Additional devfs rulesets
Warren Block
wblock at wonkity.com
Sun Jul 27 00:08:11 UTC 2014
On Sat, 26 Jul 2014, Warren Block wrote:
> If devfs accepted an optional file parameter, additional rulesets could be
> defined with for each jail. There might be security implications with that.
Actually, it looks like that can be done. devfs_rulesets_from_file() in
/etc/rc.subr has a parser, and evaluates all files defined in
$devfs_rulesets. By default, that is just /etc/defaults/devfs.rules and
/etc/devfs.rules. ezjail could just append a third file there, maybe
/usr/local/etc/ezjail/jailname-devfs.rules. Or even more elegantly, a
here-doc from inside the ezjail/jailname file.
More information about the freebsd-jail
mailing list