svn commit: r279361 - in head: sys/kern sys/sys usr.sbin/jail
Dmitry Morozovsky
marck at rinet.ru
Tue Mar 3 12:00:13 UTC 2015
On Mon, 2 Mar 2015, Ian Lepore wrote:
> > > Log:
> > > Allow the kern.osrelease and kern.osreldate sysctl values to be set in a
> > > jail's creation parameters. This allows the kernel version to be reliably
> > > spoofed within the jail whether examined directly with sysctl or
> > > indirectly with the uname -r and -K options.
> > > [..]
> >
> > > There is no sanity or range checking, other than disallowing an empty
> > > release string or a zero release date, by design. The system
> > > administrator is trusted to set sane values. Setting values that are
> > > newer than the actual running kernel will likely cause compatibility
> > > problems.
> > >
> > I would think that you could at set time ensure that only older
> > releases were allowed..
> > I'm not sure what the rule would be with sub-sub-jails.. older than
> > parent, or older than base system..?
> >
> >
>
> I am a really really strong believer in giving administrators complete
> control of their systems. If they want to do "something stupid" because
> it works for them, I'm not going to stop them.
Well, what about giving them a hinting warning in such case?
--
Sincerely,
D.Marck [DM5020, MCK-RIPE, DM3-RIPN]
[ FreeBSD committer: marck at FreeBSD.org ]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck at rinet.ru ***
------------------------------------------------------------------------
More information about the svn-src-all
mailing list