From owner-svn-src-all@FreeBSD.ORG Mon Mar 2 20:23:22 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C5694E78; Mon, 2 Mar 2015 20:23:22 +0000 (UTC) Received: from pmta2.delivery3.ore.mailhop.org (pmta2.delivery3.ore.mailhop.org [54.213.22.21]) by mx1.freebsd.org (Postfix) with ESMTP id A27EFFB9; Mon, 2 Mar 2015 20:23:22 +0000 (UTC) Received: from smtp7.ore.mailhop.org (172.31.18.134) by pmta2.delivery1.ore.mailhop.org id huj3cq20u50g; Mon, 2 Mar 2015 20:23:40 +0000 (envelope-from ) Received: from c-73-34-117-227.hsd1.co.comcast.net ([73.34.117.227] helo=ilsoft.org) by smtp7.ore.mailhop.org with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82) (envelope-from ) id 1YSWs6-0004CX-DH; Mon, 02 Mar 2015 20:23:22 +0000 Received: from revolution.hippie.lan (revolution.hippie.lan [172.22.42.240]) by ilsoft.org (8.14.9/8.14.9) with ESMTP id t22KNKAC092074; Mon, 2 Mar 2015 13:23:20 -0700 (MST) (envelope-from ian@freebsd.org) X-Mail-Handler: DuoCircle Outbound SMTP X-Originating-IP: 73.34.117.227 X-Report-Abuse-To: abuse@duocircle.com (see https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information for abuse reporting information) X-MHO-User: U2FsdGVkX1+SfXqRMdwvH1BFZxsQJTip Message-ID: <1425327800.1287.7.camel@freebsd.org> Subject: Re: svn commit: r279361 - in head: sys/kern sys/sys usr.sbin/jail From: Ian Lepore To: Julian Elischer Date: Mon, 02 Mar 2015 13:23:20 -0700 In-Reply-To: <54F42726.3000602@freebsd.org> References: <201502271628.t1RGSurE067472@svn.freebsd.org> <54F42726.3000602@freebsd.org> Content-Type: text/plain; charset="us-ascii" X-Mailer: Evolution 3.12.10 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2015 20:23:22 -0000 On Mon, 2015-03-02 at 01:02 -0800, Julian Elischer wrote: > On 2/27/15 8:28 AM, Ian Lepore wrote: > > > > > Log: > > Allow the kern.osrelease and kern.osreldate sysctl values to be set in a > > jail's creation parameters. This allows the kernel version to be reliably > > spoofed within the jail whether examined directly with sysctl or > > indirectly with the uname -r and -K options. > > [..] > > > There is no sanity or range checking, other than disallowing an empty > > release string or a zero release date, by design. The system > > administrator is trusted to set sane values. Setting values that are > > newer than the actual running kernel will likely cause compatibility > > problems. > > > I would think that you could at set time ensure that only older > releases were allowed.. > I'm not sure what the rule would be with sub-sub-jails.. older than > parent, or older than base system..? > > I am a really really strong believer in giving administrators complete control of their systems. If they want to do "something stupid" because it works for them, I'm not going to stop them. -- Ian