cvs commit: src/lib/libc/gen getvfsbyname.3 src/share/man/man9
VFS_SET.9 src/sys/kern kern_jail.c vfs_mount.c src/sys/sys mount.h
src/usr.bin/lsvfs lsvfs.c src/usr.sbin/jail jail.8
Pawel Jakub Dawidek
pjd at FreeBSD.org
Thu Apr 5 21:03:06 UTC 2007
pjd 2007-04-05 21:03:05 UTC
FreeBSD src repository
Modified files:
lib/libc/gen getvfsbyname.3
share/man/man9 VFS_SET.9
sys/kern kern_jail.c vfs_mount.c
sys/sys mount.h
usr.bin/lsvfs lsvfs.c
usr.sbin/jail jail.8
Log:
Add security.jail.mount_allowed sysctl, which allows to mount and
unmount jail-friendly file systems from within a jail.
Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and
PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user.
It is turned off by default.
A jail-friendly file system is a file system which driver registers
itself with VFCF_JAIL flag via VFS_SET(9) API.
The lsvfs(1) command can be used to see which file systems are
jail-friendly ones.
There currently no jail-friendly file systems, ZFS will be the first one.
In the future we may consider marking file systems like nullfs as
jail-friendly.
Reviewed by: rwatson
Revision Changes Path
1.17 +7 -0 src/lib/libc/gen/getvfsbyname.3
1.10 +7 -0 src/share/man/man9/VFS_SET.9
1.63 +17 -0 src/sys/kern/kern_jail.c
1.253 +7 -0 src/sys/kern/vfs_mount.c
1.224 +1 -0 src/sys/sys/mount.h
1.18 +5 -0 src/usr.bin/lsvfs/lsvfs.c
1.83 +10 -0 src/usr.sbin/jail/jail.8
More information about the cvs-src
mailing list