Diffusion FreeBSD src repository cb48780db4d6

jail: Add the ability to access system-level filesystem extended attributes
cb48780db4d6
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

jail: Add the ability to access system-level filesystem extended attributes

Prior to this commit privileged accounts in a jail could not access to the
filesystem extended attributes in the system namespace. To control access to
the system namespace in a per-jail basis add a new configuration parameter
allow.extattr which is off by default.

Reported by: zirias
Tested by: zirias
Obtained from: HardenedBSD
Reviewed by: kevans, jamie
Differential revision: https://reviews.freebsd.org/D41643
MFC after: 1 week
Relnotes: yes

Details

Provenance

lattera-gmail.com	Authored on Sep 1 2023, 8:11 AM
dchagin	Committed on Sep 1 2023, 8:11 AM

Reviewer

Differential Revision

D41643: jail: Add the ability to access system-level filesystem extended attributes

Parents

rG1bfc4574f786: linux(4): Return ENOTSUP from xattr syscalls instead of EPERM

Branches

Unknown

Tags

Unknown

Event Timeline

dchagin committed rGcb48780db4d6: jail: Add the ability to access system-level filesystem extended attributes (authored by lattera-gmail.com).Sep 1 2023, 8:11 AM

dchagin added an edge: D41643: jail: Add the ability to access system-level filesystem extended attributes.Sep 1 2023, 8:15 AM

Changes (3)

Path

Size

sys/

kern/

sys/

usr.sbin/

jail/

rGcb48780db4d6

sys/kern/kern_jail.c

Loading...

sys/sys/jail.h

Loading...

usr.sbin/jail/jail.8

Loading...