Site Navigation

Date:      Mon, 5 Oct 2020 19:26:54 +0000 (UTC)
From:      Kristof Provost <kp@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r366461 - head/sbin/devfs
Message-ID:  <202010051926.095JQsIP042933@repo.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: kp
Date: Mon Oct  5 19:26:54 2020
New Revision: 366461
URL: https://svnweb.freebsd.org/changeset/base/366461

Log:
  devfs.rules: unhide pf in vnet jails
  
  /dev/pf is usable in vnet jails, so don't hide the node there.
  
  We shouldn't expose /dev/pf in regular jails, as that gives them control over
  the host (or parent vnet jail) firewall.
  
  Reviewed by:	bz
  Differential Revision:	https://reviews.freebsd.org/D26537

Modified:
  head/sbin/devfs/devfs.rules

Modified: head/sbin/devfs/devfs.rules
==============================================================================
--- head/sbin/devfs/devfs.rules	Mon Oct  5 19:22:28 2020	(r366460)
+++ head/sbin/devfs/devfs.rules	Mon Oct  5 19:26:54 2020	(r366461)
@@ -86,3 +86,7 @@ add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
 add path fuse unhide
 add path zfs unhide
+
+[devfsrules_jail_vnet=5]
+add include $devfsrules_jail
+add path pf unhide

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010051926.095JQsIP042933>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact