On Thu, Mar 13, 2003 at 12:47:50PM +0100, Attila Nagy wrote: [...] > You can mount devfs into any places. For example a jail. > BTW, take extreme care, when doing this, because if you don't set up > devfs rules, anybody, who can become root in any jails can do things, > which will irreversibly change your day. (reinstall/restore from backup) > > Hint: cp /dev/null /dev/[what is your root device outside the jail] > > BTW, it would be good to have an ipf.rules like file to set up those devfs > rules. :)
What really would be great, was a /usr/share/examples/devfs/jail.rules and some updates to the manpages. Maybe we could work out a jail.rules example in this thread. What did you do about the mem/kmem/console/log devices in your setup? Is it planned to have names/aliases (default, jail, ...) for rulesets instead of numbers (1, 2, ... )? It would also be interesting to be able to print the rules of ruleset 0. Is there a trick to get those? Andy post scriptum: Think the jail(8) man page should also mention the -D switch to mergemaster. Something like: ----8<---- Updating the Jail. make installworld DESTDIR=$D mergemaster -i -D $D ---->8---- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
