lol .... in the rush to see the patch working not read the head of it :p
has every reason only disable dev ;) 2010/9/9 Bjoern A. Zeeb <bzeeb-li...@lists.zabbadoz.net>: > On Thu, 9 Sep 2010, Luiz Gustavo S. Costa wrote: > > Hey, > >> But I found something that may be unsafe within the jail environment, >> I'm allowed to change /dev/pf, so that if I run a "pfctl-f >> /etc/pf.conf" inside the jail to do with that the rules are read >> again, killing pf.conf on the main environment > > yes, see the comment at the top of the patch: > > ! You should not leak /dev/pf into jails for now or they might > ! change your rules;-) > > See devfs, devfs.rules, etc. The jail startup script would usually > apply the devfsrules_jail defines in /etc/defaults/devfs.rules. > > /bz > > -- > Bjoern A. Zeeb Welcome a new stage of life. > -- Luiz Gustavo Costa (Powered by BSD) *+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+*+ mundoUnix - Consultoria em Software Livre http://www.mundounix.com.br ICQ: 2890831 / MSN: cont...@mundounix.com.br Tel: 55 Blog: http://www.luizgustavo.pro.br _______________________________________________ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"