git: 290a02913765 - stable/14 - extattr(9): Mention system namespace restrictions in a jail
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 04 Oct 2024 08:33:19 UTC
The branch stable/14 has been updated by 0mp:
URL: https://cgit.FreeBSD.org/src/commit/?id=290a029137657e5af0918c9546e6fc880d3ea867
commit 290a029137657e5af0918c9546e6fc880d3ea867
Author: Dmitry Chagin <dchagin@FreeBSD.org>
AuthorDate: 2023-09-01 08:12:51 +0000
Commit: Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2024-10-04 08:33:05 +0000
extattr(9): Mention system namespace restrictions in a jail
Reported by: netchild
Reviewed by: gbe
Differential revision: https://reviews.freebsd.org/D41676
MFC after: 1 week
(cherry picked from commit 315d7bbbb4e4b35d195a0a74ede229b1f64d42cc)
---
share/man/man9/extattr.9 | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/share/man/man9/extattr.9 b/share/man/man9/extattr.9
index 3a49746d1eb1..c765a55e9059 100644
--- a/share/man/man9/extattr.9
+++ b/share/man/man9/extattr.9
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd December 23, 1999
+.Dd September 1, 2023
.Dt EXTATTR 9
.Os
.Sh NAME
@@ -54,6 +54,10 @@ attribute data is protected according the normal discretionary
and mandatory protections associated with the data in the file or
directory; system attribute data is protected such that appropriate
privilege is required to directly access or manipulate these attributes.
+By default processes in a
+.Xr jail 8
+can not access to the system attribute data unless allow.extattr
+configuration parameter is specified.
.Pp
Reads of extended attribute data may return specific contiguous regions of
the meta-data, in the style of
@@ -77,6 +81,7 @@ Appropriate vnode extended attribute calls are:
and
.Xr VOP_SETEXTATTR 9 .
.Sh SEE ALSO
+.Xr jail 8 ,
.Xr VFS 9 ,
.Xr VFS_EXTATTRCTL 9 ,
.Xr VOP_GETEXTATTR 9 ,