svn commit: r366461 - head/sbin/devfs

[Kristof Provost]

Author: kp
Date: Mon Oct  5 19:26:54 2020
New Revision: 366461
URL: https://svnweb.freebsd.org/changeset/base/366461

Log:
  devfs.rules: unhide pf in vnet jails
  
  /dev/pf is usable in vnet jails, so don't hide the node there.
  
  We shouldn't expose /dev/pf in regular jails, as that gives them control over
  the host (or parent vnet jail) firewall.
  
  Reviewed by:	bz
  Differential Revision:	https://reviews.freebsd.org/D26537

Modified:
  head/sbin/devfs/devfs.rules

Modified: head/sbin/devfs/devfs.rules
==============================================================================
--- head/sbin/devfs/devfs.rules	Mon Oct  5 19:22:28 2020	(r366460)
+++ head/sbin/devfs/devfs.rules	Mon Oct  5 19:26:54 2020	(r366461)
@@ -86,3 +86,7 @@ add include $devfsrules_unhide_basic
 add include $devfsrules_unhide_login
 add path fuse unhide
 add path zfs unhide
+
+[devfsrules_jail_vnet=5]
+add include $devfsrules_jail
+add path pf unhide