From owner-freebsd-arch  Sun Jul 28  0: 7:10 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CC5A837B400
	for <arch@freebsd.org>; Sun, 28 Jul 2002 00:07:08 -0700 (PDT)
Received: from turbine.trit.org (turbine.trit.org [63.198.170.141])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2C6BF43E3B
	for <arch@freebsd.org>; Sun, 28 Jul 2002 00:07:08 -0700 (PDT)
	(envelope-from dima@trit.org)
Received: from turbine.trit.org (localhost [127.0.0.1])
	by turbine.trit.org (Postfix) with ESMTP id 4CDE63E1E
	for <arch@freebsd.org>; Sun, 28 Jul 2002 07:07:06 +0000 (UTC)
To: arch@freebsd.org
Subject: devfs ruleset initialization at boot time (was: cvs commit: src/sbin/devfs devfs.8 devfs.c extern.h rule.c )
In-Reply-To: <200207280645.g6S6jUCo040872@freefall.freebsd.org>; from dd@FreeBSD.org on "Sat, 27 Jul 2002 23:45:30 -0700 (PDT)"
Date: Sun, 28 Jul 2002 07:07:06 +0000
From: Dima Dorfman <dima@trit.org>
Message-Id: <20020728070706.4CDE63E1E@turbine.trit.org>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

I wrote:
>   Log:
>   Implement this (quoted from the updated man page): If the first token
>   of a rule specification is a single dash (``-''), rules are read from
>   the standard input and the rest of the specification is ignored.

phk originally suggested this as a way to copy rulesets (see the
EXAMPLES section of the man page), but I think it might also be useful
as a way to initialize rulesets from rc scripts.  E.g., consider
having something like this in rc.conf:

	devfs_ruleset_10="/some/file/with/rules"
	devfs_ruleset_20="/some/other/file/with/rules"

and so on, a la ifconfig_*.  I think this is pretty flexible, and
doesn't have some of the downsides of doing something like rc.firewall
(e.g.., mergemaster won't offer to obliterate your changes every time
you ugprade).  This scheme doesn't handle setting a ruleset on mount
points, but I think that is best done in fstab, with a mount option
that can set the default ruleset.

Thoughts?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message