Date: Sun, 06 Jul 2014 00:24:39 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 191628] [9.3-RC2] ruleset bug report #187079 which was fixed in 10.0 is not fixed in 9.3-RC1 or RC2 Message-ID: <bug-191628-8-5a7OETBfil@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-191628-8@https.bugs.freebsd.org/bugzilla/> References: <bug-191628-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191628 --- Comment #2 from joeb1@a1poweruser.com --- This is not a question of which RELEASE your running but what jail method your using. jail(8) became available in 9.1 and it was full of bugs. One which was the bug that caused the default ruleset number 4 not to work in 9.1, 9.2, and 10.0. This was never fixed until pr 187079 noticed the effect of changing the /etc/defaults/rc.conf parameter devfs_load_rulesets= from it's default "NO" to "YES" had on enabling the default ruleset number 4 on jail(8) jails in RELEASE 10.0. Since 10.0 RELEASE was already published the only way to fix this was through a security advisory. 10.0 is the first RELEASE where the rc.d/jail script method is depreciated and the jail(8) method is the primary method. In 10.0 all rc.d/jail rc.conf defined jails are converted to jail(8) method on the fly when the jail is started. 9.1, 9.2, and 9.3 uses the rc.d/jail as the primary jail method and the jail(8) method is also provided, but the default to use ruleset number 4 does not work for jail(8) jails in these RELEASES because the devfs_load_rulesets= parameter is set to NO instead of YES. Setting it to YES fixes jail(8) and has no negative effect to the rc.d/jail method that I can see from the testing I have done. So yes I feel that all indications show that devfs_load_rulesets="YES" should be the default in /etc/defaults/rc.conf for the 9.3 RELEASE. Since jail(8) is the direction FreeBSD is headed, every effort should be made to get it to function as intended. At the least, some kind of instructions should be added to the 9.3 release notes covering this subject if correcting the problem is bypassed. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-191628-8-5a7OETBfil>