130112f793
devfs(8) rules in rc(8). It is most useful for applying rules to devfs(5) mount points in /dev or inside jails. The following line of script is sufficient to mount a relatively useful+secure devfs(5) in a jail: devfs_mount_jail /some/jail/dev Some new shell routines available to scripts that source rc.subr(5): o devfs_link - Makes it a little easier to create symlinks o devfs_init_rulesets - Create devfs(8) rulesets from devfs.rules o devfs_set_ruleset - Set a ruleset to a devfs(5) mount o devfs_apply_ruleset - Apply a ruleset to a devfs(5) mount o devfs_domount - Mount devfs(5) and apply some ruleset o devfs_mount_jail - Mount devfs(5) and apply a ruleset appropriate to jails. Additional rulesets can be specified in /etc/devfs.rules. If the devfs_system_ruleset variable is defined in rc.conf and it contains the name of a ruleset defined in /etc/defaults/devfs.rules or user supplied rulesets in /etc/devfs.rules then that ruleset will be applied to /dev at startup by the /etc/rc.d/devfs script. It can also be applied post-startup: /etc/rc.d/devfs start This is a more flexible mechanism than the previous method of using /etc/devfs.conf. However, that method is still available. Note: since devfs(8) doesn't provide any way for creating symlinks as part of a ruleset, anyone wishing to create symlinks in a devfs(5) as part of the bootup sequence will still have to rely on /etc/devfs.conf.
65 lines
1.8 KiB
Plaintext
65 lines
1.8 KiB
Plaintext
#
|
|
# The following are some default rules for devfs(5) mounts.
|
|
# The format is very simple. Empty lines and lines begining
|
|
# with a hash '#' are ignored. If the hash mark occurs anywhere
|
|
# other than the beginning of a line, it and any subsequent
|
|
# characters will be ignored. A line in between brackets '[]'
|
|
# denotes the beginning of a ruleset. In the brackets should
|
|
# be a name for the rule and its ruleset number. Any other lines
|
|
# will be considered to be the 'action' part of a rule
|
|
# passed to the devfs(8) command. These will be passed
|
|
# "as-is" to the devfs(8) command with the exception that
|
|
# any references to other rulesets will be expanded first. These
|
|
# references must include a dollar sign '$' in-front of the
|
|
# name to be expanded properly.
|
|
#
|
|
# $FreeBSD$
|
|
#
|
|
|
|
# Very basic and secure ruleset: Hide everything.
|
|
# Used as a basis for other rules.
|
|
#
|
|
[devfsrules_hide_all=1]
|
|
add hide
|
|
|
|
# Basic devices typically necessary.
|
|
# Requires: devfsrules_hide_all
|
|
#
|
|
[devfsrules_unhide_basic=2]
|
|
add path null unhide
|
|
add path zero unhide
|
|
add path random unhide
|
|
add path urandom unhide
|
|
|
|
# Devices typically needed to support logged-in users.
|
|
# Requires: devfsrules_hide_all
|
|
#
|
|
[devfsrules_unhide_login=3]
|
|
add path 'ptyp*' unhide
|
|
add path 'ptyq*' unhide
|
|
add path 'ptyr*' unhide
|
|
add path 'ptys*' unhide
|
|
add path 'ptyP*' unhide
|
|
add path 'ptyQ*' unhide
|
|
add path 'ptyR*' unhide
|
|
add path 'ptyS*' unhide
|
|
add path 'ttyp*' unhide
|
|
add path 'ttyq*' unhide
|
|
add path 'ttyr*' unhide
|
|
add path 'ttys*' unhide
|
|
add path 'ttyP*' unhide
|
|
add path 'ttyQ*' unhide
|
|
add path 'ttyR*' unhide
|
|
add path 'ttyS*' unhide
|
|
add path 'fd/*' unhide
|
|
add path stdin unhide
|
|
add path stdout unhide
|
|
add path stderr unhide
|
|
|
|
# Devices usually found in a jail.
|
|
#
|
|
[devfsrules_jail=4]
|
|
add include $devfsrules_hide_all
|
|
add include $devfsrules_unhide_basic
|
|
add include $devfsrules_unhide_login
|