Date: Wed, 30 Apr 2014 12:09:03 +0100 From: Matthew Seaman <matthew@freebsd.org> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:07.devfs Message-ID: <5360D9CF.6000103@freebsd.org> In-Reply-To: <201404300435.s3U4ZA45093722@freefall.freebsd.org> References: <201404300435.s3U4ZA45093722@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--2PK2AXvijDGFIqERQB1mk36GOmfLmqsmP
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
On 04/30/14 05:35, FreeBSD Security Advisories wrote:
> Then apply the default ruleset for jails on a devfs mount using:
>=20
> devfs -m ${devfs_mountpoint} rule -s 4 applyset
>=20
> Or, alternatively, the following command will apply the ruleset over al=
l devfs
> mountpoints except the host one:
>=20
> mount -t devfs | grep -v '^devfs on /dev ' | awk '{print $3;}' | \
> xargs -n 1 -J % devfs -m % rule -s 4 applyset
>=20
> After this, the system administrator should add the following configura=
tion
> to /etc/rc.conf to make it permanent, so the above operations do not ha=
ve
> to be done each time the host system reboots.
>=20
> devfs_load_rulesets=3D"YES"
>=20
Verb. Sap. Doing this in a jail where you're running net-snmpd will
prevent snmpd from starting up correctly.
Apr 30 12:02:30 xxxxx snmpd[33871]: init_kmem: kvm_openfiles failed:
/dev/mem: No such file or directory
Apr 30 12:02:30 xxxxx snmpd[33871]: Agent initialization failed
Cheers,
Matthew
--2PK2AXvijDGFIqERQB1mk36GOmfLmqsmP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJ8BAEBCgBmBQJTYNnaXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw
MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnMAgP/3aGdt4LGLa8c5q+AAKR+1j6
FUGVLCVEhH5V1uDOTopXcsRUPBFDGmXGCtLEji21tHOu39fDis2zMBTsvonfReJE
5htGoJDWAQqqLUfep97BiN9Hh9kw+lqn26i2i3vDHjgk3Dmp5r0UGVa9FatLyLuL
j/rVynFVf/+fotP4nXon4OoMw8f9PXGpujuzrL95s4VSNtORdW4zyep5NQaOhJ5r
Lc8UPvGn9mEeWe07bXB3BRGVyevqNW7OmKrZKVwTRNaVVgYQn60f43iJ+FKkiS8B
s/fJ3GJh0KxaMuNMqGXP5Eglg06S5Y53SXPkZNnZVnIISKd9Rl6XbXLjaQuaNuna
OxlB/gvba0gNC1GmP+ZA82F1wpFDTWHvRa6d1d5lSQNtmh28dacn69EupMuzghEm
UIPIb3y/TGqapItxpsh/WYgPS6tXTpyMamIMKCJTkzTW6pfejuEO4Tn5n4SkZRCx
GwnCmjDdbJUH9zLOkmYN3M3NxV+7xWCVX+mMF2O9D+np1/8zkHt0WDWoAISYf1P/
uS7kudfTeFqpxQH0bu0mZUIsl4ztay7+ICUUMpC1csg6w0P+jK3WNRZO2qUYHH04
dtD/Eb40TVedbPVSm5eNCqqUY4+93JtDo2xolQmo2opHcXpPwkQPt3nvqwdd9RBQ
elHWMBFy0kfTB6l/f+20
=RA2A
-----END PGP SIGNATURE-----
--2PK2AXvijDGFIqERQB1mk36GOmfLmqsmP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5360D9CF.6000103>