Author: kp Date: Mon Oct 5 19:26:54 2020 New Revision: 366461 URL: https://svnweb.freebsd.org/changeset/base/366461
Log: devfs.rules: unhide pf in vnet jails /dev/pf is usable in vnet jails, so don't hide the node there. We shouldn't expose /dev/pf in regular jails, as that gives them control over the host (or parent vnet jail) firewall. Reviewed by: bz Differential Revision: https://reviews.freebsd.org/D26537 Modified: head/sbin/devfs/devfs.rules Modified: head/sbin/devfs/devfs.rules ============================================================================== --- head/sbin/devfs/devfs.rules Mon Oct 5 19:22:28 2020 (r366460) +++ head/sbin/devfs/devfs.rules Mon Oct 5 19:26:54 2020 (r366461) @@ -86,3 +86,7 @@ add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path fuse unhide add path zfs unhide + +[devfsrules_jail_vnet=5] +add include $devfsrules_jail +add path pf unhide _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
