FreeBSD Security Advisory FreeBSD-SA-14:07.devfs
Matthew Seaman
matthew at freebsd.org
Wed Apr 30 11:09:31 UTC 2014
On 04/30/14 05:35, FreeBSD Security Advisories wrote:
> Then apply the default ruleset for jails on a devfs mount using:
>
> devfs -m ${devfs_mountpoint} rule -s 4 applyset
>
> Or, alternatively, the following command will apply the ruleset over all devfs
> mountpoints except the host one:
>
> mount -t devfs | grep -v '^devfs on /dev ' | awk '{print $3;}' | \
> xargs -n 1 -J % devfs -m % rule -s 4 applyset
>
> After this, the system administrator should add the following configuration
> to /etc/rc.conf to make it permanent, so the above operations do not have
> to be done each time the host system reboots.
>
> devfs_load_rulesets="YES"
>
Verb. Sap. Doing this in a jail where you're running net-snmpd will
prevent snmpd from starting up correctly.
Apr 30 12:02:30 xxxxx snmpd[33871]: init_kmem: kvm_openfiles failed:
/dev/mem: No such file or directory
Apr 30 12:02:30 xxxxx snmpd[33871]: Agent initialization failed
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1029 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20140430/145d37a0/attachment.sig>
More information about the freebsd-security
mailing list