devfs.rules: unhide pf in vnet jails

/dev/pf is usable in vnet jails, so don't hide the node there.

We shouldn't expose /dev/pf in regular jails, as that gives them control over
the host (or parent vnet jail) firewall.

Reviewed by:	bz
Differential Revision:	https://reviews.freebsd.org/D26537
This commit is contained in:
Kristof Provost 2020-10-05 19:26:54 +00:00
parent 2622708419
commit 9e9be081d8

View File

@ -86,3 +86,7 @@ add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path fuse unhide
add path zfs unhide
[devfsrules_jail_vnet=5]
add include $devfsrules_jail
add path pf unhide