HomeFreeBSD

Restrict visibility of per-dataset kstats inside FreeBSD jails

Description

Restrict visibility of per-dataset kstats inside FreeBSD jails

When inside a jail, visibility on datasets not "jailed" to the
jail is restricted. However, it was possible to enumerate all
datasets in the pool by looking at the kstats sysctl MIB.

Only the kstats corresponding to datasets that the user has
visibility on are accessible now.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Signed-off-by: Allan Jude <allan@klarasystems.com>
Closes #14254

Details

Provenance
allanjudeAuthored on Dec 9 2022, 7:04 PM
GitHub <noreply@github.com>Committed on Dec 9 2022, 7:04 PM
Parents
rG5401472cd059: Linux PPC: Fix build failures on kernels built without CONFIG_SPE
Branches
Unknown
Tags
Unknown