New submission from fanch <[email protected]>: In devfs_rules.c, struct "devfs_rule_ioctl" member "rule_type" is tested as an integer, but is a bitmask. So when both DEVFS_RULE_NAME and DEVFS_RULE_JAIL are set, the member "name" in newly created devfs_rule is set to NULL.
Later, devfs_rule_checkname() is called, and the kernel will panic in devfs_resolve_name_path(). See diff for a partial correction (len==0 and invalid name or linkname pointers need to be handled elsewhere). By the way, /dev/rc.d/devfs seems to be called too early in the boot process: it does nothing. But calling it later (manually) works. ---------- files: devfs_rules.c.diff messages: 9161 nosy: fanch priority: bug status: unread title: Panic when mounting a jailed devfs with jail devfs.conf entries _____________________________________________________ DragonFly issue tracker <[email protected]> <http://bugs.dragonflybsd.org/issue1885> _____________________________________________________
devfs_rules.c.diff
Description: Binary data
