Date: Fri, 07 Jul 2023 12:10:44 +0000 From: =?utf-8?Q?Mina_Gali=C4=87?= <freebsd@igalic.co> To: FreeBSD Current <freebsd-current@freebsd.org> Subject: mount_nullfs: /var/run/log: must be either a file or directory Message-ID: <cg0tpJtfXrnRHcTxPtgVhcQwoRWY-vr3PMrATaT7k0vvSuDZxlhe81qjkvJJh-LcLyvK4NOMkaFX70IG-tZY9zMA0giGPEfRdQIxPduXogs=@igalic.co>
next in thread | raw e-mail | index | archive | help
Hi folks, "recently", we added support for null-mounting single files: https://freshbsd.org/freebsd/src/commit/521fbb722c33663cf00a83bca70ad7cb790= 687b3 This code restricts the mountable =E2=80=A6 thing to: =09if ((lowerrootvp->v_type !=3D VDIR && lowerrootvp->v_type !=3D VREG) || = =E2=80=A6 As the author of the abandoned https://reviews.freebsd.org/D27411 which attempted to add facility to syslog's rc to provide (selected) jails with a log socket, it was pointed out to me that this is a big security risk: https://reviews.freebsd.org/D27411#882100 so I was wondering if null mounts are the same kind of security hazard, or if not allowing sockets is just the oversight of a first approximation of this patch? Kind regards, Mina Gali=C4=87 Try PkgBase: https://alpha.pkgbase.live/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cg0tpJtfXrnRHcTxPtgVhcQwoRWY-vr3PMrATaT7k0vvSuDZxlhe81qjkvJJh-LcLyvK4NOMkaFX70IG-tZY9zMA0giGPEfRdQIxPduXogs=>