From owner-freebsd-questions@FreeBSD.ORG Wed Jan 27 01:58:19 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E84D106566C for ; Wed, 27 Jan 2010 01:58:19 +0000 (UTC) (envelope-from davidcollins001@gmail.com) Received: from mail-ew0-f218.google.com (mail-ew0-f218.google.com [209.85.219.218]) by mx1.freebsd.org (Postfix) with ESMTP id 23C8B8FC1B for ; Wed, 27 Jan 2010 01:58:18 +0000 (UTC) Received: by ewy10 with SMTP id 10so707605ewy.3 for ; Tue, 26 Jan 2010 17:58:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:reply-to:to:subject :message-id:user-agent:mime-version:content-type :content-transfer-encoding; bh=yx0jWVibz7sWgnWZAM7oRSYqemKNncGLwuaTBCrLMB0=; b=R/ExGjG/nSQ5HpomDXsLjt4tL2m+OJEyispJdk37OGG5AT+XUVNnlcE8VUt7p9Cmb/ 2bOUb5biKRNfO3Jn//NbcriLOk8VYAlhb71xuave+C/RHqukjFZx+NIdWiRRkfpSiWyW wUHGDYzylKV78L2DfSxcX0PAakQnmmY6VbZq8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:reply-to:to:subject:message-id:user-agent:mime-version :content-type:content-transfer-encoding; b=JrnzqV5Q9FVjLaV5AnLZ06C5uAzQOMboQGifgU0HoTLTZCxfgNSQZIuVLINQuFtTB0 B1FyN7jQr8XRFW46J3evBkSXlzWYV2tBcJEF+XiQ1duucncbc2rUZi+30lYboVpHEjcN 88wG5gOyA0DgCxpRy/+uhbA2s9a+wJO0AQNBg= Received: by 10.213.97.80 with SMTP id k16mr8841410ebn.2.1264557498043; Tue, 26 Jan 2010 17:58:18 -0800 (PST) Received: from viper.homeunix.com (host217-44-55-158.range217-44.btcentralplus.com [217.44.55.158]) by mx.google.com with ESMTPS id 10sm11231408eyd.21.2010.01.26.17.58.09 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 26 Jan 2010 17:58:17 -0800 (PST) Date: Wed, 27 Jan 2010 01:59:57 +0000 From: David Collins To: freebsd-questions@freebsd.org Message-ID: <4b5f9e1d.zyutaQNEYxlor32j%davidcollins001@gmail.com> User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: devfs rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: davidcollins001@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jan 2010 01:58:19 -0000 Hi, I am trying to get devfs to only show me a few devices but I can't seem to get devfs to recognise the new rules that I create. devfs recognises some of the rules but not all of them: # devfs -m /path/to/jail rule showsets 1 2 3 4 8 9 10 11 Rules 12 and 13 are not recognised. If I try to set the devfs ruleset to 4 (for jail in /etc/defaults/devfs.rules) for the /dev mounted in the jail then add the rules and applyset everything works fine. When i try to start the jail I get the following: viper:/usr/jails# /etc/rc.d/jail restart myjail Configuring jails:. Starting jails:devfs rule: expecting argument for include devfs rule: expecting argument for include /etc/rc.d/jail: WARNING: devfs_set_ruleset: you must specify a ruleset number devfs rule: ioctl DEVFSIO_SAPPLY: No such process I'm not sure why I get the first warning, it doesn't seem to prevent anything from working in my other jails. The second warning is because devfs can't find the rule set (defined as jail_avr_devfs_ruleset="devfsrules_jail_avr" in rc.conf) Can anyone shed any light on this for me I can't seem to figure it out. Googling doesn't seem to help me either viper:~$ uname -a FreeBSD viper 7.0-RELEASE-p12 FreeBSD 7.0-RELEASE-p12 #0: Wed Oct 7 13:39:21 BST 2009 VIPER i386 The contents of my devfs.rules is below # cat /etc/devfs.rules # # Devices for xserver in jail # [devfsrules_unhide_xorg=8] add path agpgart unhide #add path console unhide add path dri unhide add path 'dri*' unhide add path io unhide add path mem unhide #add path pci unhide add path tty unhide add path ttyv0 unhide add path ttyv1 unhide add path ttyv8 unhide [devfsrules_unhide_cam=9] add path 'da*' unhide add path 'cd*' unhide [devfsrules_unhide_kmem=10] add path kmem unhide # # This allows to run a desktop system in a jail. Think about what you want to # achieve before you use this, it opens up the entire machine to access from # this jail to any sophisticated program. # [devfsrules_jail_desktop=11] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add include $devfsrules_unhide_audio add include $devfsrules_unhide_input add include $devfsrules_unhide_xorg add include $devfsrules_unhide_cam add include $devfsrules_unhide_kmem # # add include $devfsrules_jail # [devfsrules_jail_dhcp=12] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path 'bpf*' unhide add path net unhide add path 'net/*' unhide # # dev rules for serial avr device jail # [devfsrules_jail_avr=13] add include $devfsrules_jail add path 'cuaU*' unhide David Collins