Date: Thu, 5 Apr 2007 21:03:05 +0000 (UTC) From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/lib/libc/gen getvfsbyname.3 src/share/man/man9 VFS_SET.9 src/sys/kern kern_jail.c vfs_mount.c src/sys/sys mount.h src/usr.bin/lsvfs lsvfs.c src/usr.sbin/jail jail.8 Message-ID: <200704052103.l35L36j0012600@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
pjd 2007-04-05 21:03:05 UTC
FreeBSD src repository
Modified files:
lib/libc/gen getvfsbyname.3
share/man/man9 VFS_SET.9
sys/kern kern_jail.c vfs_mount.c
sys/sys mount.h
usr.bin/lsvfs lsvfs.c
usr.sbin/jail jail.8
Log:
Add security.jail.mount_allowed sysctl, which allows to mount and
unmount jail-friendly file systems from within a jail.
Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and
PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user.
It is turned off by default.
A jail-friendly file system is a file system which driver registers
itself with VFCF_JAIL flag via VFS_SET(9) API.
The lsvfs(1) command can be used to see which file systems are
jail-friendly ones.
There currently no jail-friendly file systems, ZFS will be the first one.
In the future we may consider marking file systems like nullfs as
jail-friendly.
Reviewed by: rwatson
Revision Changes Path
1.17 +7 -0 src/lib/libc/gen/getvfsbyname.3
1.10 +7 -0 src/share/man/man9/VFS_SET.9
1.63 +17 -0 src/sys/kern/kern_jail.c
1.253 +7 -0 src/sys/kern/vfs_mount.c
1.224 +1 -0 src/sys/sys/mount.h
1.18 +5 -0 src/usr.bin/lsvfs/lsvfs.c
1.83 +10 -0 src/usr.sbin/jail/jail.8
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704052103.l35L36j0012600>