jail + devfs + snp problem (FreeBSD 5.1-RELEASE-p10)
Poul-Henning Kamp
phk at phk.freebsd.dk
Mon Oct 20 01:21:15 PDT 2003
In message <3F92FE5B.5070709 at bsk.vectranet.pl>, Adam Nowacki writes:
>shell# /sbin/devfs rule -s 2 delset
>shell# /sbin/devfs rule -s 2 add hide
>shell# /sbin/devfs rule -s 2 add path random unhide
>shell# /sbin/devfs rule -s 2 add path urandom unhide
>shell# /sbin/devfs rule -s 2 add path zero unhide
>shell# /sbin/devfs rule -s 2 add path pty\* unhide
>shell# /sbin/devfs rule -s 2 add path pty\* unhide
>shell# /sbin/devfs rule -s 2 add path tty\* unhide
>shell# /sbin/mount_devfs devfs /storage0/site/dev
Running
ls -l /storage0/site/dev/snp*
will undoubtedly show one or more snp* devices.
>shell# /sbin/devfs -m /storage0/site/dev ruleset 2
This only makes the ruleset apply to devices created in the future.
To also apply it to currently created devices, you should also
give the command:
/sbin/devfs -m /storage0/site/dev rule applyset
After which any snp* (and other filtered) devices will be gone.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the freebsd-security
mailing list