svn commit: r279361 - in head: sys/kern sys/sys usr.sbin/jail
Ian Lepore
ian at freebsd.org
Mon Mar 2 20:23:22 UTC 2015
On Mon, 2015-03-02 at 01:02 -0800, Julian Elischer wrote:
> On 2/27/15 8:28 AM, Ian Lepore wrote:
>
> >
> > Log:
> > Allow the kern.osrelease and kern.osreldate sysctl values to be set in a
> > jail's creation parameters. This allows the kernel version to be reliably
> > spoofed within the jail whether examined directly with sysctl or
> > indirectly with the uname -r and -K options.
> > [..]
>
> > There is no sanity or range checking, other than disallowing an empty
> > release string or a zero release date, by design. The system
> > administrator is trusted to set sane values. Setting values that are
> > newer than the actual running kernel will likely cause compatibility
> > problems.
> >
> I would think that you could at set time ensure that only older
> releases were allowed..
> I'm not sure what the rule would be with sub-sub-jails.. older than
> parent, or older than base system..?
>
>
I am a really really strong believer in giving administrators complete
control of their systems. If they want to do "something stupid" because
it works for them, I'm not going to stop them.
-- Ian
More information about the svn-src-all
mailing list