(un)hiding devices with devfs(8)

Ruben de Groot fbsd-q at bzerk.org
Mon May 5 04:25:43 PDT 2003


While playing with devfs in a 5.0 jailed environment I noticed I could
read the disk devices (dd if=/dev/ad0s1c ...)
To hide any unneeded devices in the jail I created the following ruleset:

caliban# devfs rule -s 1 show
100 hide
200 path pty* unhide
300 path null unhide
400 path zero unhide
500 path random unhide
600 path urandom unhide
700 path stdin unhide
800 path stdout unhide
900 path stderr unhide

Unfortunately, the last 3 are only symlinks to /dev/fd/0, /dev/fd/1
and /dev/fd/2. So now I must unhide these /dev/fd/* devices. I tried

1000 path fd* unhide

and some other things, but that didn't work.
Any clues?


More information about the freebsd-questions mailing list