From owner-freebsd-bugs@FreeBSD.ORG Wed Feb 26 09:50:00 2014 Return-Path: Delivered-To: freebsd-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DEAC11CD for ; Wed, 26 Feb 2014 09:50:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9F85D12A3 for ; Wed, 26 Feb 2014 09:50:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s1Q9o0RD073903 for ; Wed, 26 Feb 2014 09:50:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s1Q9o0L2073902; Wed, 26 Feb 2014 09:50:00 GMT (envelope-from gnats) Resent-Date: Wed, 26 Feb 2014 09:50:00 GMT Resent-Message-Id: <201402260950.s1Q9o0L2073902@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Robert Schulze Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 770B598 for ; Wed, 26 Feb 2014 09:47:00 +0000 (UTC) Received: from newred.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 60E781231 for ; Wed, 26 Feb 2014 09:47:00 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by newred.freebsd.org (8.14.7/8.14.7) with ESMTP id s1Q9kxWC096835 for ; Wed, 26 Feb 2014 09:46:59 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.7/8.14.7/Submit) id s1Q9kxK5096818; Wed, 26 Feb 2014 09:46:59 GMT (envelope-from nobody) Message-Id: <201402260946.s1Q9kxK5096818@cgiserv.freebsd.org> Date: Wed, 26 Feb 2014 09:46:59 GMT From: Robert Schulze To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: misc/187079: devfs_load_rulesets has to be enabled for mount.devfs to behave like expected X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Feb 2014 09:50:00 -0000 >Number: 187079 >Category: misc >Synopsis: devfs_load_rulesets has to be enabled for mount.devfs to behave like expected >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 26 09:50:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Robert Schulze >Release: 10.0-RELEASE >Organization: >Environment: FreeBSD hostname 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r262478: Tue Feb 25 13:25:37 CET 2014 root@hostname:/usr/obj/usr/src/sys/JWEB amd64 >Description: When mounting devfs into jails via mount.devfs in /etc/jail.conf, it is expected to be assigned the ruleset #4 by default, so that only basic device nodes are accessible inside the jail. However, without explicitly setting devfs_load_rulesets="YES" in /etc/rc.conf, the jail's devfs doesn't get restricted, it will contain all device nodes instead. >How-To-Repeat: >Fix: Either make devfs_load_rulesets="YES" the default in /etc/defaults/rc.conf or clearly state that this has to be set explicitly in the manpage of jail(8). >Release-Note: >Audit-Trail: >Unformatted: