Date: Thu, 7 Jul 2016 08:41:32 +0000 From: Grzegorz Junka <list1@gjunka.com> To: freebsd-jail@freebsd.org Subject: Re: Effective rule sets in a jail? Message-ID: <2c9d10fd-35ba-5470-026d-a1483e47fcf2@gjunka.com> In-Reply-To: <577E0A78.1040600@quip.cz> References: <2aeb6798-11ee-27c0-610a-d745aa322f97@gjunka.com> <CANJ8om5R-BT=heC%2BgiMTXFH8YQXhuPQZjQ_S-P1bQ1XBGS16uQ@mail.gmail.com> <577E0A78.1040600@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/07/2016 07:53, Miroslav Lachman wrote: > Ultima wrote on 07/07/2016 06:04: >> Not so. The top variable, devfs_ruleset = 4 is being set as the >> default for >> all jails. The devfs_ruleset = 5 inside the brackets is changing the >> default value. >> >> How to check what ruleset is mounted? That is a great question. I'm not >> sure of an easy way to check other than verifying the /dev directory >> inside >> the jail. > > There is no way to set more than one devfs rule to jail AFAIK. > You can see the rule number in output of jls -s or jls -n. > > Miroslav Lachman > I was referring to this clause in the man document: Descendant jails inherit the parent jail's devfs ruleset enforcement. I thought that the outside rule is combined with the inside rule in the jail definition. But thanks for the hint about jls -s, it does shows the (single) active rule set (however without referring to the specific rules defined in devfs.rules or a combination of it). Grzegorz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2c9d10fd-35ba-5470-026d-a1483e47fcf2>