Devfs error with hierarchical jails

From: Quentin_Thébault <quentin.thebault_at_defenso.fr>
Date: Fri, 27 Sep 2024 12:01:07 UTC
Hi,

I am trying to make iocage usable in hierarchical jail scenarios.
I think I solved most issues in the code, but devfs is giving me a hard time. 

I put the following configuration both at the level1 and level2 jail:
- allow_mount=1
- allow_mount_devfs=1
- enforce_statfs=1 (tried with 0 too but no change)
- devfs_ruleset=0
I also set children_max to 10 for the level1 jail.

All the DEVFSIO_RADD errors I had went away when I added the ruleset
setting, but I am still getting DEVFSIO_SGETNEXT and DEVFSIO_RGETNEXT
related errors when I try to start the jail:

> root@jaildev:~/iocage # iocage start thick
> * Starting thick
> devfs rule: ioctl DEVFSIO_SGETNEXT: Operation not permitted
> devfs rule: ioctl DEVFSIO_RGETNEXT: Operation not permitted
>   + Start FAILED
> mount: .: Operation not permitted
> jail: ioc-thick: /sbin/mount -t devfs -oruleset=1000 . /iocage/jails/thick/root/dev: failed

Any idea what's going on and how to fix this? Did I miss something?
I tried to look for these DEVFSIO constants but even looking at the source
I don't really find any indication on what's wrong. 

Kind regards,
--
Quentin THÉBAULT