From owner-freebsd-questions@FreeBSD.ORG  Sun Oct 12 13:59:30 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 5D7233A8
 for <freebsd-questions@freebsd.org>; Sun, 12 Oct 2014 13:59:30 +0000 (UTC)
Received: from wp188.webpack.hosteurope.de (wp188.webpack.hosteurope.de
 [IPv6:2a01:488:42::50ed:84c3])
 (using TLSv1 with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 22E5BAED
 for <freebsd-questions@freebsd.org>; Sun, 12 Oct 2014 13:59:30 +0000 (UTC)
Received: from ipb219ccd0.dynamic.kabel-deutschland.de ([178.25.204.208]
 helo=localhost); authenticated
 by wp188.webpack.hosteurope.de running ExIM with esmtpsa
 (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 id 1XdJgE-00063E-EA; Sun, 12 Oct 2014 15:59:26 +0200
Date: Sun, 12 Oct 2014 15:55:46 +0200
From: Paul <paul@mueller-blockhaus.de>
To: freebsd-questions@freebsd.org
Subject: RE:possible jail bug?
Message-ID: <20141012155546.00004520@mueller-blockhaus.de>
X-Mailer: Claws Mail 3.10.1 (GTK+ 2.16.6; i586-pc-mingw32msvc)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-bounce-key: webpack.hosteurope.de; paul@mueller-blockhaus.de; 1413122370;
 ea7dbe76; 
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Oct 2014 13:59:30 -0000

Hello Guys,

I had trouble changing the devfs ruleset for a jail. I wanted to jail
snort. For every interface I created a jail using ezjail. I named them
snort_em*. But when I change the Ruleset to
jail_snoet_em0_devfs_ruleset="devfsrules_jail_snort", the changed
devfs.rules doesen't applied. I was so frustrated, that I recreated the
jail with another name snortem* and then I worked. Is the "_"not
allowed for jailnames or is it a problem with ezjail or jails?

Greetings Paul

uname -a :
FreeBSD utm 9.3-RELEASE-p2 FreeBSD 9.3-RELEASE-p2 #1 r272282:
Fri Oct 3 16:06:53 CEST 2014     admin@utm:/usr/obj/usr/src/sys/RCTL
amd64
#######################################
/etc/devfs.rules
[devfsrules_jail_vpn=5]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path tun0 unhide
[devfsrules_unhide_bpf=6]
add path 'bpf*' unhide
[devfsrules_jail_dhcpd=7]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_unhide_bpf
[devfsrules_jail_snort=8]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add include $devfsrules_unhide_bpf
[devfsrules_jail_squid=9]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path pf unhide mode 040 group 100
#########################################
/usr/local/etc/ezjail/snort_em0
export jail_snort_em0_hostname="snort_em0"
export jail_snort_em0_ip="127.0.0.4"
export jail_snort_em0_rootdir="/jails/snort_em0"
export jail_snort_em0_exec_start="/bin/sh /etc/rc"
export jail_snort_em0_exec_stop=""
export jail_snort_em0_mount_enable="YES"
export jail_snort_em0_devfs_enable="YES"
export jail_snort_devfs_ruleset="devfsrules_jail_snort"
export jail_snort_em0_procfs_enable="NO"
export jail_snort_em0_fdescfs_enable="YES"
export jail_snort_em0_image=""
export jail_snort_em0_imagetype=""
export jail_snort_em0_attachparams=""
export jail_snort_em0_attachblocking=""
export jail_snort_em0_forceblocking=""
export jail_snort_em0_zfs_datasets=""
export jail_snort_em0_cpuset=""
export jail_snort_em0_fib=""
export jail_snort_em0_parentzfs=""
export jail_snort_em0_parameters=""
export jail_snort_em0_post_start_script=""
export jail_snort_em0_retention_policy=""
######################################
/usr/local/etc/ezjail/snortem0
export jail_snortem0_hostname="snortem0"
export jail_snortem0_ip="127.0.0.3"
export jail_snortem0_rootdir="/jails/snortem0"
export jail_snortem0_exec_start="/bin/sh /etc/rc"
export jail_snortem0_exec_stop=""
export jail_snortem0_mount_enable="YES"
export jail_snortem0_devfs_enable="YES"
export jail_snortem0_devfs_ruleset="devfsrules_jail_snort"
export jail_snortem0_procfs_enable="NO"
export jail_snortem0_fdescfs_enable="YES"
export jail_snortem0_image=""
export jail_snortem0_imagetype=""
export jail_snortem0_attachparams=""
export jail_snortem0_attachblocking=""
export jail_snortem0_forceblocking=""
export jail_snortem0_zfs_datasets=""
export jail_snortem0_cpuset=""
export jail_snortem0_fib=""
export jail_snortem0_parentzfs=""
export jail_snortem0_parameters=""
export jail_snortem0_post_start_script=""
export jail_snortem0_retention_policy=""