Date: Sat, 26 Jul 2014 18:08:09 -0600 (MDT) From: Warren Block <wblock@wonkity.com> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: freebsd-jail@FreeBSD.org Subject: Re: Additional devfs rulesets Message-ID: <alpine.BSF.2.11.1407261737550.24514@wonkity.com> In-Reply-To: <alpine.BSF.2.11.1407261346110.24514@wonkity.com> References: <alpine.BSF.2.11.1407240945210.65901@wonkity.com> <20140726194437.00000ee4@Leidinger.net> <alpine.BSF.2.11.1407261346110.24514@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 26 Jul 2014, Warren Block wrote: > If devfs accepted an optional file parameter, additional rulesets could be > defined with for each jail. There might be security implications with that. Actually, it looks like that can be done. devfs_rulesets_from_file() in /etc/rc.subr has a parser, and evaluates all files defined in $devfs_rulesets. By default, that is just /etc/defaults/devfs.rules and /etc/devfs.rules. ezjail could just append a third file there, maybe /usr/local/etc/ezjail/jailname-devfs.rules. Or even more elegantly, a here-doc from inside the ezjail/jailname file.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.11.1407261737550.24514>