1.\" 2.\" Copyright (c) 2002 Dima Dorfman. 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.\" $FreeBSD$ 27.\" 28.Dt DEVFS 8 29.Dd July 1, 2002 30.Os 31.Sh NAME 32.Nm devfs 33.Nd "DEVFS control" 34.Sh SYNOPSIS 35.Nm 36.Op Fl m Ar mount-point 37.Cm keyword 38.Ar argument ... 39.Sh DESCRIPTION 40The 41.Nm 42utility provides an interface to manipulate properties of 43.Xr devfs 5 44mounts. 45.Pp 46The first keyword after the program name determines the context for 47the rest of the arguments. 48For example, 49most of the commands related to the rule subsystem must be preceded by the 50.Cm rule 51keyword. 52The following flags are common to all keywords: 53.Bl -tag -offset indent 54.It Fl m Ar mount-point 55Operate on 56.Ar mount-point , 57which is expected to be a 58.Xr devfs 5 59mount. 60If this option is not specified, 61.Nm 62operates on 63.Pa /dev . 64.El 65.Ss Rule Subsystem 66The 67.Xr devfs 5 68rule subsystem provides a way for the administrator of a system to control 69the attributes of DEVFS nodes. 70.\" XXX devfs node? entry? what? 71Each DEVFS mount-point has a 72.Dq ruleset , 73or a list of rules, 74associated with it. 75When a device driver creates a new node, 76all the rules in the ruleset associated with each mount-point are applied 77(see below) before the node becomes visible to the userland. 78This permits the administrator to change the properties, 79including the visibility, 80of certain nodes. 81For example, one might want to hide all disk nodes in a 82.Xr jail 2 Ns 's 83.Pa /dev . 84.Ss Rule Manipulation 85Rule manipulation commands follow the 86.Cm rule 87keyword. 88The following flags are common to all of the rule manipulation commands: 89.Bl -tag -offset indent 90.It Fl s Ar ruleset 91Operate on the ruleset with the number 92.Ar ruleset . 93If this is not specified, 94the commands operate on the ruleset currently associated with the 95specified mount-point. 96.El 97.Pp 98The following commands are recognized: 99.Bl -tag -offset indent 100.It Cm rule add Oo Ar rulenum Oc Ar rulespec 101Add the rule described by 102.Ar rulespec 103(defined below) 104to the ruleset. 105The rule has the number 106.Ar rulenum 107if it is explicitly specified; 108otherwise, the rule number is automatically determined by the kernel. 109.It Cm rule apply Ar rulenum | Ar rulespec 110Apply rule number 111.Ar rulenum 112or the rule described by 113.Ar rulespec 114to the mount-point. 115Rules that are "applied" have their conditions checked against all nodes 116in the mount-point, and the actions taken if they match. 117.It Cm rule applyset 118Apply all the rules in the ruleset to the mount-point 119(see above for the definition of "apply"). 120.It Cm rule del Ar rulenum 121Delete rule number 122.Ar rulenum 123from the ruleset. 124.It Cm rule delset 125Delete all rules from the ruleset. 126.It Cm rule show Op Ar rulenum 127Display the rule number 128.Ar rulenum , 129or all the rules in the ruleset. 130The output lines (one line per rule) are expected to be valid 131.Ar rulespec Ns s . 132.It Cm rule showsets 133Report the numbers of existing rulesets. 134.It Cm ruleset Ar ruleset 135Set ruleset number 136.Ar ruleset 137as the current ruleset for the mount-point. 138.El 139.Ss Rule Specification 140Rules have two parts: the conditions and the actions. 141The conditions determine which DEVFS nodes the rule matches, 142and the actions determine what should be done when a rule matches a node. 143For example, a rule can be written that sets the GID to 144.Li games 145for all devices with major number 53. 146If the first token of a rule specification is a single dash 147.Pq Dq - , 148rules are read from the standard input and the rest of the specification 149is ignored. 150.Pp 151The following conditions are recognized. 152Conditions are ANDed together when matching a device; 153if OR is desired, multiple rules can be written. 154.Bl -tag -offset indent 155.It Cm major Ar majdev 156Matches any node with a major number equal to 157.Ar majdev . 158.It Cm path Ar pattern 159Matches any node with a path that matches 160.Ar pattern . 161The latter is interpreted as a 162.Xr glob 3 Ns -style 163pattern. 164.It Cm type Ar devtype 165Matches any node that is of type 166.Ar devtype . 167Valid types are 168.Li disk , mem , tape 169and 170.Li tty . 171.El 172.Pp 173The following actions are recognized. 174Although there is no explicit delimiter between conditions and actions, 175they may not be intermixed. 176.Bl -tag -offset indent 177.It Cm group Ar gid 178Set the GID of the node to 179.Ar gid , 180which may be a group name 181(looked up in 182.Pa /etc/group ) 183or number. 184.It Cm hide 185Hide the node. 186Nodes may later be revived manually with 187.Xr mknod 8 , 188or with the 189.Cm unhide 190action. 191.It Cm include Ar ruleset 192Apply all the rules in ruleset number 193.Ar ruleset 194to the node. 195This does not necessarily result in any changes to the node 196(e.g., if none of the rules in the included ruleset match). 197.It Cm mode Ar filemode 198Set the file mode to 199.Ar filemode , 200which is interpreted in octal. 201.It Cm user Ar uid 202Set the UID to 203.Ar uid , 204which may be a user name 205(looked up in 206.Pa /etc/passwd ) 207or number. 208.It Cm unhide 209Unhide the node. 210.El 211.Sh IMPLEMENTATION NOTES 212Rulesets are created by the kernel at the first reference, 213and destroyed when the last reference disappears. 214E.g., a ruleset is created when a rule is added to it or when it is set 215as the current ruleset for a mount-point; 216a ruleset is destroyed when the last rule in it is deleted, 217and no other references to it exist 218(i.e., it is not included by any rules, and it is not the current ruleset 219for any mount-point). 220.Pp 221Ruleset number 0 is the default ruleset for all new mount-points. 222It is always empty, cannot be modified or deleted, and does not show up 223in the output of 224.Cm showsets . 225.Pp 226Rules and rulesets are unique to the entire system, 227not a particular mount-point. 228I.e., a 229.Cm showsets 230will return the same information regardless of the mount-point specified with 231.Fl m . 232The mount-point is only relevant when changing what its current ruleset is, 233or when using one of the apply commands. 234.Sh EXAMPLES 235When the system boots, 236the only ruleset that exists is ruleset number 0; 237since the latter may not be modified, we have to create another ruleset 238before adding rules. 239Note that since most of the following examples don't specify 240.Fl m , 241the operations are performed on 242.Pa /dev 243(this only matters for things that might change the properties of nodes). 244.Pp 245.Dl devfs ruleset 10 246.Pp 247Specify that ruleset 10 should be the current ruleset for 248.Pa /dev 249(if it does not already exist, it is created). 250.Pp 251.Dl devfs rule add path speaker mode 666 252.Pp 253Add a rule that causes all nodes that have a path that matches 254"speaker" 255(this is only 256.Pa /dev/speaker ) 257to have the file mode 666 (read and write for all). 258Note that if any such nodes already exist, their mode will not be changed 259unless this rule (or ruleset) is explicitly applied (see below). 260The mode 261.Em will 262be changed if the node is created 263.Em after 264the rule is added 265(e.g., the 266.Pa atspeaker 267module is loaded after the above rule is added). 268.Pp 269.Dl devfs rule applyset 270.Pp 271Apply all the rules in the current ruleset to all the existing nodes. 272E.g., if the above rule was added after 273.Pa /dev/speaker 274was created, 275this command will cause its file mode to be changed to 666, 276as rule rule prescribes. 277.Pp 278.Dl devfs rule add path "snp*" mode 660 group snoopers 279.Pp 280(Quoting the argument to 281.Cm path 282is often necessary to disable the shell's globbing features.) 283For all devices with a path that matches "snp*", 284set the file more to 660, and the GID to 285.Li snoopers . 286This permits users in the 287.Li snoopers 288group to use the 289.Xr snp 4 290devices. 291.Pp 292.Dl devfs rule -s 20 add major 53 group games 293.Pp 294Add a rule to ruleset number 20. 295Since this ruleset is not the current ruleset for any mount-points, 296this rule is never applied automatically (unless ruleset 20 becomes 297a current ruleset for some mount-point at a later time). 298However, it can be applied explicitly, as such: 299.Pp 300.Dl devfs -m /my/jail/dev rule -s 20 applyset 301.Pp 302This will apply all rules in ruleset number 20 to the DEVFS mount on 303.Pa /my/jail/dev . 304It doesn't matter that ruleset 20 is not the current ruleset for that 305mount-point; the rules are applied regardless. 306.Pp 307.Dl devfs rule apply hide 308.Pp 309Since this rule has no conditions, the action 310.Pq Cm hide 311will be applied to all nodes. 312Since hiding all nodes isn't very useful, we can undo like so: 313.Pp 314.Dl devfs rule apply unhide 315.Pp 316which applies 317.Cm unhide 318to all the nodes, 319causing them to reappear. 320.Pp 321.Dl cat my_rules | devfs rule -s 10 add - 322.Pp 323Add all the rules from the file 324.Pa my_rules 325to ruleset 10. 326.Pp 327.Dl devfs rule -s 20 show | devfs rule -s 10 add - 328.Pp 329Since 330.Cm show 331outputs valid rules, 332this feature can be used to copy rulesets. 333The above copies all the rules from ruleset 20 into ruleset 10. 334The rule numbers are preserved, 335but ruleset 10 may already have rules with non-conflicting numbers 336(these will be preserved). 337.Sh SEE ALSO 338.Xr jail 2 , 339.Xr glob 3 , 340.Xr devfs 5 , 341.Xr chmod 8 , 342.Xr chown 8 , 343.Xr jail 8 , 344.Xr mknod 8 345.Sh AUTHORS 346.An Dima Dorfman 347