Date: Sat, 17 Mar 2012 16:35:39 +0100 From: Alexander Leidinger <Alexander@Leidinger.net> To: Martin Matuska <mm@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, pjd@FreeBSD.org, jamie@FreeBSD.org Subject: Re: svn commit: r233048 - head/etc/defaults Message-ID: <20120317163539.00004d8f@unknown> In-Reply-To: <201203162130.q2GLUQaw035726@svn.freebsd.org> References: <201203162130.q2GLUQaw035726@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 16 Mar 2012 21:30:26 +0000 (UTC) Martin Matuska <mm@FreeBSD.org> wrote: > Author: mm > Date: Fri Mar 16 21:30:26 2012 > New Revision: 233048 > URL: http://svn.freebsd.org/changeset/base/233048 > > Log: > Unhide /dev/zfs in devfsrules_jail. > > The /dev/zfs device is required for managing jailed ZFS datasets. This may give more info to a jail (ZFS is in use on this machine) than what someone may want to provide. I have separate rulesets for jails without and with ZFS (actually the one without is the default one and the one with is a new one): ---snip--- ... [devfsrules_unhide_zfs=12] add path zfs unhide ... [devfsrules_jail_withzfs=16] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add include $devfsrules_unhide_zfs ---snip--- Anyone with arguments why this may be overly paranoid? If not, I would suggest that we go this way instead. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120317163539.00004d8f>