From owner-svn-src-head@FreeBSD.ORG Tue Mar 3 05:44:59 2015 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 15DF068E; Tue, 3 Mar 2015 05:44:59 +0000 (UTC) Received: from mail-pa0-x229.google.com (mail-pa0-x229.google.com [IPv6:2607:f8b0:400e:c03::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D5314126; Tue, 3 Mar 2015 05:44:58 +0000 (UTC) Received: by padbj1 with SMTP id bj1so24563650pad.11; Mon, 02 Mar 2015 21:44:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:mime-version:in-reply-to:content-type :content-transfer-encoding:message-id:cc:from:subject:date:to; bh=ZM5aREVqs6JKOfmbgeBDvZcrEpC16QB2g8BztNXxdAY=; b=y/tMbglN+jLDUwntyOtSHuha+j+3HWT1zCHrfq0QIGvylkuutrvaQnmEKSD7+mb0gg nqWeqiLZdSQUUO2xhXvmwvqi5nzaljcQZYXUZ7KifG1+ydLZVcPRlE3szk8z+5EKINE6 B+RPhuWanskCg2FURggXLdFMXFWtBLCh+eQjnA6MUu9EKVnG8BHhG6epXWC4HlWkbsbg /NxJ0A/SiACYGiR25sai58o2t8kNjuNF1hwAQiKvmSN4xorCXsvS2VntYr0idRnet/je YaQhSq2vVEVQJUtG5R9G69n3ePfwtmKGqC1X9sjfRMd1+xQLqqDrZRuUixAnZiEIZBh4 jePw== X-Received: by 10.66.118.198 with SMTP id ko6mr53422210pab.16.1425361498182; Mon, 02 Mar 2015 21:44:58 -0800 (PST) Received: from ?IPv6:2601:8:ab80:7d6:2426:9dcb:5097:e221? ([2601:8:ab80:7d6:2426:9dcb:5097:e221]) by mx.google.com with ESMTPSA id f3sm13629608pdn.89.2015.03.02.21.44.56 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 02 Mar 2015 21:44:57 -0800 (PST) References: <201502271628.t1RGSurE067472@svn.freebsd.org> <54F42726.3000602@freebsd.org> <1425327800.1287.7.camel@freebsd.org> Mime-Version: 1.0 (1.0) In-Reply-To: <1425327800.1287.7.camel@freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <33AC77F5-8D04-475C-B14A-D7B94733E8AC@gmail.com> X-Mailer: iPhone Mail (12B466) From: Garrett Cooper Subject: Re: svn commit: r279361 - in head: sys/kern sys/sys usr.sbin/jail Date: Mon, 2 Mar 2015 21:44:55 -0800 To: Ian Lepore Cc: "svn-src-head@freebsd.org" , "svn-src-all@freebsd.org" , "src-committers@freebsd.org" , Julian Elischer X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Mar 2015 05:44:59 -0000 > On Mar 2, 2015, at 12:23, Ian Lepore wrote: >=20 >> On Mon, 2015-03-02 at 01:02 -0800, Julian Elischer wrote: >>> On 2/27/15 8:28 AM, Ian Lepore wrote: >>>=20 >>>=20 >>> Log: >>> Allow the kern.osrelease and kern.osreldate sysctl values to be set in= a >>> jail's creation parameters. This allows the kernel version to be reli= ably >>> spoofed within the jail whether examined directly with sysctl or >>> indirectly with the uname -r and -K options. >>> [..] >>=20 >>> There is no sanity or range checking, other than disallowing an empty >>> release string or a zero release date, by design. The system >>> administrator is trusted to set sane values. Setting values that are >>> newer than the actual running kernel will likely cause compatibility >>> problems. >> I would think that you could at set time ensure that only older=20 >> releases were allowed.. >> I'm not sure what the rule would be with sub-sub-jails.. older than=20 >> parent, or older than base system..? >=20 > I am a really really strong believer in giving administrators complete > control of their systems. If they want to do "something stupid" because > it works for them, I'm not going to stop them. Printing out a warning helps folks who are debugging issues though :)..=