From owner-svn-src-head@FreeBSD.ORG Fri Aug 23 22:52:21 2013 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 5EABD963; Fri, 23 Aug 2013 22:52:21 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 49C582A11; Fri, 23 Aug 2013 22:52:21 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r7NMqLke045339; Fri, 23 Aug 2013 22:52:21 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r7NMqKWQ045334; Fri, 23 Aug 2013 22:52:20 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201308232252.r7NMqKWQ045334@svn.freebsd.org> From: Xin LI Date: Fri, 23 Aug 2013 22:52:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r254741 - in head: sys/fs/tmpfs sys/kern sys/sys usr.sbin/jail X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Aug 2013 22:52:21 -0000 Author: delphij Date: Fri Aug 23 22:52:20 2013 New Revision: 254741 URL: http://svnweb.freebsd.org/changeset/base/254741 Log: Allow tmpfs be mounted inside jail. Modified: head/sys/fs/tmpfs/tmpfs_vfsops.c head/sys/kern/kern_jail.c head/sys/sys/jail.h head/usr.sbin/jail/jail.8 Modified: head/sys/fs/tmpfs/tmpfs_vfsops.c ============================================================================== --- head/sys/fs/tmpfs/tmpfs_vfsops.c Fri Aug 23 21:46:11 2013 (r254740) +++ head/sys/fs/tmpfs/tmpfs_vfsops.c Fri Aug 23 22:52:20 2013 (r254741) @@ -47,6 +47,8 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include +#include #include #include #include @@ -138,6 +140,7 @@ tmpfs_mount(struct mount *mp) sizeof(struct tmpfs_dirent) + sizeof(struct tmpfs_node)); struct tmpfs_mount *tmp; struct tmpfs_node *root; + struct thread *td = curthread; int error; /* Size counters. */ u_quad_t pages; @@ -150,6 +153,9 @@ tmpfs_mount(struct mount *mp) struct vattr va; + if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_TMPFS)) + return (EPERM); + if (vfs_filteropt(mp->mnt_optnew, tmpfs_opts)) return (EINVAL); @@ -420,4 +426,4 @@ struct vfsops tmpfs_vfsops = { .vfs_statfs = tmpfs_statfs, .vfs_fhtovp = tmpfs_fhtovp, }; -VFS_SET(tmpfs_vfsops, tmpfs, 0); +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL); Modified: head/sys/kern/kern_jail.c ============================================================================== --- head/sys/kern/kern_jail.c Fri Aug 23 21:46:11 2013 (r254740) +++ head/sys/kern/kern_jail.c Fri Aug 23 22:52:20 2013 (r254741) @@ -206,6 +206,7 @@ static char *pr_allow_names[] = { "allow.mount.nullfs", "allow.mount.zfs", "allow.mount.procfs", + "allow.mount.tmpfs", }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -221,6 +222,7 @@ static char *pr_allow_nonames[] = { "allow.mount.nonullfs", "allow.mount.nozfs", "allow.mount.noprocfs", + "allow.mount.notmpfs", }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -4228,6 +4230,10 @@ SYSCTL_PROC(_security_jail, OID_AUTO, mo CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I", "Processes in jail can mount the procfs file system"); +SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I", + "Processes in jail can mount the tmpfs file system"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I", @@ -4380,6 +4386,8 @@ SYSCTL_JAIL_PARAM(_allow_mount, nullfs, "B", "Jail may mount the nullfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the procfs file system"); +SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may mount the tmpfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the zfs file system"); Modified: head/sys/sys/jail.h ============================================================================== --- head/sys/sys/jail.h Fri Aug 23 21:46:11 2013 (r254740) +++ head/sys/sys/jail.h Fri Aug 23 22:52:20 2013 (r254741) @@ -227,7 +227,8 @@ struct prison_racct { #define PR_ALLOW_MOUNT_NULLFS 0x0100 #define PR_ALLOW_MOUNT_ZFS 0x0200 #define PR_ALLOW_MOUNT_PROCFS 0x0400 -#define PR_ALLOW_ALL 0x07ff +#define PR_ALLOW_MOUNT_TMPFS 0x0800 +#define PR_ALLOW_ALL 0x0fff /* * OSD methods Modified: head/usr.sbin/jail/jail.8 ============================================================================== --- head/usr.sbin/jail/jail.8 Fri Aug 23 21:46:11 2013 (r254740) +++ head/usr.sbin/jail/jail.8 Fri Aug 23 22:52:20 2013 (r254741) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd September 15, 2012 +.Dd August 23, 2013 .Dt JAIL 8 .Os .Sh NAME @@ -545,6 +545,14 @@ This permission is effective only togeth and if .Va enforce_statfs is set to a value lower than 2. +.It Va allow.mount.tmpfs +privileged users inside the jail will be able to mount and unmount the +tmpfs file system. +This permission is effective only together with +.Va allow.mount +and if +.Va enforce_statfs +is set to a value lower than 2. .It Va allow.mount.zfs privileged users inside the jail will be able to mount and unmount the ZFS file system.