From owner-freebsd-virtualization@FreeBSD.ORG  Thu Sep  9 20:10:50 2010
Return-Path: <owner-freebsd-virtualization@FreeBSD.ORG>
Delivered-To: freebsd-virtualization@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D8B4710656DD
	for <freebsd-virtualization@freebsd.org>;
	Thu,  9 Sep 2010 20:10:50 +0000 (UTC)
	(envelope-from luizgustavo@luizgustavo.pro.br)
Received: from mail-ew0-f54.google.com (mail-ew0-f54.google.com
	[209.85.215.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 74A4B8FC15
	for <freebsd-virtualization@freebsd.org>;
	Thu,  9 Sep 2010 20:10:50 +0000 (UTC)
Received: by ewy4 with SMTP id 4so1437065ewy.13
	for <freebsd-virtualization@freebsd.org>;
	Thu, 09 Sep 2010 13:10:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.74.75 with SMTP id w53mr367320wed.86.1284063048437; Thu,
	09 Sep 2010 13:10:48 -0700 (PDT)
Received: by 10.216.176.12 with HTTP; Thu, 9 Sep 2010 13:10:48 -0700 (PDT)
In-Reply-To: <20100909195951.S31898@maildrop.int.zabbadoz.net>
References: <20100907164529.O31898@maildrop.int.zabbadoz.net>
	<AANLkTikheuZs=qNw24Hr8vJ3A1Qo+k-0eHW=cb2c17qi@mail.gmail.com>
	<20100909195951.S31898@maildrop.int.zabbadoz.net>
Date: Thu, 9 Sep 2010 17:10:48 -0300
Message-ID: <AANLkTinzOKwuWwtiA5bGvc5sKaHGtBvgJpNvV6_rfqGL@mail.gmail.com>
From: "Luiz Gustavo S. Costa" <luizgustavo@luizgustavo.pro.br>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: FreeBSD virtualization mailing list <freebsd-virtualization@freebsd.org>
Subject: Re: [patch] allow testing VIMAGE with pf in base system only
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
	<freebsd-virtualization.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>,
	<mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2010 20:10:50 -0000

lol ....

in the rush to see the patch working not read the head of it :p

has every reason only disable dev ;)

2010/9/9 Bjoern A. Zeeb <bzeeb-lists@lists.zabbadoz.net>:
> On Thu, 9 Sep 2010, Luiz Gustavo S. Costa wrote:
>
> Hey,
>
>> But I found something that may be unsafe within the jail environment,
>> I'm allowed to change /dev/pf, so that if I run a "pfctl-f
>> /etc/pf.conf" inside the jail to do with that the rules are read
>> again, killing pf.conf on the main environment
>
> yes, see the comment at the top of the patch:
>
> ! You should not leak /dev/pf into jails for now or they might
> ! change your rules;-)
>
> See devfs, devfs.rules, etc. =A0 The jail startup script would usually
> apply the devfsrules_jail defines in /etc/defaults/devfs.rules.
>
> /bz
>
> --
> Bjoern A. Zeeb =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0Welcome a new stage of life.
>



--=20
Luiz Gustavo Costa (Powered by BSD)
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
mundoUnix - Consultoria em Software Livre
http://www.mundounix.com.br
ICQ: 2890831 / MSN: contato@mundounix.com.br
Tel: 55
Blog: http://www.luizgustavo.pro.br