From dd60e7f17566b67c3fc1cea1d9f18874d9d883a5 Mon Sep 17 00:00:00 2001
From: Christer Edwards <cedwards@users.noreply.github.com>
Date: Sat, 25 Nov 2023 17:19:57 -0700
Subject: [PATCH] add support for bastille_vnet devfs.rules in bastille setup

---
 usr/local/share/bastille/setup.sh | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/usr/local/share/bastille/setup.sh b/usr/local/share/bastille/setup.sh
index c78dda87..80ea7a95 100644
--- a/usr/local/share/bastille/setup.sh
+++ b/usr/local/share/bastille/setup.sh
@@ -57,6 +57,19 @@ configure_vnet() {
 
     info "Bringing up new interface: bastille1"
     service netif cloneup
+
+    if [ ! -f /etc/devfs.rules ]; then
+        info "Creating bastille_vnet devfs.rules"
+        cat << EOF > /etc/devfs.rules
+[bastille_vnet=13]
+add include \$devfsrules_hide_all
+add include \$devfsrules_unhide_basic
+add include \$devfsrules_unhide_login
+add include \$devfsrules_jail
+add include \$devfsrules_jail_vnet
+add path 'bpf*' unhide
+EOF
+    fi
 }
 
 # Configure pf firewall