Date: Sat, 14 Feb 2004 10:31:12 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/sys jail.h src/sys/kern kern_jail.c vfs_syscalls.c Message-ID: <200402141831.i1EIVCwL079081@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2004/02/14 10:31:12 PST
FreeBSD src repository
Modified files:
sys/sys jail.h
sys/kern kern_jail.c vfs_syscalls.c
Log:
By default, when a process in jail calls getfsstat(), only return the
data for the file system on which the jail's root vnode is located.
Previous behavior (show data for all mountpoints) can be restored
by setting security.jail.getfsstatroot_only to 0. Note: this also
has the effect of hiding other mounts inside a jail, such as /dev,
/tmp, and /proc, but errs on the side of leaking less information.
Revision Changes Path
1.36 +20 -0 src/sys/kern/kern_jail.c
1.337 +8 -0 src/sys/kern/vfs_syscalls.c
1.20 +3 -0 src/sys/sys/jail.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402141831.i1EIVCwL079081>