Should we include ttyu* to devfs_ruleset 3 (devfsrules_unhide_login)?
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 01 Aug 2021 16:52:15 UTC
Hi, There are many TTY devices in devfsrules_unhide_login=3, but ttyu* (serial lines) are not part of it. As a result, certain things won't work as expected when connecting over a serial console, one example being connecting to a local bhyve vm over serial console (e.g., `vm console myvm' when using vm-bhyve). The example that brought this to my attention is using ssh within a jail that's running inside of a VM, while being connected to that VM over serial console. So the setup is: - FreeBSD 13 host - bhyve vm running FreeBSD 13 on top - Jail using mount.devfs running within the bhyve vm, using the default devfs_ruleset inside of the bhyve vm (which in turn loads devfsrules_jail=4, which includes devfsrules_unhide_login=3). Now, ssh within that jail won't work, as /dev/tty can't be accessed. Example (while being connected to the vm over a serial line): # jail -c path=/ mount.devfs ip4=inherit command=ssh localhost Host key verification failed. jail: ssh localhost: failed Now, adding in an extra rule to ruleset 3: # devfs rule -s 3 add 3250 path "ttyu*" unhide Things work as expected: # jail -c path=/ mount.devfs ip4=inherit command=ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established... Are you sure you want to continue connecting (yes/no)? Now the question is, would it make sense to add ttyu* (or at least ttyu0) to [devfsrules_unhide_login=3] in /etc/defaults/devfs.rules, or are there any (security) reasons why this might be a bad idea? Best, Michael -- Michael Gmelin