From owner-freebsd-current@FreeBSD.ORG Mon Aug 11 09:30:24 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B48FC37B404 for ; Mon, 11 Aug 2003 09:30:24 -0700 (PDT) Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7AF5743F93 for ; Mon, 11 Aug 2003 09:30:22 -0700 (PDT) (envelope-from rehsack@liwing.de) Received: (qmail 62576 invoked from network); 11 Aug 2003 16:30:13 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 11 Aug 2003 16:30:13 -0000 Message-ID: <3F37C494.5000901@liwing.de> Date: Mon, 11 Aug 2003 18:30:12 +0200 From: Jens Rehsack Organization: LiWing IT-Services User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) X-Accept-Language: de-de, de, en-us, en MIME-Version: 1.0 To: Mike Makonnen References: <3F26AA16.5030007@liwing.de> <20030729172122.GA5005@kokeb.ambesa.net> <3F26BC7B.8070507@liwing.de> <20030801232918.GA37095@kokeb.ambesa.net> <3F2D1800.5020006@liwing.de> <20030803230410.GA16947@kokeb.ambesa.net> In-Reply-To: <20030803230410.GA16947@kokeb.ambesa.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: Clement Laforet cc: Robert Watson cc: FreeBSD-Current List Subject: Re: [PATCH] jail NG schript patch for mounting devfs and procfs automatically X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Aug 2003 16:30:25 -0000 On 04.08.2003 01:04, Mike Makonnen wrote: > On Sun, Aug 03, 2003 at 04:11:12PM +0200, Jens Rehsack wrote: >> >> the patch works for me very well. I've checked what's been done >> and had only small recommendations: >> >> - Wouldn't it be better to configure the devfs rules by >> /etc/devfs.conf or is it impossible? >> >> - Even it would be a good thing, if I could specify a >> ruleset for each jail, and fallback to devfs_ruleset_jail >> if no jail_example_devfs_ruleset is specified? > > Ok. Here's a retooled patch. It now includes a devfs rule > specification format that we can even use in the general > case (i.e. - for /dev). The default rules for a jail are > included in it. It's in etc/defaults/devfs.rules and should > be self-explanatory. > > I also put back Scott's code in rc.d/jail for handlind rulesets > for individual jails. But I kept the default jail ruleset hard-coded. > I don't see the poing of creating yet another knob for it. If a user > doesn't want the default that's what the individual knobs for > the jails are there for :) > > Let me know how it goes. > On 04.08.2003 01:09, Mike Makonnen wrote: > the patch is attached this time. Hi Mike, sorry that testing took a while, but it failed completely first time on my machine I didn't find the time to debug. 1st: you have a typo in etc/rc.d/jail sed "/\[-z/\[ -z/" 2nd: you include the 'devfs_ruleset_hide' several times, and each time the devfs call for it hides all previous unhidden. So you have to remove the 'add include $devfs_ruleset_hide' from the unhiding rulesets. 3rd: I don't know why, but I had your etc/default/devfs.rules content 5 times in my etc/defaults/debfs.rules The parsing subr fails with this content and so the jails didn't came up. So it was my fault (even I cannot explain, 'cause I removed /usr/src/etc before I cvsup'ed and applied the patch). By the way, now it works. Great step for flexible jails!!! Jens