Date: Sun, 28 Jul 2002 07:07:06 +0000 From: Dima Dorfman <dima@trit.org> To: arch@freebsd.org Subject: devfs ruleset initialization at boot time (was: cvs commit: src/sbin/devfs devfs.8 devfs.c extern.h rule.c ) Message-ID: <20020728070706.4CDE63E1E@turbine.trit.org> In-Reply-To: <200207280645.g6S6jUCo040872@freefall.freebsd.org>; from dd@FreeBSD.org on "Sat, 27 Jul 2002 23:45:30 -0700 (PDT)"
next in thread | previous in thread | raw e-mail | index | archive | help
I wrote: > Log: > Implement this (quoted from the updated man page): If the first token > of a rule specification is a single dash (``-''), rules are read from > the standard input and the rest of the specification is ignored. phk originally suggested this as a way to copy rulesets (see the EXAMPLES section of the man page), but I think it might also be useful as a way to initialize rulesets from rc scripts. E.g., consider having something like this in rc.conf: devfs_ruleset_10="/some/file/with/rules" devfs_ruleset_20="/some/other/file/with/rules" and so on, a la ifconfig_*. I think this is pretty flexible, and doesn't have some of the downsides of doing something like rc.firewall (e.g.., mergemaster won't offer to obliterate your changes every time you ugprade). This scheme doesn't handle setting a ruleset on mount points, but I think that is best done in fstab, with a mount option that can set the default ruleset. Thoughts? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020728070706.4CDE63E1E>