Page MenuHomeFreeBSD

Add mount option to disallow creating sockets on filesystem
Needs ReviewPublic

Authored by firk_cantconnect.ru on Mar 14 2022, 11:28 PM.
Referenced Files
Unknown Object (File)
Sun, Nov 17, 9:35 AM
Unknown Object (File)
Oct 11 2024, 9:20 AM
Unknown Object (File)
Oct 11 2024, 7:12 AM
Unknown Object (File)
Oct 4 2024, 3:31 PM
Unknown Object (File)
Oct 4 2024, 6:26 AM
Unknown Object (File)
Oct 1 2024, 7:26 PM
Unknown Object (File)
Oct 1 2024, 1:17 PM
Unknown Object (File)
Oct 1 2024, 3:54 AM
Subscribers
This revision needs review, but there are no reviewers specified.

Details

Reviewers
None
Summary

Added "nosockbind" mountopt, which prevents binding new UNIX domain sockets in the filesystem. The option is intentionally not transparent through nullfs. The original idea was to prevent unwanted and possibly exploitable (may lead to jail escaping,see bugzilla for details) UNIX-socket IPC between two different jails via socket in nullfs-shared directory.

PR: 262179

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

firk_cantconnect.ru retitled this revision from Add mount option to disallow creating socketson filesystem to Add mount option to disallow creating sockets on filesystem.Mar 15 2022, 12:25 AM