What exactly is devfs_ruleset and why do each of my Jails have a different value for this property?

[Mannekino]

Some of my Jails throw an error when I start them, for example my Jackett Jail gives this message when starting:

Code:

Ruleset 6 does not exist, using defaults

I currently have 7 Jail running and each of them have a different value for this property. I don't think I've every configured it when creating these Jails.

Why do all my Jails have a different value and why do I sometimes get this error?

How can I determine what the correct value should be. I've looked at the documentation but it doesn't provide much explanation.

• Jackett Jail devfs_ruleset: 6 (message that ruleset does not exist on start)
• Plex Jail devfs_ruleset: 7 (message that ruleset does not exist on start)
• Radarr Jail devfs_ruleset: 9 (no message)
• SABnzbd Jail devfs_ruleset: 8 (message that ruleset does not exist on start)
• Sonarr Jail devfs_ruleset: 10 (no message)
• Tautulli Jail devfs_ruleset: 11 (message that ruleset does not exist on start)
• Transmission Jail devfs_ruleset: 4 (no message but when I start it says that it's using devfs_ruleset 5)

Some other weird things. When I stopped the Plex jail it said it was using devfs_ruleset 8 when 7 is configuration. And when I start Transmission it said it used devfs_ruleset 5 but configured is 4.

Can someone makes sense of this for me and should I be worried about this? I'm asking this because I'm trying to disable IPv6 for my Transmission Jail and some search results have shown me comments relating to devfs_ruleset settings. So far I've also been unable to disable IPv6 inside the Transmission Jail.

 

[sretalla]

Basically if I understood correctly, this was broken in FreeNAS and is fixed in TrueNAS 12.0 Core in the sense that it was using the default ruleset in every case even when one was specified in FreeNAS.

The numbers are now from 1000 and up in TrueNAS and they should be respected properly.

The ruleset is designed to control what the jail can see from the host, so for example, you need to mess with it if you want to pass your Video card into the plex jail or a USB port to a Home Assistant Jail.

I'm not sure that the devfs ruleset is the defining factor for IPv6 but maybe the network devices created are passed through in some jail setups.

 

[Mannekino]

Update for this topic. I just updated my FreeNAS server to TrueNAS Core 12.0-U1.

My Jails are still on 11.4-RELEASE on the latest patch level. When I tried to start my Plex jail I got the following error:

Code:

# iocage start plex2
No default gateway found for ipv6.
* Starting plex2
plex2 devfs_ruleset 7 does not exist! - Not starting jail

What should I change in the Jail configuration to make it work again, can I just put the devfs_ruleset to 0 for all Jails?

Are there any other settings I need to change here?

And how can I get rid of the ipv6 error message?

 

[Mannekino]

Just an update that I've since upgraded to TrueNAS 12.0-U1 including upgrading all my Jails to 12.2-RELEASE at the latest patch level and based on some talks I've had on Discord I set the devfs_ruleset value to 4 for all my Jails and haven't seen any warnings or errors anymore and all the Jails seem to be working well.

When I start a Jail now it uses a number above 1000 with incremental increase and when I shut down a Jail it removes that ruleset again. I still have no idea what this setting actually is aside from some a general understanding that this determines what kind of devices the Jail can access.

To get rid of the IPv6 warnings/errors during the starting of a Jail I changed the following settings on all my Jails:

• Under Basic Properties: wrote in none for IPv6 Default Router.
• Under Network Properties: selected Disabled for ip6

 

[sretalla]

I still have no idea what this setting actually is aside from some a general understanding that this determines what kind of devices the Jail can access.

It's exactly that... the /dev is selectively mounted with access restrictions based on the rules in the set.

You can see more about it in the manual (https://www.freebsd.org/cgi/man.cgi...opos=0&manpath=FreeBSD+12.2-RELEASE+and+Ports), but to shortcut that a bit, here's a few pointers.

devfs rule showsets

devfs rule -s 1001 show (assuming rule 1001 appeared in the output from showsets)

 

[SheikFly]

Just an update that I've since upgraded to TrueNAS 12.0-U1 including upgrading all my Jails to 12.2-RELEASE at the latest patch level and based on some talks I've had on Discord I set the devfs_ruleset value to 4 for all my Jails and haven't seen any warnings or errors anymore and all the Jails seem to be working well.

When I start a Jail now it uses a number above 1000 with incremental increase and when I shut down a Jail it removes that ruleset again. I still have no idea what this setting actually is aside from some a general understanding that this determines what kind of devices the Jail can access.

To get rid of the IPv6 warnings/errors during the starting of a Jail I changed the following settings on all my Jails:

• Under Basic Properties: wrote in none for IPv6 Default Router.
• Under Network Properties: selected Disabled for ip6

Thanks for this Mannekino. Just upgraded to 12.0-U1.1 and my Jail wouldn't start. Was set to devfs_ruleset 5 and choking. I changed to 4 and also disabled ip6. Up and running again!

Thanks!