From owner-cvs-all@FreeBSD.ORG  Thu Apr  5 21:03:06 2007
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 8C11916A401;
	Thu,  5 Apr 2007 21:03:06 +0000 (UTC) (envelope-from pjd@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id 7388413C457;
	Thu,  5 Apr 2007 21:03:06 +0000 (UTC) (envelope-from pjd@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.8/8.13.8) with ESMTP id l35L360A012803;
	Thu, 5 Apr 2007 21:03:06 GMT (envelope-from pjd@repoman.freebsd.org)
Received: (from pjd@localhost)
	by repoman.freebsd.org (8.13.8/8.13.8/Submit) id l35L36j0012600;
	Thu, 5 Apr 2007 21:03:06 GMT (envelope-from pjd)
Message-Id: <200704052103.l35L36j0012600@repoman.freebsd.org>
From: Pawel Jakub Dawidek <pjd@FreeBSD.org>
Date: Thu, 5 Apr 2007 21:03:05 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: src/lib/libc/gen getvfsbyname.3 src/share/man/man9
 VFS_SET.9 src/sys/kern kern_jail.c vfs_mount.c src/sys/sys mount.h
 src/usr.bin/lsvfs lsvfs.c src/usr.sbin/jail jail.8
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2007 21:03:06 -0000

pjd         2007-04-05 21:03:05 UTC

  FreeBSD src repository

  Modified files:
    lib/libc/gen         getvfsbyname.3 
    share/man/man9       VFS_SET.9 
    sys/kern             kern_jail.c vfs_mount.c 
    sys/sys              mount.h 
    usr.bin/lsvfs        lsvfs.c 
    usr.sbin/jail        jail.8 
  Log:
  Add security.jail.mount_allowed sysctl, which allows to mount and
  unmount jail-friendly file systems from within a jail.
  Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and
  PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user.
  It is turned off by default.
  
  A jail-friendly file system is a file system which driver registers
  itself with VFCF_JAIL flag via VFS_SET(9) API.
  The lsvfs(1) command can be used to see which file systems are
  jail-friendly ones.
  
  There currently no jail-friendly file systems, ZFS will be the first one.
  In the future we may consider marking file systems like nullfs as
  jail-friendly.
  
  Reviewed by:    rwatson
  
  Revision  Changes    Path
  1.17      +7 -0      src/lib/libc/gen/getvfsbyname.3
  1.10      +7 -0      src/share/man/man9/VFS_SET.9
  1.63      +17 -0     src/sys/kern/kern_jail.c
  1.253     +7 -0      src/sys/kern/vfs_mount.c
  1.224     +1 -0      src/sys/sys/mount.h
  1.18      +5 -0      src/usr.bin/lsvfs/lsvfs.c
  1.83      +10 -0     src/usr.sbin/jail/jail.8