Effective rule sets in a jail?
Grzegorz Junka
list1 at gjunka.com
Thu Jul 7 08:41:36 UTC 2016
On 07/07/2016 07:53, Miroslav Lachman wrote:
> Ultima wrote on 07/07/2016 06:04:
>> Not so. The top variable, devfs_ruleset = 4 is being set as the
>> default for
>> all jails. The devfs_ruleset = 5 inside the brackets is changing the
>> default value.
>>
>> How to check what ruleset is mounted? That is a great question. I'm not
>> sure of an easy way to check other than verifying the /dev directory
>> inside
>> the jail.
>
> There is no way to set more than one devfs rule to jail AFAIK.
> You can see the rule number in output of jls -s or jls -n.
>
> Miroslav Lachman
>
I was referring to this clause in the man document:
Descendant jails inherit the parent jail's devfs ruleset enforcement.
I thought that the outside rule is combined with the inside rule in the
jail definition. But thanks for the hint about jls -s, it does shows the
(single) active rule set (however without referring to the specific
rules defined in devfs.rules or a combination of it).
Grzegorz
More information about the freebsd-jail
mailing list