From owner-freebsd-jail@FreeBSD.ORG Fri Feb 15 16:27:50 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id B86CB288; Fri, 15 Feb 2013 16:27:50 +0000 (UTC) (envelope-from h.schmalzbauer@omnilan.de) Received: from host.omnilan.net (s1.omnilan.net [62.245.232.135]) by mx1.freebsd.org (Postfix) with ESMTP id 451F27AA; Fri, 15 Feb 2013 16:27:49 +0000 (UTC) Received: from titan.inop.wdn.omnilan.net (titan.inop.wdn.omnilan.net [172.21.3.1]) (authenticated bits=0) by host.omnilan.net (8.13.8/8.13.8) with ESMTP id r1FGWsWx091143 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 Feb 2013 17:32:55 +0100 (CET) (envelope-from h.schmalzbauer@omnilan.de) Message-ID: <511E61F5.1000805@omnilan.de> Date: Fri, 15 Feb 2013 17:27:33 +0100 From: Harald Schmalzbauer Organization: OmniLAN User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; de-DE; rv:1.9.2.8) Gecko/20100906 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: freebsd-stable@freebsd.org, freebsd-jail@freebsd.org Subject: new jail(8) ignoring devfs_ruleset? X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigA0A96BBCFE6E7906134D658A" X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Feb 2013 16:27:50 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigA0A96BBCFE6E7906134D658A Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Hello, like already posted, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! Accidentally I saw that "devfs_ruleset" seems to be ignored. If I list /dev/ I see all the hosts disk devices etc. I set "devfs_ruleset =3D 4;" and "enforce_statfs =3D 1;" in jail.conf. Inside the jail, sysctl security.jail.devfs_ruleset returnes "1". But like mentioned, I can access all devices... Thanks for any help, -Harry (not subscribed to freebsd-jail@) --------------enigA0A96BBCFE6E7906134D658A Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAlEeYf0ACgkQLDqVQ9VXb8hE4wCgvsxHV/2So2JRMsbARy8wp6M5 FMQAoMVB6EtJo/1rHTZryPN4as3LPObG =7PSm -----END PGP SIGNATURE----- --------------enigA0A96BBCFE6E7906134D658A--