Hello, like already posted, on 9.1-R, I highly appreciate the new jail(8) and jail.conf capabilities. Thanks for that extension! Accidentally I saw that "devfs_ruleset" seems to be ignored. If I list /dev/ I see all the hosts disk devices etc. I set "devfs_ruleset = 4;" and "enforce_statfs = 1;" in jail.conf. Inside the jail, sysctl security.jail.devfs_ruleset returnes "1". But like mentioned, I can access all devices... Thanks for any help, -Harry (not subscribed to freebsd-jail@) -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 196 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20130215/739aab8e/attachment.sig>
On 02/15/13 09:27, Harald Schmalzbauer wrote:> Hello, > > like already posted, on 9.1-R, I highly appreciate the new jail(8) and > jail.conf capabilities. Thanks for that extension! > > Accidentally I saw that "devfs_ruleset" seems to be ignored. > If I list /dev/ I see all the hosts disk devices etc. > I set "devfs_ruleset = 4;" and "enforce_statfs = 1;" in jail.conf. > Inside the jail, > sysctl security.jail.devfs_ruleset returnes "1". > But like mentioned, I can access all devices... > > Thanks for any help, > > -Harrydevfs_ruleset is only used along with mount.devfs - do you also have that set in jail.conf? - Jamie