From owner-freebsd-questions@FreeBSD.ORG Tue Apr 1 16:52:02 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8FCB3754 for ; Tue, 1 Apr 2014 16:52:02 +0000 (UTC) Received: from smtp-vbr9.xs4all.nl (smtp-vbr9.xs4all.nl [194.109.24.29]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 234BEE46 for ; Tue, 1 Apr 2014 16:52:01 +0000 (UTC) Received: from slackbox.erewhon.home (slackbox.xs4all.nl [83.162.243.5]) by smtp-vbr9.xs4all.nl (8.13.8/8.13.8) with ESMTP id s31Gpwhh050107; Tue, 1 Apr 2014 18:51:58 +0200 (CEST) (envelope-from rsmith@xs4all.nl) Received: by slackbox.erewhon.home (Postfix, from userid 1001) id 3E33A1231A; Tue, 1 Apr 2014 18:51:58 +0200 (CEST) Date: Tue, 1 Apr 2014 18:51:58 +0200 From: Roland Smith To: jungleboogie0 Subject: Re: untrusted user mount usb, followed handbook, still no luck Message-ID: <20140401165158.GA35274@slackbox.erewhon.home> Mail-Followup-To: jungleboogie0 , Anton Shterenlikht , freebsd-questions@freebsd.org References: <201403302139.s2ULdnMG023524@mech-cluster241.men.bris.ac.uk> <20140331164832.GA28635@slackbox.erewhon.home> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+QahgC5+KEYLbs62" Content-Disposition: inline In-Reply-To: X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.23 (2014-03-12) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: Anton Shterenlikht , freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2014 16:52:02 -0000 --+QahgC5+KEYLbs62 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 31, 2014 at 09:59:17PM -0700, jungleboogie0 wrote: > Hi Roland, >=20 > >Around 2010 I wrote the manual pages devfs.conf(5) and devfs.rules(5). > AFAIK > they are still up to date. If something is missing or unclear, please > submit a > PR. >=20 > http://www.freebsd.org/cgi/man.cgi?query=3Ddevfs.rules&sektion=3D5&n=3D1 > Example shows: [localrules=3D10] >=20 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/usb-disks.html > This example shows:[localrules=3D5] >=20 > What's the difference between the two? Each devfs mountpoint has a ruleset number associated with them. That is the number shown in /etc/devfs.rules and activated in /etc/rc.conf. Since the default rulesets in /etc/defaults/devfs.rules have numbers 1 -- 4, there is no overlap with numbers >4. So in this case there is no difference. IIRC, if you were to re-use an existing ruleset number, the rulesets are effectively merged. Since the sets 1 -- 4 are pretty restrictive, don't do that! E.g. ruleset 4 is meant for use in jails, exposing only a minimum of devices. Generally; use an unique ruleset number for each ruleset. You can use the include mechanism to incorporate other rulesets if you want to. Roland --=20 R.F.Smith http://rsmith.home.xs4all.nl/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 5753 3324 1661 B0FE 8D93 FCED 40F6 D5DC A38A 33E0 (keyID: A38A33E0) --+QahgC5+KEYLbs62 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTOu6uAAoJEED21dyjijPgL7EQAIIR7mZNdyOUL6IpsQ85NF6f 5op0b/5Jqkx1VOzhoMw57HKFlrG0jvjUGaDKsH87nlKviht2RYQzFUkuh0ZQCR0Q u7yQxlNmORkjhKa/Y2+a2cYszdjvRTeMyfdeSxrM/idxlQkL4iWxLK6zun5H7tOP o2bYuQyFxyBKE2waKfHBH8SOcESZj0YFRj1yTLdDL4r+wweq8oMOliCHHT8hclYN DYFtvcS1juodboXTUUdSkq7/gFv+TeU0xch8yI1j8WKR5eLWSy6fOKvxIM5CrYCh L4YdH/xnFMgC7EivALdqNDpbbBTk8UXBDVvIMzo7e9/+GhiyVrnGCNy6j6QpmDqH ILbs06UShAbNv/BL3yqyMT69zry6cUnq/4Fl7b2S0H44mvB2p99Wg8jbKHEnjoQM Aj1pvOALNU+N8tUEfOhAJvftWiUmYyo0NixC9Tk+TNAlgASVCu+ueQb6+zECGp/u MNXDqYdQeOXNxmvx1OSng9bKuUuDRxA9a3mBNKJsgrCEOfT2pbYanKDh50JxdrfA G84+AXvz+Vupf29a5Qb/ARUItzaWvzFrIEYBmw6RglmE/i3dPPZ648uFYJLnZ3vN UDKurJ+ukq8JWGWvb1D6OllXsqR9Q6IcsTMsKUFU+YmWkzrXNWh0LFUAxg+8PIfF HsTztgABa1xQ8z9yKWmg =8Vgr -----END PGP SIGNATURE----- --+QahgC5+KEYLbs62--