1# 2# The following are some default rules for devfs(5) mounts. 3# The format is very simple. Empty lines and lines beginning 4# with a hash '#' are ignored. If the hash mark occurs anywhere 5# other than the beginning of a line, it and any subsequent 6# characters will be ignored. A line in between brackets '[]' 7# denotes the beginning of a ruleset. In the brackets should 8# be a name for the rule and its ruleset number. Any other lines 9# will be considered to be the 'action' part of a rule 10# passed to the devfs(8) command. These will be passed 11# "as-is" to the devfs(8) command with the exception that 12# any references to other rulesets will be expanded first. These 13# references must include a dollar sign '$' in front of the 14# name to be expanded properly. 15# 16# 17 18# Very basic and secure ruleset: Hide everything. 19# Used as a basis for other rules. 20# 21[devfsrules_hide_all=1] 22add hide 23 24# Basic devices typically necessary. 25# Requires: devfsrules_hide_all 26# 27[devfsrules_unhide_basic=2] 28add path null unhide 29add path zero unhide 30add path crypto unhide 31add path random unhide 32add path urandom unhide 33 34# Devices typically needed to support logged-in users. 35# Requires: devfsrules_hide_all 36# 37[devfsrules_unhide_login=3] 38add path 'ptyp*' unhide 39add path 'ptyq*' unhide 40add path 'ptyr*' unhide 41add path 'ptys*' unhide 42add path 'ptyP*' unhide 43add path 'ptyQ*' unhide 44add path 'ptyR*' unhide 45add path 'ptyS*' unhide 46add path 'ptyl*' unhide 47add path 'ptym*' unhide 48add path 'ptyn*' unhide 49add path 'ptyo*' unhide 50add path 'ptyL*' unhide 51add path 'ptyM*' unhide 52add path 'ptyN*' unhide 53add path 'ptyO*' unhide 54add path 'ttyp*' unhide 55add path 'ttyq*' unhide 56add path 'ttyr*' unhide 57add path 'ttys*' unhide 58add path 'ttyP*' unhide 59add path 'ttyQ*' unhide 60add path 'ttyR*' unhide 61add path 'ttyS*' unhide 62add path 'ttyl*' unhide 63add path 'ttym*' unhide 64add path 'ttyn*' unhide 65add path 'ttyo*' unhide 66add path 'ttyL*' unhide 67add path 'ttyM*' unhide 68add path 'ttyN*' unhide 69add path 'ttyO*' unhide 70add path ptmx unhide 71add path pts unhide 72add path 'pts/*' unhide 73add path fd unhide 74add path 'fd/*' unhide 75add path stdin unhide 76add path stdout unhide 77add path stderr unhide 78 79# Devices usually found in a jail. 80# 81[devfsrules_jail=4] 82add include $devfsrules_hide_all 83add include $devfsrules_unhide_basic 84add include $devfsrules_unhide_login 85add path fuse unhide 86add path zfs unhide 87 88[devfsrules_jail_vnet=5] 89add include $devfsrules_hide_all 90add include $devfsrules_unhide_basic 91add include $devfsrules_unhide_login 92add include $devfsrules_jail 93add path pf unhide 94