Diffusion FreeBSD src repository 6219190d7f60

Restrict visibility of per-dataset kstats inside FreeBSD jails
6219190d7f60
Actions

Description

Restrict visibility of per-dataset kstats inside FreeBSD jails

When inside a jail, visibility on datasets not "jailed" to the
jail is restricted. However, it was possible to enumerate all
datasets in the pool by looking at the kstats sysctl MIB.

Only the kstats corresponding to datasets that the user has
visibility on are accessible now.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Signed-off-by: Allan Jude <allan@klarasystems.com>
Closes #14254

Details

Provenance

allanjude	Authored on Dec 9 2022, 7:04 PM
Tony Hutter <hutter2@llnl.gov>	Committed on Jan 19 2023, 8:50 PM

Parents

rG24a6d8316a16: Fix dereference after null check in enqueue_range

Branches

Unknown

Tags

Unknown

Event Timeline

Tony Hutter <hutter2@llnl.gov> committed rG6219190d7f60: Restrict visibility of per-dataset kstats inside FreeBSD jails (authored by allanjude).Jan 19 2023, 8:50 PM

Changes (1)

Path

Size

module/

os/

freebsd/

spl/

spl_kstat.c

rG6219190d7f60

View Options

module/os/freebsd/spl/spl_kstat.c