Problem discovered while using jails on FreeBSD 10. It appears that ruleset is ignored while mounting exposing most of host's /dev/. [root@host]# tail -n4 /etc/defaults/devfs.rules # Devices usually found in a jail. # [devfsrules_jail=4] add include $devfsrules_hide_all [root@host]# mount -t devfs -o ruleset=4 devfs /mnt/test [root@host]# ls -l /mnt/test | wc -l 95 How-To-Repeat: # mount devfs using ruleset 4 from /etc/defaults/devfs.rules mount -t devfs -o ruleset=4 devfs /mnt/test # check ls -l /mnt/test
Responsible Changed From-To: freebsd-bugs->freebsd-jail Over to maintainer(s).
Hi, you can add the following line to your /etc/rc.conf devfs_load_rulesets="YES" and run '/etc/rc.d/devfs restart'. Or check /etc/defaults/rc.conf: devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing # devfs(8) rules. devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to # apply (must be mounted already, i.e. fstab(5)) devfs_load_rulesets="NO" # Enable to always load the default rulesets -- Herbert
It sounds like your system has not been patched, and is missing at least the FreeBSD-SA-14:07.devfs security advisory patch.
security advisory -p1 changes /etc/defaults/rc.conf parameter devfs_load_rulesets="NO" to devfs_load_rulesets="YES" That fixed this problem for me.
batch change: For bugs that match the following - Status Is In progress AND - Untouched since 2018-01-01. AND - Affects Base System OR Documentation DO: Reset to open status. Note: I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
See comment #4