git: 7acd322ebe20 - main - devfs.rules: Correctly unhide pf in vnet jails

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 03 Nov 2021 12:50:30 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=7acd322ebe2072b1d73b1d19c14ab12a300ba8e8

commit 7acd322ebe2072b1d73b1d19c14ab12a300ba8e8
Author:     Zhenlei Huang <zlei.huang@gmail.com>
AuthorDate: 2021-11-03 11:46:48 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2021-11-03 11:50:13 +0000

    devfs.rules: Correctly unhide pf in vnet jails
    
    Revision 9e9be081d8 introduced a new devfs rule devfsrules_jail_vnet. It
    includes rule devfsrules_jail which include other rules. Unfortunately
    devfs could not recursively parse the action include and thus
    devfsrules_jail_vnet will expose all nodes.
    
    PR:             255660
    Reviewed by:    kp
    Obtained from:  Gijs Peskens <gijs@peskens.net>
    MFC after:      3 weeks
    Differential Revision:  https://reviews.freebsd.org/D32814
---
 sbin/devfs/devfs.rules | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sbin/devfs/devfs.rules b/sbin/devfs/devfs.rules
index 01d8e5194c17..9543e20947d9 100644
--- a/sbin/devfs/devfs.rules
+++ b/sbin/devfs/devfs.rules
@@ -88,5 +88,8 @@ add path fuse unhide
 add path zfs unhide
 
 [devfsrules_jail_vnet=5]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
 add include $devfsrules_jail
 add path pf unhide