Date: Tue, 4 Dec 2012 14:31:39 GMT From: emaste@FreeBSD.org To: emaste@FreeBSD.org, freebsd-bugs@FreeBSD.org, emaste@FreeBSD.org Subject: Re: kern/174104: security.jail.param does not reflect actual jail perms Message-ID: <201212041431.qB4EVdk4028470@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Synopsis: security.jail.param does not reflect actual jail perms
Responsible-Changed-From-To: freebsd-bugs->emaste
Responsible-Changed-By: emaste
Responsible-Changed-When: Tue Dec 4 14:26:51 UTC 2012
Responsible-Changed-Why:
Assign to myself for tracking.
This stuff is rather opaque and poorly documented, but it does appear to
function.
There are two sysctls associated with each of these parameters - e.g.:
security.jail.param.allow.mount.nullfs:
Jail may mount the nullfs file system
security.jail.mount_nullfs_allowed:
Processes in jail can mount the nullfs file system
The non-param one inside the jail tracks modifications from jail -m
modifications done by the host.
http://www.freebsd.org/cgi/query-pr.cgi?pr=174104
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201212041431.qB4EVdk4028470>