From eaab06d53dfa7fbf926a2c19aa00a6804b5e6349 Mon Sep 17 00:00:00 2001
From: Zhenlei Huang <zlei.huang@gmail.com>
Date: Wed, 3 Nov 2021 12:46:48 +0100
Subject: [PATCH] devfs.rules: Correctly unhide pf in vnet jails

Revision 9e9be081d8 introduced a new devfs rule devfsrules_jail_vnet. It
includes rule devfsrules_jail which include other rules. Unfortunately
devfs could not recursively parse the action include and thus
devfsrules_jail_vnet will expose all nodes.

PR:		255660
Reviewed by:	kp
Obtained from:	Gijs Peskens <gijs@peskens.net>
MFC after:	3 weeks
Differential Revision:	https://reviews.freebsd.org/D32814

(cherry picked from commit 7acd322ebe2072b1d73b1d19c14ab12a300ba8e8)
---
 sbin/devfs/devfs.rules | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sbin/devfs/devfs.rules b/sbin/devfs/devfs.rules
index 01d8e5194c1..9543e20947d 100644
--- a/sbin/devfs/devfs.rules
+++ b/sbin/devfs/devfs.rules
@@ -88,5 +88,8 @@ add path fuse unhide
 add path zfs unhide
 
 [devfsrules_jail_vnet=5]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
 add include $devfsrules_jail
 add path pf unhide