[Bug 191628] [9.3-RC2] ruleset bug report #187079 which was fixed in 10.0 is not fixed in 9.3-RC1 or RC2

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Jul 6 00:24:39 UTC 2014


--- Comment #2 from joeb1 at a1poweruser.com ---
This is not a question of which RELEASE your running but what jail method your
using. jail(8) became available in 9.1 and it was full of bugs. One which was
the bug that caused the default ruleset number 4 not to work in 9.1, 9.2, and
This was never fixed until pr 187079 noticed the effect of changing the
/etc/defaults/rc.conf parameter devfs_load_rulesets= from it's default "NO" to
"YES" had on enabling the default ruleset number 4 on jail(8) jails in RELEASE
10.0. Since 10.0 RELEASE was already published the only way to fix this was
through a security advisory.  10.0 is the first RELEASE where the rc.d/jail
script method is depreciated and the jail(8) method is the primary method. In
10.0 all rc.d/jail rc.conf defined jails are converted to jail(8) method on the
fly when the jail is started. 

9.1, 9.2, and 9.3 uses the rc.d/jail as the primary jail method and the jail(8)
method is also provided, but the default to use ruleset number 4 does not work
for jail(8) jails in these RELEASES because the devfs_load_rulesets= parameter
is set to NO instead of YES. Setting it to YES fixes jail(8) and has no
negative effect to the rc.d/jail method that I can see from the testing I have

So yes I feel that all indications show that devfs_load_rulesets="YES" should
be the default in /etc/defaults/rc.conf for the 9.3 RELEASE. Since jail(8) is
the direction FreeBSD is headed, every effort should be made to get it to
function as intended. 

At the least, some kind of instructions should be added to the 9.3 release
notes covering this subject if correcting the problem is bypassed.

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list