# devfs Jail clarification



## gpatrick (Sep 17, 2014)

FreeBSD 10.0-RELEASE-p9

In /etc/jail.conf  you can set

```
mount.devfs;
```

A FreeBSD security advisory https://www.freebsd.org/security/advisories/FreeBSD-SA-14:07.devfs.asc for devfs on 4-30-2014


> II.  Problem Description
> 
> The default devfs rulesets are not loaded on boot, even when jails are used.
> Device nodes will be created in the jail with their normal default access
> ...



Questions I'm uncertain of:
1)  Does mount.devfs have to be set explicity in /etc/jail.conf?
2)  In the workaround it says to set devfs_load_rulesets="YES" in /etc/rc.conf.  If the patch is applied as noted in the solution, is it explicitly required to set this in /etc/rc.conf?

My /etc/jail.conf does not have mount.devfs and my /etc/rc.conf does not have devs_load_rulesets set; in my jails I have:

```
lrwxr-xr-x 1 root wheel 12 Sep 12 04:35 log -> /var/run/log
-rw-r--r-- 1 root wheel  0 Sep 18 01:52 null
-rw-r--r-- 1 root wheel  0 Sep 17 03:01 stderr
```
3)  Is this what a Jail would see by default?


----------



## SirDice (Sep 18, 2014)

The workaround would only be needed if, for some reason, you are unable to install the patch. But the best course of action is to install the patch.


----------

