This repository has been archived by the owner on Apr 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 134
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
NAS-104777 / 12.0 / Change devfs ruleset handling so that configured …
…rulesets != 4 are (#1106) * Change devfs ruleset handling so that configured rulesets != 4 are cloned/copied into dynamic ones. This makes devfs rule handling more symmetrical to what is done when the default ruleset 4 is configured (which in fact never applies devfs ruleset 4, but creates an iocage specific dynamic ruleset instead - which can be quite confusing). As a result, this addresses the problem of non-dynamic rulesets being removed on `iocage stop` raised in #952. This also makes iocage fail to start a jail if the configured devfs ruleset is not available - beforehand it would start with a default ruleset in this case, which can have severe unwanted side effects. Finally, this sets the minimum dynamically assigned devfs rule id to 1000 to reserve the lower ids for static configuration by the admin in devfs.rules (this is mostly for convenience). * Change devfs_ruleset config parsing on jail start, so that: - Users get a helpful error message in case a configured devfs_ruleset doesn't exist (also shows the configured ruleset and not the dynamically created one, which was not helpful). - Users learn on jail start about how the devfs_ruleset is created (show id it was cloned from or that it is based on iocage's default). - Avoid leaking devfs_rulesets on starting plugins that define devfs_paths/devfs_includes (would lose one ruleset everytime otherwise). - Show a warning in case a plugin with devfs_paths/devfs_includes is started with a manually configured devfs_ruleset (as this won't - and never did - apply those. - Move magic numbers to constants in ioc_common.py. This doesn't fix the iocage man page, which shows (and had shown) inaccurate information on this for a while. * Move "min_dyn_devfs_ruleset" to jail property, change jail start devfs_ruleset message to be one-liner containing information on configured devfs ruleset (configured or iocage generated). * Validate 'devfs_ruleset' and 'min_dyn_devfs_ruleset' while setting.
- Loading branch information
Showing
3 changed files
with
93 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters