git: 290a02913765 - stable/14 - extattr(9): Mention system namespace restrictions in a jail
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 04 Oct 2024 08:33:19 UTC
The branch stable/14 has been updated by 0mp: URL: https://cgit.FreeBSD.org/src/commit/?id=290a029137657e5af0918c9546e6fc880d3ea867 commit 290a029137657e5af0918c9546e6fc880d3ea867 Author: Dmitry Chagin <dchagin@FreeBSD.org> AuthorDate: 2023-09-01 08:12:51 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2024-10-04 08:33:05 +0000 extattr(9): Mention system namespace restrictions in a jail Reported by: netchild Reviewed by: gbe Differential revision: https://reviews.freebsd.org/D41676 MFC after: 1 week (cherry picked from commit 315d7bbbb4e4b35d195a0a74ede229b1f64d42cc) --- share/man/man9/extattr.9 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/share/man/man9/extattr.9 b/share/man/man9/extattr.9 index 3a49746d1eb1..c765a55e9059 100644 --- a/share/man/man9/extattr.9 +++ b/share/man/man9/extattr.9 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 23, 1999 +.Dd September 1, 2023 .Dt EXTATTR 9 .Os .Sh NAME @@ -54,6 +54,10 @@ attribute data is protected according the normal discretionary and mandatory protections associated with the data in the file or directory; system attribute data is protected such that appropriate privilege is required to directly access or manipulate these attributes. +By default processes in a +.Xr jail 8 +can not access to the system attribute data unless allow.extattr +configuration parameter is specified. .Pp Reads of extended attribute data may return specific contiguous regions of the meta-data, in the style of @@ -77,6 +81,7 @@ Appropriate vnode extended attribute calls are: and .Xr VOP_SETEXTATTR 9 . .Sh SEE ALSO +.Xr jail 8 , .Xr VFS 9 , .Xr VFS_EXTATTRCTL 9 , .Xr VOP_GETEXTATTR 9 ,