FreeBSD Mail Archives

Date:      Fri, 23 Aug 2013 00:37:32 +0300
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        d@delphij.net
Cc:        freebsd-fs@FreeBSD.ORG, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject:   Re: Allowing tmpfs to be mounted in jail?
Message-ID:  <20130822213732.GA4972@kib.kiev.ua>
In-Reply-To: <52166351.4030106@delphij.net>
References:  <52166351.4030106@delphij.net>


--bichG//H2mG70Fl1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Aug 22, 2013 at 12:15:29PM -0700, Xin Li wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>=20
> Hi,
>=20
> Do anybody have concerns if I would commit this?
>=20
> Index: sys/fs/tmpfs/tmpfs_vfsops.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> - --- sys/fs/tmpfs/tmpfs_vfsops.c	(revision 254663)
> +++ sys/fs/tmpfs/tmpfs_vfsops.c	(working copy)
> @@ -420,4 +420,4 @@ struct vfsops tmpfs_vfsops =3D {
>  	.vfs_statfs =3D			tmpfs_statfs,
>  	.vfs_fhtovp =3D			tmpfs_fhtovp,
>  };
> - -VFS_SET(tmpfs_vfsops, tmpfs, 0);
> +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL);
>=20

Unrestricted tmpfs mounts can easily consume all available memory,
making the host unusable.  But the change is probably fine, since
we have global 'disable mount from the jail' flag.

--bichG//H2mG70Fl1
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (FreeBSD)

iQIcBAEBAgAGBQJSFoSbAAoJEJDCuSvBvK1B7dYP/iYajaL4lhFs0d7tm8dDMBB6
n4CgaoDAtTzj8UqcBFleeeDKqnvj+PnymR5v/PQwuwLxjkTj6sbOZ+fOGQT/kiy+
Zp0NzuqX6H7Ur45Nwt66wqA7PxOxUuLugpt1/lBreDZiPme8+xwIj9CRK/9Nt+4a
ODeX7ob0B0lqDCBzj8h3xRXWjgCV05Yq2GtVkqbVGptIMgYOWhCgqBXTyoDb36qQ
av4g/yMq1DzHsaq8nRLfF/GyF1BtUSk+nf1t0Dh5UaSFSLPKncl5CV5vU9yEMtWm
d5KCrWzZqUuG863znfpxVRz2ya2Bl8K/5d93pOt/yl/De8pVy44lCmn7N8HA3HB9
OL7+C+vTA4L8rWsNw1K1v727+i+2YSEvOgrSKhUYAuQT35E0FT0QC1WJesyYZaIJ
9zxrsJeJ7fiEoKxk+k1rh7mr39f4CiS8DjlM7pWG0xAR8GU5lhe1NsXnAk2X1lH6
TxIA7wBvEPOGRG28cqQlC3um+iNourgFalPEBML2f61ZVs7MZ06bDZsCvioIB2fi
Ns4Y96L2Npu5/zEON93iYf/a5J3yD2G3iDhiMtyeatg2qiwx69j5uIUoiPtzen8E
5p14MI9jWVk7Q0Effij1R6VK1YWX7j+gslg6ktfVBTw9jxYPM0VH4m0p5TWbSMJI
rwbai0r9zOakzPw/TCFV
=AOCT
-----END PGP SIGNATURE-----

--bichG//H2mG70Fl1--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130822213732.GA4972>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation