D2846.diff
No OneTemporary
Actions

Size

4 KB

Referenced Files

None

Subscribers

None

D2846.diff
View Options

	Index: sys/compat/linprocfs/linprocfs.c
	===================================================================
	--- sys/compat/linprocfs/linprocfs.c
	+++ sys/compat/linprocfs/linprocfs.c
	@@ -1530,7 +1530,7 @@
	return (0);
	}

	-PSEUDOFS(linprocfs, 1, 0);
	+PSEUDOFS(linprocfs, 1, PR_ALLOW_MOUNT_LINPROCFS);
	#if defined(__amd64__)
	MODULE_DEPEND(linprocfs, linux_common, 1, 1, 1);
	#else
	Index: sys/compat/linsysfs/linsysfs.c
	===================================================================
	--- sys/compat/linsysfs/linsysfs.c
	+++ sys/compat/linsysfs/linsysfs.c
	@@ -275,7 +275,7 @@
	return (0);
	}

	-PSEUDOFS(linsysfs, 1, 0);
	+PSEUDOFS(linsysfs, 1, PR_ALLOW_MOUNT_LINSYSFS);
	#if defined(__amd64__)
	MODULE_DEPEND(linsysfs, linux_common, 1, 1, 1);
	#else
	Index: sys/kern/kern_jail.c
	===================================================================
	--- sys/kern/kern_jail.c
	+++ sys/kern/kern_jail.c
	@@ -205,6 +205,8 @@
	"allow.mount.procfs",
	"allow.mount.tmpfs",
	"allow.mount.fdescfs",
	+ "allow.mount.linprocfs",
	+ "allow.mount.linsysfs",
	};
	const size_t pr_allow_names_size = sizeof(pr_allow_names);

	@@ -222,6 +224,8 @@
	"allow.mount.noprocfs",
	"allow.mount.notmpfs",
	"allow.mount.nofdescfs",
	+ "allow.mount.nolinprocfs",
	+ "allow.mount.nolinsysfs",
	};
	const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames);

	@@ -4290,6 +4294,14 @@
	CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_MPSAFE,
	NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I",
	"Processes in jail can mount the procfs file system");
	+SYSCTL_PROC(_security_jail, OID_AUTO, mount_linprocfs_allowed,
	+ CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_MPSAFE,
	+ NULL, PR_ALLOW_MOUNT_LINPROCFS, sysctl_jail_default_allow, "I",
	+ "Processes in jail can mount the linprocfs file system");
	+SYSCTL_PROC(_security_jail, OID_AUTO, mount_linsysfs_allowed,
	+ CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_MPSAFE,
	+ NULL, PR_ALLOW_MOUNT_LINSYSFS, sysctl_jail_default_allow, "I",
	+ "Processes in jail can mount the linsysfs file system");
	SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed,
	CTLTYPE_INT \| CTLFLAG_RW \| CTLFLAG_MPSAFE,
	NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I",
	@@ -4456,6 +4468,10 @@
	"B", "Jail may mount the nullfs file system");
	SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT \| CTLFLAG_RW,
	"B", "Jail may mount the procfs file system");
	+SYSCTL_JAIL_PARAM(_allow_mount, linprocfs, CTLTYPE_INT \| CTLFLAG_RW,
	+ "B", "Jail may mount the linprocfs file system");
	+SYSCTL_JAIL_PARAM(_allow_mount, linsysfs, CTLTYPE_INT \| CTLFLAG_RW,
	+ "B", "Jail may mount the linsysfs file system");
	SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT \| CTLFLAG_RW,
	"B", "Jail may mount the tmpfs file system");
	SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT \| CTLFLAG_RW,
	Index: sys/sys/jail.h
	===================================================================
	--- sys/sys/jail.h
	+++ sys/sys/jail.h
	@@ -230,7 +230,9 @@
	#define PR_ALLOW_MOUNT_PROCFS 0x0400
	#define PR_ALLOW_MOUNT_TMPFS 0x0800
	#define PR_ALLOW_MOUNT_FDESCFS 0x1000
	-#define PR_ALLOW_ALL 0x1fff
	+#define PR_ALLOW_MOUNT_LINPROCFS 0x2000
	+#define PR_ALLOW_MOUNT_LINSYSFS 0x4000
	+#define PR_ALLOW_ALL 0x7fff

	/*
	* OSD methods
	Index: usr.sbin/jail/jail.8
	===================================================================
	--- usr.sbin/jail/jail.8
	+++ usr.sbin/jail/jail.8
	@@ -25,7 +25,7 @@
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd February 25, 2015
	+.Dd July 6, 2015
	.Dt JAIL 8
	.Os
	.Sh NAME
	@@ -563,6 +563,22 @@
	and only when
	.Va enforce_statfs
	is set to a value lower than 2.
	+.It Va allow.mount.linprocfs
	+privileged users inside the jail will be able to mount and unmount the
	+linprocfs file system.
	+This permission is effective only together with
	+.Va allow.mount
	+and only when
	+.Va enforce_statfs
	+is set to a value lower than 2.
	+.It Va allow.mount.linsysfs
	+privileged users inside the jail will be able to mount and unmount the
	+linsysfs file system.
	+This permission is effective only together with
	+.Va allow.mount
	+and only when
	+.Va enforce_statfs
	+is set to a value lower than 2.
	.It Va allow.mount.tmpfs
	privileged users inside the jail will be able to mount and unmount the
	tmpfs file system.
	@@ -1210,6 +1226,8 @@
	.Xr fdescfs 5 ,
	.Xr jail.conf 5 ,
	.Xr procfs 5 ,
	+.Xr linprocfs 5 ,
	+.Xr linsysfs 5 ,
	.Xr rc.conf 5 ,
	.Xr sysctl.conf 5 ,
	.Xr chroot 8 ,

File Metadata

Mime Type: text/plain
Expires: Sat, Mar 21, 6:34 AM (8 h, 1 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 30051901
Default Alt Text: D2846.diff (4 KB)

D2846.diffNo OneTemporaryActions

D2846.diffView Options

File Metadata

Event Timeline

D2846.diff
No OneTemporary
Actions

D2846.diff
View Options