Date: Thu, 07 Jul 2016 11:03:55 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: Grzegorz Junka <list1@gjunka.com>, freebsd-jail@freebsd.org Subject: Re: Effective rule sets in a jail? Message-ID: <577E1AFB.90100@quip.cz> In-Reply-To: <2c9d10fd-35ba-5470-026d-a1483e47fcf2@gjunka.com> References: <2aeb6798-11ee-27c0-610a-d745aa322f97@gjunka.com> <CANJ8om5R-BT=heC%2BgiMTXFH8YQXhuPQZjQ_S-P1bQ1XBGS16uQ@mail.gmail.com> <577E0A78.1040600@quip.cz> <2c9d10fd-35ba-5470-026d-a1483e47fcf2@gjunka.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Grzegorz Junka wrote on 07/07/2016 10:41: > I was referring to this clause in the man document: > > Descendant jails inherit the parent jail's devfs ruleset enforcement. This is true for hierarchical "nested" jails = jail inside jail. And inheriting doesn't mean merging. You can't allow devices in descendant jail which are not allowed on parent. > I thought that the outside rule is combined with the inside rule in the > jail definition. But thanks for the hint about jls -s, it does shows the > (single) active rule set (however without referring to the specific > rules defined in devfs.rules or a combination of it). You are mixing nested jails context with jail.conf context where "outside" definitions are the defaults for all jails which are not overriding those values with own values. Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?577E1AFB.90100>