Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/kern_jail.c
Show First 20 Lines • Show All 3,318 Lines • ▼ Show 20 Lines | #endif | ||||
case PRIV_VFS_MOUNT_OWNER: | case PRIV_VFS_MOUNT_OWNER: | ||||
if (cred->cr_prison->pr_allow & PR_ALLOW_MOUNT && | if (cred->cr_prison->pr_allow & PR_ALLOW_MOUNT && | ||||
cred->cr_prison->pr_enforce_statfs < 2) | cred->cr_prison->pr_enforce_statfs < 2) | ||||
return (0); | return (0); | ||||
else | else | ||||
return (EPERM); | return (EPERM); | ||||
/* | /* | ||||
* Jails should hold no disposition on the PRIV_VFS_READ_DIR | |||||
* policy. priv_check_cred will not specifically allow it, and | |||||
* we may want a MAC policy to allow it. | |||||
*/ | |||||
case PRIV_VFS_READ_DIR: | |||||
return (0); | |||||
/* | |||||
* Conditionnaly allow locking (unlocking) physical pages | * Conditionnaly allow locking (unlocking) physical pages | ||||
* in memory. | * in memory. | ||||
*/ | */ | ||||
case PRIV_VM_MLOCK: | case PRIV_VM_MLOCK: | ||||
case PRIV_VM_MUNLOCK: | case PRIV_VM_MUNLOCK: | ||||
if (cred->cr_prison->pr_allow & PR_ALLOW_MLOCK) | if (cred->cr_prison->pr_allow & PR_ALLOW_MLOCK) | ||||
return (0); | return (0); | ||||
else | else | ||||
▲ Show 20 Lines • Show All 920 Lines • Show Last 20 Lines |