From owner-freebsd-current@FreeBSD.ORG  Wed Sep  1 18:26:31 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1E7BA16A4CE
	for <freebsd-current@freebsd.org>;
	Wed,  1 Sep 2004 18:26:31 +0000 (GMT)
Received: from the-macgregors.org
	(82-33-59-105.cable.ubr06.stav.blueyonder.co.uk [82.33.59.105])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 854A143D31
	for <freebsd-current@freebsd.org>;
	Wed,  1 Sep 2004 18:26:30 +0000 (GMT)
	(envelope-from freebsd.macgregor@blueyonder.co.uk)
X-Urban-Legend: Mail headers contain urban legends
Received: from fire (rob@fire.macgregor [192.168.32.100])
	(authenticated bits=0)
	by the-macgregors.org (8.13.1/8.13.1) with ESMTP id i81IQTs4030534
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO)
	for <freebsd-current@freebsd.org>; Wed, 1 Sep 2004 18:26:29 GMT
Message-Id: <200409011826.i81IQTs4030534@the-macgregors.org>
From: "Rob MacGregor" <freebsd.macgregor@blueyonder.co.uk>
To: <freebsd-current@freebsd.org>
Date: Wed, 1 Sep 2004 19:26:29 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
In-Reply-To: <790a9fff04090111132a67ac3e@mail.gmail.com>
thread-index: AcSQT5A9/LR5a7vOTBaDxcS2/JnG3wAAULCA
X-Virus-Scanned: by amavisd-milter (http://www.amavis.org/)
Subject: RE: 5.3-BETA1, jails and devfs
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Sep 2004 18:26:31 -0000

On Wednesday, September 01, 2004 7:13 PM, Scot Hetzel
<mailto:swhetzel@gmail.com> unleashed the infinite monkeys and produced:
> If you are applying them from inside the jail, I don't believe that is
> supported.  You need to apply the rules before starting the jail.

Ah, that'll be my error then.

Next dumb question - how do I apply them to *only* the jail, not the host?

What I'm trying to do is lock it down such that the jail has no access to any
devices on the host.  Not sure what that list will be, but I'm happy to break
things finding out :)

TIA

-- 
 Rob | Oh my God! They killed init! You bastards!