svn commit: r233048 - head/etc/defaults
Martin Matuska
mm at FreeBSD.org
Sun Mar 18 21:29:50 UTC 2012
On 17.3.2012 16:35, Alexander Leidinger wrote:
> On Fri, 16 Mar 2012 21:30:26 +0000 (UTC) Martin Matuska
> <mm at FreeBSD.org> wrote:
>
>> Author: mm
>> Date: Fri Mar 16 21:30:26 2012
>> New Revision: 233048
>> URL: http://svn.freebsd.org/changeset/base/233048
>>
>> Log:
>> Unhide /dev/zfs in devfsrules_jail.
>>
>> The /dev/zfs device is required for managing jailed ZFS datasets.
> This may give more info to a jail (ZFS is in use on this machine) than
> what someone may want to provide. I have separate rulesets for jails
> without and with ZFS (actually the one without is the default one and
> the one with is a new one):
> ---snip---
> ...
>
> [devfsrules_unhide_zfs=12]
> add path zfs unhide
>
> ...
>
> [devfsrules_jail_withzfs=16]
> add include $devfsrules_hide_all
> add include $devfsrules_unhide_basic
> add include $devfsrules_unhide_login
> add include $devfsrules_unhide_zfs
> ---snip---
>
> Anyone with arguments why this may be overly paranoid? If not, I would
> suggest that we go this way instead.
>
> Bye,
> Alexander.
>
The only disclosed information I know of is whether the zfs module is
loaded on your system.
Other alternative I was thinking of would be using a new ruleset (e.g.
devfsrules_jail_zfs=5).
The disadvantage here is that users that already have defined a ruleset
with this number should be informed somehow.
--
Martin Matuska
FreeBSD committer
http://blog.vx.sk
More information about the svn-src-all
mailing list