Hi, Although this concerns only stable release with me, I mail this to freebsd-current because I guess this propably concerns also current and should then MFCd to STABLE. I have configured jails with RELEN_5_3 and there seems to be some odd behaviour when using devfs rulesets with jails. Jails do run wonderfully, but devfs rulesets aren't. I have this kind of setup in /etc/rc.conf: # base system /etc/rc.conf jail settings: # Jails jail_enable="YES" jail_list="mail" jail_set_hostname_allow="NO" jail_mail_rootdir="/jail/mail" jail_mail_hostname="mail.example.domain" jail_mail_ip="192.168.42.42" jail_mail_exec="/bin/sh /etc/rc" jail_mail_devfs_enable="YES" jail_mail_devfs_ruleset="4" When starting jails with "/etc/rc.d/jail start"-command I get this error: WARNING devfs_set_ruleset: you must specify a ruleset number Jail is started without ruleset 4 defined in /etc/default/devfs.rules. So, all devices are seen inside /jail/mail/dev. If this can be repeated and confirmed to be true and not my misconfiguration then this is clearly a security risk with jails. devfs_set_ruleset -function is found in file /etc/rc.subr on lines 1192-1209 (FreeBSD: src/etc/rc.subr,v 1.31 2004/07/30 17:19:35 mtm Exp). It seems that in line 1195 script evaluates ruleset incorrectly as empty one. I am not familiar with rc-scripts but I tried this simple fix with success: fortytwo# diff -u /etc/rc.subr-old /etc/rc.subr-new _at__at_ -1192,7 +1192,7 _at__at_ devfs_set_ruleset() { local devdir rs _me - [ -n "$1" ] && eval rs=\$$1 || rs= + [ -n "$1" ] && eval rs=\$1 || rs= [ -n "$2" ] && devdir="-m "$2"" || devdir= _me="devfs_set_ruleset" I am not sure whether bug is in this function or caller giving wrong type of parameter. I would appreciate it if someone rc-script wizard would check this and make proper repair. Regards, -- Marko RäihäReceived on Sun Nov 07 2004 - 17:08:14 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:21 UTC