Date: Tue, 3 Mar 2015 14:55:28 +0300 (MSK) From: Dmitry Morozovsky <marck@rinet.ru> To: Ian Lepore <ian@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Julian Elischer <julian@freebsd.org> Subject: Re: svn commit: r279361 - in head: sys/kern sys/sys usr.sbin/jail Message-ID: <alpine.BSF.2.00.1503031455000.29302@woozle.rinet.ru> In-Reply-To: <1425327800.1287.7.camel@freebsd.org> References: <201502271628.t1RGSurE067472@svn.freebsd.org> <54F42726.3000602@freebsd.org> <1425327800.1287.7.camel@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 2 Mar 2015, Ian Lepore wrote: > > > Log: > > > Allow the kern.osrelease and kern.osreldate sysctl values to be set in a > > > jail's creation parameters. This allows the kernel version to be reliably > > > spoofed within the jail whether examined directly with sysctl or > > > indirectly with the uname -r and -K options. > > > [..] > > > > > There is no sanity or range checking, other than disallowing an empty > > > release string or a zero release date, by design. The system > > > administrator is trusted to set sane values. Setting values that are > > > newer than the actual running kernel will likely cause compatibility > > > problems. > > > > > I would think that you could at set time ensure that only older > > releases were allowed.. > > I'm not sure what the rule would be with sub-sub-jails.. older than > > parent, or older than base system..? > > > > > > I am a really really strong believer in giving administrators complete > control of their systems. If they want to do "something stupid" because > it works for them, I'm not going to stop them. Well, what about giving them a hinting warning in such case? -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1503031455000.29302>