On Thu, 9 Sep 2010, Luiz Gustavo S. Costa wrote:
But I found something that may be unsafe within the jail environment,
I'm allowed to change /dev/pf, so that if I run a "pfctl-f
/etc/pf.conf" inside the jail to do with that the rules are read
again, killing pf.conf on the main environment
yes, see the comment at the top of the patch:
! You should not leak /dev/pf into jails for now or they might
! change your rules;-)
See devfs, devfs.rules, etc. The jail startup script would usually
apply the devfsrules_jail defines in /etc/defaults/devfs.rules.
Bjoern A. Zeeb Welcome a new stage of life.
firstname.lastname@example.org mailing list
To unsubscribe, send any mail to