# devfs_ruleset is broken



## avonix (Jul 22, 2022)

Setting it to anything other than the default value disables all restrictions. Any idea why? Am I doing it wrong perhaps?


```
{
//
devfs_ruleset=(rule number);
mount.devfs;
//
}
```


----------



## avonix (Aug 5, 2022)

How do I bump my threads? The problem still persists, jailing is literally broken right now.


----------



## DutchDaemon (Aug 5, 2022)

You do not do it by posting the word 'bump'. You do it by adding additional information, additional log files, or an additional description of what you tried in the meantime.


----------



## avonix (Aug 5, 2022)

Here is how jail's /dev looks like by default (mount.devfs):


```
dr-xr-xr-x  2 root  wheel   512 Aug  5 16:33 fd
crw-rw-rw-  1 root  wheel  0x29 Aug  5 16:33 null
dr-xr-xr-x  2 root  wheel   512 Aug  5 16:33 pts
crw-r--r--  1 root  wheel   0x8 Aug  5 15:43 random
lrwxr-xr-x  1 root  wheel     4 Aug  5 16:33 stderr -> fd/2
lrwxr-xr-x  1 root  wheel     4 Aug  5 16:33 stdin -> fd/0
lrwxr-xr-x  1 root  wheel     4 Aug  5 16:33 stdout -> fd/1
lrwxr-xr-x  1 root  wheel     6 Aug  5 16:33 urandom -> random
crw-rw-rw-  1 root  wheel  0x2a Aug  5 15:43 zero
```

If I set `devfs_ruleset` to a custom value (except 4) I can see every device file there. Rulesets does not apply at all.


----------



## tingo (Aug 6, 2022)

Try reading the devfs manual pages again, starting with devfs.rules(5).


----------



## sidetone (Aug 6, 2022)

avonix said:


> If I set devfs_ruleset to a custom value (except 4) I can see every device file there.


Ruleset 4 includes the other rulesets. When I tried setting a ruleset that included others in the jail, it didn't work. When I wrote out every ruleset needed from 1 through 3, and 4 out, instead of including those rulesets, in a custom ruleset, it worked.

It's like includes don't work from there, but writing the included rulesets out from the custom ruleset worked. I don't understand this enough to go further, as I just write them all out manually, instead of including the other rulesets.


----------



## avonix (Aug 7, 2022)

sidetone said:


> Ruleset 4 includes the other rulesets. When I tried setting a ruleset that included others in the jail, it didn't work. When I wrote out every ruleset needed from 1 through 3, and 4 out, instead of including those rulesets, in a custom ruleset, it worked.
> 
> It's like includes don't work from there, but writing the included rulesets out from the custom ruleset worked. I don't understand this enough to go further, as I just write them all out manually, instead of including the other rulesets.



That doesn't work either. Is this looking correct?



> [devfsrules_custom=99]
> add hide
> add path null unhide
> add path zero unhide
> ...






tingo said:


> Try reading the devfs manual pages again, starting with devfs.rules(5).


manpages didn't helped much.


----------



## avonix (Aug 17, 2022)

My problem still persists. Can someone post how their jail /dev tree looks like with this config?



> j {
> mount.devfs;
> devfs_ruleset = 4;
> persist;
> ...


----------



## T-Daemon (Aug 18, 2022)

No problem here on 13.1-RELEASE.

Have you restarted the hosts devfs service after editing /etc/devfs.rules and before starting the jail?



avonix said:


> ... Is this looking correct?
> 
> ```
> [devfsrules_custom=99]
> ...



Above rules works for me, as is or with reference to `devfsrules_hide_all` instead of `add hide`:

```
crw-rw-rw-  1 root  wheel     0x29 Aug 18 02:26 null
crw-r--r--  1 root  wheel      0x8 Aug 18 02:11 random
lrwxr-xr-x  1 root  wheel        6 Aug 18 02:27 urandom@ -> random
crw-rw-rw-  1 root  wheel     0x2a Aug 18 02:11 zero
```


----------

