[patch] allow testing VIMAGE with pf in base system only
Luiz Gustavo S. Costa
luizgustavo at luizgustavo.pro.br
Thu Sep 9 20:10:50 UTC 2010
lol ....
in the rush to see the patch working not read the head of it :p
has every reason only disable dev ;)
2010/9/9 Bjoern A. Zeeb <bzeeb-lists at lists.zabbadoz.net>:
> On Thu, 9 Sep 2010, Luiz Gustavo S. Costa wrote:
>
> Hey,
>
>> But I found something that may be unsafe within the jail environment,
>> I'm allowed to change /dev/pf, so that if I run a "pfctl-f
>> /etc/pf.conf" inside the jail to do with that the rules are read
>> again, killing pf.conf on the main environment
>
> yes, see the comment at the top of the patch:
>
> ! You should not leak /dev/pf into jails for now or they might
> ! change your rules;-)
>
> See devfs, devfs.rules, etc. The jail startup script would usually
> apply the devfsrules_jail defines in /etc/defaults/devfs.rules.
>
> /bz
>
> --
> Bjoern A. Zeeb Welcome a new stage of life.
>
--
Luiz Gustavo Costa (Powered by BSD)
*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+
mundoUnix - Consultoria em Software Livre
http://www.mundounix.com.br
ICQ: 2890831 / MSN: contato at mundounix.com.br
Tel: 55
Blog: http://www.luizgustavo.pro.br
More information about the freebsd-virtualization
mailing list