From owner-svn-src-all@FreeBSD.ORG  Sat Mar 17 16:15:06 2012
Return-Path: <owner-svn-src-all@FreeBSD.ORG>
Delivered-To: svn-src-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0B952106564A;
	Sat, 17 Mar 2012 16:15:06 +0000 (UTC)
	(envelope-from alexander@leidinger.net)
Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de
	[217.11.53.44])
	by mx1.freebsd.org (Postfix) with ESMTP id AC85B8FC12;
	Sat, 17 Mar 2012 16:15:05 +0000 (UTC)
Received: from outgoing.leidinger.net (p5796C32E.dip.t-dialin.net
	[87.150.195.46])
	by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id 30B468444D7;
	Sat, 17 Mar 2012 17:14:52 +0100 (CET)
Received: from unknown (IO.Leidinger.net [192.168.1.12])
	by outgoing.leidinger.net (Postfix) with ESMTPS id 49B1C20EA;
	Sat, 17 Mar 2012 17:14:49 +0100 (CET)
Date: Sat, 17 Mar 2012 16:35:39 +0100
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Martin Matuska <mm@FreeBSD.org>
Message-ID: <20120317163539.00004d8f@unknown>
In-Reply-To: <201203162130.q2GLUQaw035726@svn.freebsd.org>
References: <201203162130.q2GLUQaw035726@svn.freebsd.org>
X-Mailer: Claws Mail 3.7.10cvs42 (GTK+ 2.16.6; i586-pc-mingw32msvc)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-EBL-MailScanner-Information: Please contact the ISP for more information
X-EBL-MailScanner-ID: 30B468444D7.AE132
X-EBL-MailScanner: Found to be clean
X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN,
	SpamAssassin (not cached, score=-0.88, required 6,
	autolearn=disabled, ALL_TRUSTED -1.00, AWL -0.02, TW_SV 0.08,
	TW_ZF 0.08, T_RP_MATCHES_RCVD -0.01)
X-EBL-MailScanner-From: alexander@leidinger.net
X-EBL-MailScanner-Watermark: 1332605692.74537@0NE5q4souhcj1iBkL4CuQA
X-EBL-Spam-Status: No
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org, pjd@FreeBSD.org, jamie@FreeBSD.org
Subject: Re: svn commit: r233048 - head/etc/defaults
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
	user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-all>,
	<mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Mar 2012 16:15:06 -0000

On Fri, 16 Mar 2012 21:30:26 +0000 (UTC) Martin Matuska
<mm@FreeBSD.org> wrote:

> Author: mm
> Date: Fri Mar 16 21:30:26 2012
> New Revision: 233048
> URL: http://svn.freebsd.org/changeset/base/233048
> 
> Log:
>   Unhide /dev/zfs in devfsrules_jail.
>   
>   The /dev/zfs device is required for managing jailed ZFS datasets.

This may give more info to a jail (ZFS is in use on this machine) than
what someone may want to provide. I have separate rulesets for jails
without and with ZFS (actually the one without is the default one and
the one with is a new one):
---snip---
...

[devfsrules_unhide_zfs=12]
add path zfs unhide

...

[devfsrules_jail_withzfs=16]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_unhide_zfs
---snip---

Anyone with arguments why this may be overly paranoid? If not, I would
suggest that we go this way instead.

Bye,
Alexander.

-- 
http://www.Leidinger.net    Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org       netchild @ FreeBSD.org  : PGP ID = 72077137