On Thu, 9 Sep 2010, Luiz Gustavo S. Costa wrote: Hey,
But I found something that may be unsafe within the jail environment, I'm allowed to change /dev/pf, so that if I run a "pfctl-f /etc/pf.conf" inside the jail to do with that the rules are read again, killing pf.conf on the main environment
yes, see the comment at the top of the patch: ! You should not leak /dev/pf into jails for now or they might ! change your rules;-) See devfs, devfs.rules, etc. The jail startup script would usually apply the devfsrules_jail defines in /etc/defaults/devfs.rules. /bz -- Bjoern A. Zeeb Welcome a new stage of life. _______________________________________________ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
