devfs.rules unhide bpf not working

Beeblebrox

Beeblebrox

I need to unhide bpf in /etc/devfs.rules. The syntax I have placed is not working though. What is the correct entry for "unhide bpf" in the new syntax?
Code: 
[devfsrules_jail=11]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
[color="Red"]add path 'bpf*' unhide[/color]
#add path net unhide
#add path 'net/*' unhide
my /etc/jail.conf:
Code: 
	allow.mount.devfs;
	allow.mount.procfs;
	exec.start = "/bin/sh /etc/rc";
	exec.stop = "/bin/sh /etc/rc.shutdown";
	allow.mount.nullfs;

pxe {
	name = pxe;
	host.hostname = pxe;
	interface = re0;
	ip4.addr = 192.168.2.1/32;
	path = /data/amd64;
	allow.raw_sockets;
	enforce_statfs = 1;
	mount.fstab = /etc/fstab.pxe;
	allow.mount.procfs;
	devfs_ruleset = 11;
}
and #jail -c pxe gives:
Code: 
No bpf devices.   Please read the README section for your operating system.
.....
exiting.
/etc/rc: WARNING: failed to start dhcpd
From inside the jail, #ls -la /dev only shows:
Code: 
lrwxr-xr-x  1 root  wheel  12 Nov  7 10:59 log -> /var/run/log
-rw-r--r--  1 root  wheel   0 Jan 22 18:07 null
 
For testing I edited /etc/defaults/devfs.rules and disabled hide_all:
Code: 
[devfsrules_hide_all=1]
# add hide
Then I tried starting the jail again, but got the same result - no bpf.
I'm also wondering if there is any new sysctl setting I should be aware of?
The handbook states following but I could not find a relevant devfs entry.
The Berkeley Packet Filter provides a raw interface to data link layers in a protocol independent fashion. BPF is now controlled by the devfs(8) whether it can be used in a jailed environment.
Click to expand...
 
I was having a hard time with this, it might be the same cause for you. It was because I didn't realize devfs doesn't automatically load in changes to /etc/devfs.rules. So I had just added a new ruleset in there for the jail but the ruleset was not actually loaded into devfs, and hence not getting applied.

Maybe that's why it did not change anything when you edited /etc/defaults/devfs.rules.
 
I solved this some time back - sorry for not updating the thread with the solution.

As you stated correctly, the source of the problem was that devfs was not mounting when the jail started. I think I had the devfs entry in my fstab.jailname, but I won't swear by it. In any case, the syntax above is incorrect it should be:
Code: 
 mount.devfs;
Whereas allow.mount.*; is for allowing mount from inside jail (by user or by a process). Once devfs mounted the error cleared out.

An additional but separate error is in the IP of the pxe-booting jail:
Code: 
ip4.addr = 192.168.2.1/32
Breaks DHCP functionality since we have denied it a proper broadcast address Ip was switched to 192.168.2.1/24.
 
You must log in or register to reply here.
Back
Top