Index: head/lib/libjail/jail.c =================================================================== --- head/lib/libjail/jail.c +++ head/lib/libjail/jail.c @@ -1048,7 +1048,13 @@ else if (strcmp(name, "sysvmsg") == 0 || strcmp(name, "sysvsem") == 0 || strcmp(name, "sysvshm") == 0) kl = kldload(name); - else { + else if (strncmp(name, "allow.mount.", 12) == 0) { + /* Load the matching filesystem */ + kl = kldload(name + 12); + if (kl < 0 && errno == ENOENT && + strncmp(name + 12, "no", 2) == 0) + kl = kldload(name + 14); + } else { errno = ENOENT; return (-1); } Index: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c =================================================================== --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c @@ -1640,9 +1640,6 @@ osname = spn.pn_path; #else /* !illumos */ - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_ZFS)) - return (SET_ERROR(EPERM)); - if (vfs_getopt(vfsp->mnt_optnew, "from", (void **)&osname, NULL)) return (SET_ERROR(EINVAL)); Index: head/sys/compat/linprocfs/linprocfs.c =================================================================== --- head/sys/compat/linprocfs/linprocfs.c +++ head/sys/compat/linprocfs/linprocfs.c @@ -1652,7 +1652,7 @@ return (0); } -PSEUDOFS(linprocfs, 1, PR_ALLOW_MOUNT_LINPROCFS); +PSEUDOFS(linprocfs, 1, VFCF_JAIL); #if defined(__amd64__) MODULE_DEPEND(linprocfs, linux_common, 1, 1, 1); #else Index: head/sys/compat/linsysfs/linsysfs.c =================================================================== --- head/sys/compat/linsysfs/linsysfs.c +++ head/sys/compat/linsysfs/linsysfs.c @@ -556,7 +556,7 @@ return (0); } -PSEUDOFS(linsysfs, 1, PR_ALLOW_MOUNT_LINSYSFS); +PSEUDOFS(linsysfs, 1, VFCF_JAIL); #if defined(__amd64__) MODULE_DEPEND(linsysfs, linux_common, 1, 1, 1); #else Index: head/sys/fs/devfs/devfs_vfsops.c =================================================================== --- head/sys/fs/devfs/devfs_vfsops.c +++ head/sys/fs/devfs/devfs_vfsops.c @@ -83,9 +83,6 @@ if (mp->mnt_flag & MNT_ROOTFS) return (EOPNOTSUPP); - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_DEVFS)) - return (EPERM); - rsnum = 0; injail = jailed(td->td_ucred); Index: head/sys/fs/fdescfs/fdesc_vfsops.c =================================================================== --- head/sys/fs/fdescfs/fdesc_vfsops.c +++ head/sys/fs/fdescfs/fdesc_vfsops.c @@ -81,12 +81,8 @@ fdesc_mount(struct mount *mp) { struct fdescmount *fmp; - struct thread *td = curthread; struct vnode *rvp; int error; - - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_FDESCFS)) - return (EPERM); /* * Update is a no-op Index: head/sys/fs/nullfs/null_vfsops.c =================================================================== --- head/sys/fs/nullfs/null_vfsops.c +++ head/sys/fs/nullfs/null_vfsops.c @@ -78,15 +78,12 @@ struct vnode *lowerrootvp, *vp; struct vnode *nullm_rootvp; struct null_mount *xmp; - struct thread *td = curthread; char *target; int isvnunlocked = 0, len; struct nameidata nd, *ndp = &nd; NULLFSDEBUG("nullfs_mount(mp = %p)\n", (void *)mp); - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_NULLFS)) - return (EPERM); if (mp->mnt_flag & MNT_ROOTFS) return (EOPNOTSUPP); Index: head/sys/fs/procfs/procfs.c =================================================================== --- head/sys/fs/procfs/procfs.c +++ head/sys/fs/procfs/procfs.c @@ -215,4 +215,4 @@ return (0); } -PSEUDOFS(procfs, 1, PR_ALLOW_MOUNT_PROCFS); +PSEUDOFS(procfs, 1, VFCF_JAIL); Index: head/sys/fs/pseudofs/pseudofs.h =================================================================== --- head/sys/fs/pseudofs/pseudofs.h +++ head/sys/fs/pseudofs/pseudofs.h @@ -272,7 +272,7 @@ /* * Now for some initialization magic... */ -#define PSEUDOFS(name, version, jflag) \ +#define PSEUDOFS(name, version, flags) \ \ static struct pfs_info name##_info = { \ #name, \ @@ -282,8 +282,6 @@ \ static int \ _##name##_mount(struct mount *mp) { \ - if (jflag && !prison_allow(curthread->td_ucred, jflag)) \ - return (EPERM); \ return (pfs_mount(&name##_info, mp)); \ } \ \ @@ -306,7 +304,7 @@ .vfs_uninit = _##name##_uninit, \ .vfs_unmount = pfs_unmount, \ }; \ -VFS_SET(name##_vfsops, name, VFCF_SYNTHETIC | (jflag ? VFCF_JAIL : 0)); \ +VFS_SET(name##_vfsops, name, VFCF_SYNTHETIC | flags); \ MODULE_VERSION(name, version); \ MODULE_DEPEND(name, pseudofs, 1, 1, 1); Index: head/sys/fs/tmpfs/tmpfs_vfsops.c =================================================================== --- head/sys/fs/tmpfs/tmpfs_vfsops.c +++ head/sys/fs/tmpfs/tmpfs_vfsops.c @@ -141,7 +141,6 @@ sizeof(struct tmpfs_dirent) + sizeof(struct tmpfs_node)); struct tmpfs_mount *tmp; struct tmpfs_node *root; - struct thread *td = curthread; int error; bool nonc; /* Size counters. */ @@ -154,9 +153,6 @@ mode_t root_mode; struct vattr va; - - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_TMPFS)) - return (EPERM); if (vfs_filteropt(mp->mnt_optnew, tmpfs_opts)) return (EINVAL); Index: head/sys/kern/kern_jail.c =================================================================== --- head/sys/kern/kern_jail.c +++ head/sys/kern/kern_jail.c @@ -111,7 +111,7 @@ #else .pr_flags = PR_HOST|_PR_IP_SADDRSEL, #endif - .pr_allow = PR_ALLOW_ALL, + .pr_allow = PR_ALLOW_ALL_STATIC, }; MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); @@ -181,7 +181,8 @@ }; const size_t pr_flag_jailsys_size = sizeof(pr_flag_jailsys); -static struct bool_flags pr_flag_allow[] = { +/* Make this array full-size so dynamic parameters can be added. */ +static struct bool_flags pr_flag_allow[NBBY * NBPW] = { {"allow.set_hostname", "allow.noset_hostname", PR_ALLOW_SET_HOSTNAME}, {"allow.sysvipc", "allow.nosysvipc", PR_ALLOW_SYSVIPC}, {"allow.raw_sockets", "allow.noraw_sockets", PR_ALLOW_RAW_SOCKETS}, @@ -189,17 +190,6 @@ {"allow.mount", "allow.nomount", PR_ALLOW_MOUNT}, {"allow.quotas", "allow.noquotas", PR_ALLOW_QUOTAS}, {"allow.socket_af", "allow.nosocket_af", PR_ALLOW_SOCKET_AF}, - {"allow.mount.devfs", "allow.mount.nodevfs", PR_ALLOW_MOUNT_DEVFS}, - {"allow.mount.nullfs", "allow.mount.nonullfs", PR_ALLOW_MOUNT_NULLFS}, - {"allow.mount.zfs", "allow.mount.nozfs", PR_ALLOW_MOUNT_ZFS}, - {"allow.mount.procfs", "allow.mount.noprocfs", PR_ALLOW_MOUNT_PROCFS}, - {"allow.mount.tmpfs", "allow.mount.notmpfs", PR_ALLOW_MOUNT_TMPFS}, - {"allow.mount.fdescfs", "allow.mount.nofdescfs", - PR_ALLOW_MOUNT_FDESCFS}, - {"allow.mount.linprocfs", "allow.mount.nolinprocfs", - PR_ALLOW_MOUNT_LINPROCFS}, - {"allow.mount.linsysfs", "allow.mount.nolinsysfs", - PR_ALLOW_MOUNT_LINSYSFS}, {"allow.reserved_ports", "allow.noreserved_ports", PR_ALLOW_RESERVED_PORTS}, }; @@ -318,7 +308,8 @@ /* Set permissions for top-level jails from sysctls. */ if (!jailed(td->td_ucred)) { for (bf = pr_flag_allow; - bf < pr_flag_allow + nitems(pr_flag_allow); + bf < pr_flag_allow + nitems(pr_flag_allow) && + bf->flag != 0; bf++) { optiov[opt.uio_iovcnt].iov_base = __DECONST(char *, (jail_default_allow & bf->flag) @@ -654,7 +645,7 @@ pr_allow = ch_allow = 0; for (bf = pr_flag_allow; - bf < pr_flag_allow + nitems(pr_flag_allow); + bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0; bf++) { vfs_flagopt(opts, bf->name, &pr_allow, bf->flag); vfs_flagopt(opts, bf->noname, &ch_allow, bf->flag); @@ -2115,7 +2106,7 @@ goto done_deref; } for (bf = pr_flag_allow; - bf < pr_flag_allow + nitems(pr_flag_allow); + bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0; bf++) { i = (pr->pr_allow & bf->flag) ? 1 : 0; error = vfs_setopt(opts, bf->name, &i, sizeof(i)); @@ -3615,38 +3606,6 @@ CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I", "Processes in jail can mount/unmount jail-friendly file systems (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_devfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_DEVFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the devfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_fdescfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_FDESCFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the fdescfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_nullfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_NULLFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the nullfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_procfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the procfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_linprocfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_LINPROCFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the linprocfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_linsysfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_LINSYSFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the linsysfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the tmpfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the zfs file system (deprecated)"); static int sysctl_jail_default_level(SYSCTL_HANDLER_ARGS) @@ -3799,23 +3758,111 @@ SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags"); SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount/unmount jail-friendly file systems in general"); -SYSCTL_JAIL_PARAM(_allow_mount, devfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the devfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, fdescfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the fdescfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, nullfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the nullfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the procfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, linprocfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the linprocfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, linsysfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the linsysfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the tmpfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the zfs file system"); +/* + * The VFS system will register jail-aware filesystems here. They each get + * a parameter allow.mount.xxxfs and a flag to check when a jailed user + * attempts to mount. + */ +void +prison_add_vfs(struct vfsconf *vfsp) +{ + char *allow_name, *allow_noname, *mount_allowed; + struct bool_flags *bf; +#ifndef NO_SYSCTL_DESCR + char *descr; +#endif + unsigned allow_flag; + + if (asprintf(&allow_name, M_PRISON, "allow.mount.%s", vfsp->vfc_name) < + 0 || asprintf(&allow_noname, M_PRISON, "allow.mount.no%s", + vfsp->vfc_name) < 0) { + free(allow_name, M_PRISON); + return; + } + + /* + * See if this parameter has already beed added, i.e. if the filesystem + * was previously loaded/unloaded. + */ + mtx_lock(&prison0.pr_mtx); + for (bf = pr_flag_allow; + bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0; + bf++) { + if (strcmp(bf->name, allow_name) == 0) { + vfsp->vfc_prison_flag = bf->flag; + goto no_add; + } + } + + /* + * Find a free bit in prison0's pr_allow, failing if there are none + * (which shouldn't happen as long as we keep track of how many + * filesystems are jail-aware). + */ + for (allow_flag = 1;; allow_flag <<= 1) { + if (allow_flag == 0) + goto no_add; + if ((prison0.pr_allow & allow_flag) == 0) + break; + } + + /* + * Note the parameter in the next open slot in pr_flag_allow. + * Set the flag last so code that checks pr_flag_allow can do so + * without locking. + */ + for (bf = pr_flag_allow; bf->flag != 0; bf++) + if (bf == pr_flag_allow + nitems(pr_flag_allow)) { + /* This should never happen, but is not fatal. */ + goto no_add; + } + prison0.pr_allow |= allow_flag; + bf->name = allow_name; + bf->noname = allow_noname; + bf->flag = allow_flag; + vfsp->vfc_prison_flag = allow_flag; + mtx_unlock(&prison0.pr_mtx); + + /* + * Create sysctls for the paramter, and the back-compat global + * permission. + */ +#ifndef NO_SYSCTL_DESCR + (void)asprintf(&descr, M_TEMP, "Jail may mount the %s file system", + vfsp->vfc_name); +#endif + (void)SYSCTL_ADD_PROC(NULL, + SYSCTL_CHILDREN(&sysctl___security_jail_param_allow_mount), + OID_AUTO, vfsp->vfc_name, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, 0, sysctl_jail_param, "B", descr); +#ifndef NO_SYSCTL_DESCR + free(descr, M_TEMP); +#endif + if (asprintf(&mount_allowed, M_TEMP, "mount_%s_allowed", + vfsp->vfc_name) >= 0) { +#ifndef NO_SYSCTL_DESCR + (void)asprintf(&descr, M_TEMP, + "Processes in jail can mount the %s file system (deprecated)", + vfsp->vfc_name); +#endif + (void)SYSCTL_ADD_PROC(NULL, + SYSCTL_CHILDREN(&sysctl___security_jail), OID_AUTO, + mount_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, allow_flag, sysctl_jail_default_allow, "I", descr); +#ifndef NO_SYSCTL_DESCR + free(descr, M_TEMP); +#endif + free(mount_allowed, M_TEMP); + } + return; + + no_add: + mtx_unlock(&prison0.pr_mtx); + free(allow_name, M_PRISON); + free(allow_noname, M_PRISON); +} + #ifdef RACCT void prison_racct_foreach(void (*callback)(struct racct *racct, @@ -4050,7 +4097,7 @@ } db_printf(" allow = 0x%x", pr->pr_allow); for (bf = pr_flag_allow; - bf < pr_flag_allow + nitems(pr_flag_allow); + bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0; bf++) if (pr->pr_allow & bf->flag) db_printf(" %s", bf->name); Index: head/sys/kern/vfs_init.c =================================================================== --- head/sys/kern/vfs_init.c +++ head/sys/kern/vfs_init.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -276,7 +277,10 @@ vfsops->vfs_extattrctl = vfs_stdextattrctl; if (vfsops->vfs_sysctl == NULL) vfsops->vfs_sysctl = vfs_stdsysctl; - + + if (vfc->vfc_flags & VFCF_JAIL) + prison_add_vfs(vfc); + /* * Call init function for this VFS... */ Index: head/sys/kern/vfs_mount.c =================================================================== --- head/sys/kern/vfs_mount.c +++ head/sys/kern/vfs_mount.c @@ -843,6 +843,16 @@ KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); /* + * If the jail of the calling thread lacks permission for this type of + * file system, deny immediately. + */ + if (jailed(td->td_ucred) && !prison_allow(td->td_ucred, + vfsp->vfc_prison_flag)) { + vput(vp); + return (EPERM); + } + + /* * If the user is not root, ensure that they own the directory * onto which we are attempting to mount. */ @@ -1149,8 +1159,6 @@ vfsp = vfs_byname_kld(fstype, td, &error); if (vfsp == NULL) return (ENODEV); - if (jailed(td->td_ucred) && !(vfsp->vfc_flags & VFCF_JAIL)) - return (EPERM); } /* Index: head/sys/kern/vfs_subr.c =================================================================== --- head/sys/kern/vfs_subr.c +++ head/sys/kern/vfs_subr.c @@ -683,19 +683,21 @@ { int error; - /* - * If the thread is jailed, but this is not a jail-friendly file - * system, deny immediately. - */ - if (!(mp->mnt_vfc->vfc_flags & VFCF_JAIL) && jailed(td->td_ucred)) - return (EPERM); + if (jailed(td->td_ucred)) { + /* + * If the jail of the calling thread lacks permission for + * this type of file system, deny immediately. + */ + if (!prison_allow(td->td_ucred, mp->mnt_vfc->vfc_prison_flag)) + return (EPERM); - /* - * If the file system was mounted outside the jail of the calling - * thread, deny immediately. - */ - if (prison_check(td->td_ucred, mp->mnt_cred) != 0) - return (EPERM); + /* + * If the file system was mounted outside the jail of the + * calling thread, deny immediately. + */ + if (prison_check(td->td_ucred, mp->mnt_cred) != 0) + return (EPERM); + } /* * If file system supports delegated administration, we don't check Index: head/sys/sys/jail.h =================================================================== --- head/sys/sys/jail.h +++ head/sys/sys/jail.h @@ -216,7 +216,10 @@ #define PR_IP6 0x04000000 /* IPv6 restricted or disabled */ /* by this jail or an ancestor */ -/* Flags for pr_allow */ +/* + * Flags for pr_allow + * Bits not noted here may be used for dynamic allow.mount.xxxfs. + */ #define PR_ALLOW_SET_HOSTNAME 0x00000001 #define PR_ALLOW_SYSVIPC 0x00000002 #define PR_ALLOW_RAW_SOCKETS 0x00000004 @@ -224,17 +227,9 @@ #define PR_ALLOW_MOUNT 0x00000010 #define PR_ALLOW_QUOTAS 0x00000020 #define PR_ALLOW_SOCKET_AF 0x00000040 -#define PR_ALLOW_MOUNT_DEVFS 0x00000080 -#define PR_ALLOW_MOUNT_NULLFS 0x00000100 -#define PR_ALLOW_MOUNT_ZFS 0x00000200 -#define PR_ALLOW_MOUNT_PROCFS 0x00000400 -#define PR_ALLOW_MOUNT_TMPFS 0x00000800 -#define PR_ALLOW_MOUNT_FDESCFS 0x00001000 -#define PR_ALLOW_MOUNT_LINPROCFS 0x00002000 -#define PR_ALLOW_MOUNT_LINSYSFS 0x00004000 #define PR_ALLOW_RESERVED_PORTS 0x00008000 #define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */ -#define PR_ALLOW_ALL 0x0001ffff +#define PR_ALLOW_ALL_STATIC 0x0001807f /* * OSD methods @@ -364,6 +359,7 @@ struct mount; struct sockaddr; struct statfs; +struct vfsconf; int jailed(struct ucred *cred); int jailed_without_vnet(struct ucred *); void getcredhostname(struct ucred *, char *, size_t); @@ -413,6 +409,7 @@ char *prison_name(struct prison *, struct prison *); int prison_priv_check(struct ucred *cred, int priv); int sysctl_jail_param(SYSCTL_HANDLER_ARGS); +void prison_add_vfs(struct vfsconf *vfsp); void prison_racct_foreach(void (*callback)(struct racct *racct, void *arg2, void *arg3), void (*pre)(void), void (*post)(void), void *arg2, void *arg3); Index: head/sys/sys/mount.h =================================================================== --- head/sys/sys/mount.h +++ head/sys/sys/mount.h @@ -516,6 +516,7 @@ int vfc_typenum; /* historic filesystem type number */ int vfc_refcount; /* number mounted of this type */ int vfc_flags; /* permanent flags */ + int vfc_prison_flag; /* prison allow.mount.* flag */ struct vfsoptdecl *vfc_opts; /* mount options */ TAILQ_ENTRY(vfsconf) vfc_list; /* list of vfscons */ }; @@ -851,7 +852,8 @@ */ #define VFS_VERSION_00 0x19660120 #define VFS_VERSION_01 0x20121030 -#define VFS_VERSION VFS_VERSION_01 +#define VFS_VERSION_02 0x20180504 +#define VFS_VERSION VFS_VERSION_02 #define VFS_SET(vfsops, fsname, flags) \ static struct vfsconf fsname ## _vfsconf = { \ Index: head/usr.sbin/jail/jail.8 =================================================================== --- head/usr.sbin/jail/jail.8 +++ head/usr.sbin/jail/jail.8 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 5, 2017 +.Dd May 4, 2018 .Dt JAIL 8 .Os .Sh NAME @@ -545,6 +545,33 @@ The devfs ruleset should be restricted from the default by using the .Va devfs_ruleset option. +.It Va allow.quotas +The jail root may administer quotas on the jail's filesystem(s). +This includes filesystems that the jail may share with other jails or +with non-jailed parts of the system. +.It Va allow.socket_af +Sockets within a jail are normally restricted to IPv4, IPv6, local +(UNIX), and route. This allows access to other protocol stacks that +have not had jail functionality added to them. +.It Va allow.reserved_ports +The jail root may bind to ports lower than 1024. +.El +.El +.Pp +Kernel modules may add their own parameters, which only exist when the +module is loaded. +These are typically headed under a parameter named after the module, +with values of +.Dq inherit +to give the jail full use of the module, +.Dq new +to encapsulate the jail in some module-specific way, +and +.Dq disable +to make the module unavailable to the jail. +There also may be other parameters to define jail behavior within the module. +Module-specific parameters include: +.Bl -tag -width indent .It Va allow.mount.fdescfs privileged users inside the jail will be able to mount and unmount the fdescfs file system. @@ -605,33 +632,6 @@ .Xr zfs 8 for information on how to configure the ZFS filesystem to operate from within a jail. -.It Va allow.quotas -The jail root may administer quotas on the jail's filesystem(s). -This includes filesystems that the jail may share with other jails or -with non-jailed parts of the system. -.It Va allow.socket_af -Sockets within a jail are normally restricted to IPv4, IPv6, local -(UNIX), and route. This allows access to other protocol stacks that -have not had jail functionality added to them. -.It Va allow.reserved_ports -The jail root may bind to ports lower than 1024. -.El -.El -.Pp -Kernel modules may add their own parameters, which only exist when the -module is loaded. -These are typically headed under a parameter named after the module, -with values of -.Dq inherit -to give the jail full use of the module, -.Dq new -to encapsulate the jail in some module-specific way, -and -.Dq disable -to make the module unavailable to the jail. -There also may be other parameters to define jail behavior within the module. -Module-specific parameters include: -.Bl -tag -width indent .It Va linux Determine how a jail's Linux emulation environment appears. A value of