Date: Sat, 16 Nov 2013 18:02:20 -0700 From: James Gritton <jamie@freebsd.org> To: freebsd-jail@freebsd.org Subject: Re: rc.d/jail not loading default devfs rulesets Message-ID: <5288159C.1090202@freebsd.org> In-Reply-To: <2632E87C-F5D4-4F24-B392-BA0626049A22@demter.de> References: <2632E87C-F5D4-4F24-B392-BA0626049A22@demter.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/16/2013 2:41 PM, Jan Demter wrote: > is it intentional that rc.d/jail does not load the default devfs rulesets on current and 10.0? It used to work like this on 9.x and earlier, now you have to explicitly load them (e.g. with devfs_load_rulesets in rc.conf). > If you do not do this, ruleset 4 (devfsrules_jail) will just be created and left empty on mount of the in-jail /dev, making the normal set of device nodes available. That is quite an easy escape path :) > This does not seem to be documented anywhere and is somewhat surprising, so I suspect it is an oversight? Apart from that I really like the work on jail.conf, thanks a lot! Yes, that's an oversight. The current rc.d/jail script needs work, and this is part of the work it needs. It might be as simple as changing the rc script's dependencies. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5288159C.1090202>