somewhat surprising, = so I suspect it is an oversight? Apart from that I really like the work = on jail.conf, thanks a lot! While looking around in the docs, I also noticed that jail(8) has = contradicting info on the default ruleset for jails: devfs_ruleset: "A value of zero (default) means no ruleset is = enforced." mount.devfs: =93[=85] or a default of ruleset 4: devfsrules_jail = [=85]=94 The latter seems to be correct, though it will probably be an empty = ruleset as described above. Best wishes, Jan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2632E87C-F5D4-4F24-B392-BA0626049A22>