schrieb Jamie Gritton am 16.02.2013 00:40 (localtime): > On 02/15/13 09:27, Harald Schmalzbauer wrote: >> Hello, >> >> like already posted, on 9.1-R, I highly appreciate the new jail(8) and >> jail.conf capabilities. Thanks for that extension! >> >> Accidentally I saw that "devfs_ruleset" seems to be ignored. >> If I list /dev/ I see all the hosts disk devices etc. >> I set "devfs_ruleset = 4;" and "enforce_statfs = 1;" in jail.conf. >> Inside the jail, >> sysctl security.jail.devfs_ruleset returnes "1". >> But like mentioned, I can access all devices... >> >> Thanks for any help, >> >> -Harry > > devfs_ruleset is only used along with mount.devfs - do you also have > that set in jail.conf?
Thanks for your response. Yes, I have mount.devfs; set. Otherwise I wouldn't have any device inside my jail. Verified - and like intended, right? Another notable discrepancy: The man page tells that devfs_rulset is "4" by default. But when I don't set devfs_rulset in jail.conf at all, inside the jail, 'sysctl security.jail.devfs_ruleset': 0 When set, like mentioned above, it returns the corresponding value, but it doesn't have any effect. How gets devfs_rulset handled? Does jail(8) do the whole job? I'd like to help finding the source, but have missed the whole new jail evolution... Inside my jails, I don't have a fstab, outside I have them defined and enabled with "mount" - and noticed the non-reverted umounting. Thanks, -Harry
signature.asc
Description: OpenPGP digital signature
