Date: Fri, 23 Aug 2013 22:52:20 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r254741 - in head: sys/fs/tmpfs sys/kern sys/sys usr.sbin/jail Message-ID: <201308232252.r7NMqKWQ045334@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Fri Aug 23 22:52:20 2013 New Revision: 254741 URL: http://svnweb.freebsd.org/changeset/base/254741 Log: Allow tmpfs be mounted inside jail. Modified: head/sys/fs/tmpfs/tmpfs_vfsops.c head/sys/kern/kern_jail.c head/sys/sys/jail.h head/usr.sbin/jail/jail.8 Modified: head/sys/fs/tmpfs/tmpfs_vfsops.c ============================================================================== --- head/sys/fs/tmpfs/tmpfs_vfsops.c Fri Aug 23 21:46:11 2013 (r254740) +++ head/sys/fs/tmpfs/tmpfs_vfsops.c Fri Aug 23 22:52:20 2013 (r254741) @@ -47,6 +47,8 @@ __FBSDID("$FreeBSD$"); #include <sys/limits.h> #include <sys/lock.h> #include <sys/mutex.h> +#include <sys/proc.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/stat.h> #include <sys/systm.h> @@ -138,6 +140,7 @@ tmpfs_mount(struct mount *mp) sizeof(struct tmpfs_dirent) + sizeof(struct tmpfs_node)); struct tmpfs_mount *tmp; struct tmpfs_node *root; + struct thread *td = curthread; int error; /* Size counters. */ u_quad_t pages; @@ -150,6 +153,9 @@ tmpfs_mount(struct mount *mp) struct vattr va; + if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_TMPFS)) + return (EPERM); + if (vfs_filteropt(mp->mnt_optnew, tmpfs_opts)) return (EINVAL); @@ -420,4 +426,4 @@ struct vfsops tmpfs_vfsops = { .vfs_statfs = tmpfs_statfs, .vfs_fhtovp = tmpfs_fhtovp, }; -VFS_SET(tmpfs_vfsops, tmpfs, 0); +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL); Modified: head/sys/kern/kern_jail.c ============================================================================== --- head/sys/kern/kern_jail.c Fri Aug 23 21:46:11 2013 (r254740) +++ head/sys/kern/kern_jail.c Fri Aug 23 22:52:20 2013 (r254741) @@ -206,6 +206,7 @@ static char *pr_allow_names[] = { "allow.mount.nullfs", "allow.mount.zfs", "allow.mount.procfs", + "allow.mount.tmpfs", }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -221,6 +222,7 @@ static char *pr_allow_nonames[] = { "allow.mount.nonullfs", "allow.mount.nozfs", "allow.mount.noprocfs", + "allow.mount.notmpfs", }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -4228,6 +4230,10 @@ SYSCTL_PROC(_security_jail, OID_AUTO, mo CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I", "Processes in jail can mount the procfs file system"); +SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I", + "Processes in jail can mount the tmpfs file system"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I", @@ -4380,6 +4386,8 @@ SYSCTL_JAIL_PARAM(_allow_mount, nullfs, "B", "Jail may mount the nullfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the procfs file system"); +SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may mount the tmpfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the zfs file system"); Modified: head/sys/sys/jail.h ============================================================================== --- head/sys/sys/jail.h Fri Aug 23 21:46:11 2013 (r254740) +++ head/sys/sys/jail.h Fri Aug 23 22:52:20 2013 (r254741) @@ -227,7 +227,8 @@ struct prison_racct { #define PR_ALLOW_MOUNT_NULLFS 0x0100 #define PR_ALLOW_MOUNT_ZFS 0x0200 #define PR_ALLOW_MOUNT_PROCFS 0x0400 -#define PR_ALLOW_ALL 0x07ff +#define PR_ALLOW_MOUNT_TMPFS 0x0800 +#define PR_ALLOW_ALL 0x0fff /* * OSD methods Modified: head/usr.sbin/jail/jail.8 ============================================================================== --- head/usr.sbin/jail/jail.8 Fri Aug 23 21:46:11 2013 (r254740) +++ head/usr.sbin/jail/jail.8 Fri Aug 23 22:52:20 2013 (r254741) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 15, 2012 +.Dd August 23, 2013 .Dt JAIL 8 .Os .Sh NAME @@ -545,6 +545,14 @@ This permission is effective only togeth and if .Va enforce_statfs is set to a value lower than 2. +.It Va allow.mount.tmpfs +privileged users inside the jail will be able to mount and unmount the +tmpfs file system. +This permission is effective only together with +.Va allow.mount +and if +.Va enforce_statfs +is set to a value lower than 2. .It Va allow.mount.zfs privileged users inside the jail will be able to mount and unmount the ZFS file system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308232252.r7NMqKWQ045334>