Additional devfs rulesets

[Warren Block]

On Sat, 26 Jul 2014, Warren Block wrote:

> If devfs accepted an optional file parameter, additional rulesets could be 
> defined with for each jail.  There might be security implications with that.

Actually, it looks like that can be done.  devfs_rulesets_from_file() in 
/etc/rc.subr has a parser, and evaluates all files defined in 
$devfs_rulesets.  By default, that is just /etc/defaults/devfs.rules and 
/etc/devfs.rules.  ezjail could just append a third file there, maybe 
/usr/local/etc/ezjail/jailname-devfs.rules.  Or even more elegantly, a 
here-doc from inside the ezjail/jailname file.