From owner-svn-src-all@FreeBSD.ORG  Sun Mar 18 21:29:50 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 6E47C106566C;
	Sun, 18 Mar 2012 21:29:50 +0000 (UTC) (envelope-from mm@FreeBSD.org)
Received: from mail.vx.sk (mail.vx.sk [176.9.45.25])
	by mx1.freebsd.org (Postfix) with ESMTP id 24E488FC14;
	Sun, 18 Mar 2012 21:29:49 +0000 (UTC)
Received: from core2.vx.sk (localhost [127.0.0.2])
	by mail.vx.sk (Postfix) with ESMTP id 891D518C20;
	Sun, 18 Mar 2012 22:29:43 +0100 (CET)
X-Virus-Scanned: amavisd-new at mail.vx.sk
Received: from mail.vx.sk by core2.vx.sk (amavisd-new, unix socket) with LMTP
	id 6USe9PoiR2Ur; Sun, 18 Mar 2012 22:29:41 +0100 (CET)
Received: from [10.9.8.1] (188-167-78-15.dynamic.chello.sk [188.167.78.15])
	by mail.vx.sk (Postfix) with ESMTPSA id 3A35B18C19;
	Sun, 18 Mar 2012 22:29:41 +0100 (CET)
Message-ID: <4F6653C6.6020405@FreeBSD.org>
Date: Sun, 18 Mar 2012 22:29:42 +0100
From: Martin Matuska <mm@FreeBSD.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
	rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
MIME-Version: 1.0
To: Alexander Leidinger <Alexander@Leidinger.net>
References: <201203162130.q2GLUQaw035726@svn.freebsd.org>
	<20120317163539.00004d8f@unknown>
In-Reply-To: <20120317163539.00004d8f@unknown>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org, pjd@FreeBSD.org, jamie@FreeBSD.org
Subject: Re: svn commit: r233048 - head/etc/defaults
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Mar 2012 21:29:50 -0000

On 17.3.2012 16:35, Alexander Leidinger wrote:
> On Fri, 16 Mar 2012 21:30:26 +0000 (UTC) Martin Matuska
> <mm@FreeBSD.org> wrote:
>
>> Author: mm
>> Date: Fri Mar 16 21:30:26 2012
>> New Revision: 233048
>> URL: http://svn.freebsd.org/changeset/base/233048
>>
>> Log:
>>   Unhide /dev/zfs in devfsrules_jail.
>>   
>>   The /dev/zfs device is required for managing jailed ZFS datasets.
> This may give more info to a jail (ZFS is in use on this machine) than
> what someone may want to provide. I have separate rulesets for jails
> without and with ZFS (actually the one without is the default one and
> the one with is a new one):
> ---snip---
> ...
>
> [devfsrules_unhide_zfs=12]
> add path zfs unhide
>
> ...
>
> [devfsrules_jail_withzfs=16]
> add include $devfsrules_hide_all
> add include $devfsrules_unhide_basic
> add include $devfsrules_unhide_login
> add include $devfsrules_unhide_zfs
> ---snip---
>
> Anyone with arguments why this may be overly paranoid? If not, I would
> suggest that we go this way instead.
>
> Bye,
> Alexander.
>
The only disclosed information I know of is whether the zfs module is
loaded on your system.
Other alternative I was thinking of would be using a new ruleset (e.g.
devfsrules_jail_zfs=5).
The disadvantage here is that users that already have defined a ruleset
with this number should be informed somehow.

-- 
Martin Matuska
FreeBSD committer
http://blog.vx.sk