From owner-freebsd-current  Thu Mar 13 19:42:17 2003
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E261437B401
	for <freebsd-current@FreeBSD.ORG>; Thu, 13 Mar 2003 19:42:15 -0800 (PST)
Received: from paladin.fortunaty.net (fortunaty.net [217.160.129.175])
	by mx1.FreeBSD.org (Postfix) with SMTP id 9F8ED43F85
	for <freebsd-current@FreeBSD.ORG>; Thu, 13 Mar 2003 19:42:14 -0800 (PST)
	(envelope-from ah@paladin.fortunaty.net)
Received: (qmail 22118 invoked by uid 501); 14 Mar 2003 03:42:13 -0000
Date: Fri, 14 Mar 2003 04:42:13 +0100
From: Andy <andy-freebsd@splashground.de>
To: Attila Nagy <bra@fsn.hu>
Cc: freebsd-current@FreeBSD.ORG
Subject: Re: MAKEDEV lost in 5.0-CURRENT?
Message-ID: <20030314034213.GA22028@splashground.de>
Mail-Followup-To: Attila Nagy <bra@fsn.hu>,
	freebsd-current@FreeBSD.ORG
References: <20030312164305.G52780@klima.physik.uni-mainz.de> <20030312154721.GA424@freebsd.org.ru> <20030312165908.O52780@klima.physik.uni-mainz.de> <20030312171808.GA28320@unixdaemons.com> <20030313111027.GA13250@splashground.de> <Pine.LNX.4.53.0303131245170.24221@scribble.fsn.hu>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.53.0303131245170.24221@scribble.fsn.hu>
User-Agent: Mutt/1.4i
X-Addicted: yeah
X-License: BSD
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Thu, Mar 13, 2003 at 12:47:50PM +0100, Attila Nagy wrote:
[...]
> You can mount devfs into any places. For example a jail.
> BTW, take extreme care, when doing this, because if you don't set up
> devfs rules, anybody, who can become root in any jails can do things,
> which will irreversibly change your day. (reinstall/restore from backup)
> 
> Hint: cp /dev/null /dev/[what is your root device outside the jail]
> 
> BTW, it would be good to have an ipf.rules like file to set up those devfs
> rules. :)

What really would be great, was a
/usr/share/examples/devfs/jail.rules
and some updates to the manpages.
Maybe we could work out a jail.rules example in this thread.
What did you do about the mem/kmem/console/log devices in your setup?

Is it planned to have names/aliases (default, jail, ...) for rulesets
instead of numbers (1, 2, ... )?

It would also be interesting to be able to print the rules of ruleset 0.
Is there a trick to get those?

Andy

post scriptum:

Think the jail(8) man page should also mention the -D switch to mergemaster.
Something like:
----8<----
Updating the Jail.

make installworld DESTDIR=$D
mergemaster -i -D $D
---->8----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message