svn commit: r232278 - in head: sys/compat/linprocfs
sys/compat/linsysfs sys/fs/procfs sys/fs/pseudofs sys/kern
sys/sys usr.sbin/jail
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Wed Feb 29 00:37:33 UTC 2012
On 29. Feb 2012, at 00:30 , Martin Matuska wrote:
> Author: mm
> Date: Wed Feb 29 00:30:18 2012
> New Revision: 232278
> URL: http://svn.freebsd.org/changeset/base/232278
>
> Log:
> Add procfs to jail-mountable filesystems.
>
The man page lacks a .Dd update?
I also think this one should come with a very big red warning in the man page
that you can easily compromise your host security I fear unless things changed
in "proc" land.
> Reviewed by: jamie
> MFC after: 1 week
>
> Modified:
> head/sys/compat/linprocfs/linprocfs.c
> head/sys/compat/linsysfs/linsysfs.c
> head/sys/fs/procfs/procfs.c
> head/sys/fs/pseudofs/pseudofs.h
> head/sys/kern/kern_jail.c
> head/sys/sys/jail.h
> head/usr.sbin/jail/jail.8
..
> Modified: head/usr.sbin/jail/jail.8
> ==============================================================================
> --- head/usr.sbin/jail/jail.8 Tue Feb 28 23:30:19 2012 (r232277)
> +++ head/usr.sbin/jail/jail.8 Wed Feb 29 00:30:18 2012 (r232278)
> @@ -428,6 +428,14 @@ This permission is effective only togeth
> and if
> .Va enforce_statfs
> is set to a value lower than 2.
> +.It Va allow.mount.procfs
> +privileged users inside the jail will be able to mount and unmount the
> +procfs file system.
> +This permission is effective only together with
> +.Va allow.mount
> +and if
> +.Va enforce_statfs
> +is set to a value lower than 2.
> .It Va allow.mount.zfs
> privileged users inside the jail will be able to mount and unmount the
> ZFS file system.
--
Bjoern A. Zeeb You have to have visions!
It does not matter how good you are. It matters what good you do!
More information about the svn-src-head
mailing list