From owner-freebsd-bugs@FreeBSD.ORG Sun Jul 6 00:24:39 2014 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BE90D6CD for ; Sun, 6 Jul 2014 00:24:39 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8CC512D7D for ; Sun, 6 Jul 2014 00:24:39 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.8/8.14.8) with ESMTP id s660OdUx015145 for ; Sun, 6 Jul 2014 01:24:39 +0100 (BST) (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 191628] [9.3-RC2] ruleset bug report #187079 which was fixed in 10.0 is not fixed in 9.3-RC1 or RC2 Date: Sun, 06 Jul 2014 00:24:39 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: conf X-Bugzilla-Version: 9.3-PRERELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: joeb1@a1poweruser.com X-Bugzilla-Status: In Discussion X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jul 2014 00:24:39 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191628 --- Comment #2 from joeb1@a1poweruser.com --- This is not a question of which RELEASE your running but what jail method your using. jail(8) became available in 9.1 and it was full of bugs. One which was the bug that caused the default ruleset number 4 not to work in 9.1, 9.2, and 10.0. This was never fixed until pr 187079 noticed the effect of changing the /etc/defaults/rc.conf parameter devfs_load_rulesets= from it's default "NO" to "YES" had on enabling the default ruleset number 4 on jail(8) jails in RELEASE 10.0. Since 10.0 RELEASE was already published the only way to fix this was through a security advisory. 10.0 is the first RELEASE where the rc.d/jail script method is depreciated and the jail(8) method is the primary method. In 10.0 all rc.d/jail rc.conf defined jails are converted to jail(8) method on the fly when the jail is started. 9.1, 9.2, and 9.3 uses the rc.d/jail as the primary jail method and the jail(8) method is also provided, but the default to use ruleset number 4 does not work for jail(8) jails in these RELEASES because the devfs_load_rulesets= parameter is set to NO instead of YES. Setting it to YES fixes jail(8) and has no negative effect to the rc.d/jail method that I can see from the testing I have done. So yes I feel that all indications show that devfs_load_rulesets="YES" should be the default in /etc/defaults/rc.conf for the 9.3 RELEASE. Since jail(8) is the direction FreeBSD is headed, every effort should be made to get it to function as intended. At the least, some kind of instructions should be added to the 9.3 release notes covering this subject if correcting the problem is bypassed. -- You are receiving this mail because: You are the assignee for the bug.