From owner-freebsd-current@FreeBSD.ORG  Sun Apr 20 14:03:50 2003
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 52A9137B401
	for <freebsd-current@freebsd.org>;
	Sun, 20 Apr 2003 14:03:50 -0700 (PDT)
Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DD6AF43F75
	for <freebsd-current@freebsd.org>;
	Sun, 20 Apr 2003 14:03:49 -0700 (PDT)
	(envelope-from DougB@freebsd.org)
Received: from master.gorean.org (12-234-22-23.client.attbi.com[12.234.22.23])
          by rwcrmhc51.attbi.com (rwcrmhc51) with SMTP
          id <20030420210349051004surje>; Sun, 20 Apr 2003 21:03:49 +0000
Date: Sun, 20 Apr 2003 14:03:49 -0700 (PDT)
From: Doug Barton <DougB@FreeBSD.org>
To: "Scot W. Hetzel" <hetzels@westbend.net>
In-Reply-To: <200304200055.h3K0tHJB005595@WBIw009.westbend.net>
Message-ID: <20030420140251.W631@znfgre.tberna.bet>
References: <200304200055.h3K0tHJB005595@WBIw009.westbend.net>
Organization: http://www.FreeBSD.org/
X-message-flag: Outlook -- Not just for spreading viruses anymore!
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: FreeBSD-Current <freebsd-current@freebsd.org>
Subject: Re: Enhancements to the new rc.d/jail script
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Apr 2003 21:03:50 -0000

On Sat, 19 Apr 2003, Scot W. Hetzel wrote:

> Attached are patches for the new rc.d/jail script.

This looks like good work, thanks! My only question, how will this devfs
stuff affect a system that isn't running jails?

Doug

> Index: rc.d/devfs
> ===================================================================
> RCS file: /home/ncvs/src/etc/rc.d/devfs,v
> retrieving revision 1.2
> diff -u -r1.2 devfs
> --- rc.d/devfs	15 Dec 2002 21:56:53 -0000	1.2
> +++ rc.d/devfs	20 Apr 2003 00:10:02 -0000
> @@ -13,6 +13,22 @@
>
>  load_rc_config $name
>
> +# Standard Jail ruleset
> +/sbin/devfs rule -s 10 delset
> +/sbin/devfs rule -s 10 add 100 hide
> +/sbin/devfs rule -s 10 add 200 path ptyp* unhide
> +/sbin/devfs rule -s 10 add 300 path ttyp* unhide
> +/sbin/devfs rule -s 10 add 400 path null unhide
> +/sbin/devfs rule -s 10 add 500 path zero unhide
> +/sbin/devfs rule -s 10 add 600 path random unhide
> +/sbin/devfs rule -s 10 add 610 path urandom unhide
> +/sbin/devfs rule -s 10 add 700 path fd unhide
> +/sbin/devfs rule -s 10 add 800 path fd/* unhide
> +/sbin/devfs rule -s 10 add 810 path mdctl unhide
> +/sbin/devfs rule -s 10 add 900 path stdin unhide
> +/sbin/devfs rule -s 10 add 910 path stdout unhide
> +/sbin/devfs rule -s 10 add 920 path stderr unhide
> +
>  # Setup DEVFS, ie permissions, links etc.
>  #
>  if [ -r /etc/rc.devfs ]; then