On 17.3.2012 16:35, Alexander Leidinger wrote: > On Fri, 16 Mar 2012 21:30:26 +0000 (UTC) Martin Matuska > <m...@freebsd.org> wrote: > >> Author: mm >> Date: Fri Mar 16 21:30:26 2012 >> New Revision: 233048 >> URL: http://svn.freebsd.org/changeset/base/233048 >> >> Log: >> Unhide /dev/zfs in devfsrules_jail. >> >> The /dev/zfs device is required for managing jailed ZFS datasets. > This may give more info to a jail (ZFS is in use on this machine) than > what someone may want to provide. I have separate rulesets for jails > without and with ZFS (actually the one without is the default one and > the one with is a new one): > ---snip--- > ... > > [devfsrules_unhide_zfs=12] > add path zfs unhide > > ... > > [devfsrules_jail_withzfs=16] > add include $devfsrules_hide_all > add include $devfsrules_unhide_basic > add include $devfsrules_unhide_login > add include $devfsrules_unhide_zfs > ---snip--- > > Anyone with arguments why this may be overly paranoid? If not, I would > suggest that we go this way instead. > > Bye, > Alexander. > The only disclosed information I know of is whether the zfs module is loaded on your system. Other alternative I was thinking of would be using a new ruleset (e.g. devfsrules_jail_zfs=5). The disadvantage here is that users that already have defined a ruleset with this number should be informed somehow.
-- Martin Matuska FreeBSD committer http://blog.vx.sk _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
