From owner-freebsd-fs@FreeBSD.ORG Thu Aug 22 21:37:47 2013 Return-Path: Delivered-To: freebsd-fs@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 521BBED6; Thu, 22 Aug 2013 21:37:47 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A5175252F; Thu, 22 Aug 2013 21:37:46 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.7/8.14.7) with ESMTP id r7MLbWsE007931; Fri, 23 Aug 2013 00:37:32 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua r7MLbWsE007931 Received: (from kostik@localhost) by tom.home (8.14.7/8.14.7/Submit) id r7MLbWHX007930; Fri, 23 Aug 2013 00:37:32 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 23 Aug 2013 00:37:32 +0300 From: Konstantin Belousov To: d@delphij.net Subject: Re: Allowing tmpfs to be mounted in jail? Message-ID: <20130822213732.GA4972@kib.kiev.ua> References: <52166351.4030106@delphij.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bichG//H2mG70Fl1" Content-Disposition: inline In-Reply-To: <52166351.4030106@delphij.net> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home Cc: freebsd-fs@FreeBSD.ORG, "freebsd-security@freebsd.org" X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Aug 2013 21:37:47 -0000 --bichG//H2mG70Fl1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 22, 2013 at 12:15:29PM -0700, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > Hi, >=20 > Do anybody have concerns if I would commit this? >=20 > Index: sys/fs/tmpfs/tmpfs_vfsops.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > - --- sys/fs/tmpfs/tmpfs_vfsops.c (revision 254663) > +++ sys/fs/tmpfs/tmpfs_vfsops.c (working copy) > @@ -420,4 +420,4 @@ struct vfsops tmpfs_vfsops =3D { > .vfs_statfs =3D tmpfs_statfs, > .vfs_fhtovp =3D tmpfs_fhtovp, > }; > - -VFS_SET(tmpfs_vfsops, tmpfs, 0); > +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL); >=20 Unrestricted tmpfs mounts can easily consume all available memory, making the host unusable. But the change is probably fine, since we have global 'disable mount from the jail' flag. --bichG//H2mG70Fl1 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (FreeBSD) iQIcBAEBAgAGBQJSFoSbAAoJEJDCuSvBvK1B7dYP/iYajaL4lhFs0d7tm8dDMBB6 n4CgaoDAtTzj8UqcBFleeeDKqnvj+PnymR5v/PQwuwLxjkTj6sbOZ+fOGQT/kiy+ Zp0NzuqX6H7Ur45Nwt66wqA7PxOxUuLugpt1/lBreDZiPme8+xwIj9CRK/9Nt+4a ODeX7ob0B0lqDCBzj8h3xRXWjgCV05Yq2GtVkqbVGptIMgYOWhCgqBXTyoDb36qQ av4g/yMq1DzHsaq8nRLfF/GyF1BtUSk+nf1t0Dh5UaSFSLPKncl5CV5vU9yEMtWm d5KCrWzZqUuG863znfpxVRz2ya2Bl8K/5d93pOt/yl/De8pVy44lCmn7N8HA3HB9 OL7+C+vTA4L8rWsNw1K1v727+i+2YSEvOgrSKhUYAuQT35E0FT0QC1WJesyYZaIJ 9zxrsJeJ7fiEoKxk+k1rh7mr39f4CiS8DjlM7pWG0xAR8GU5lhe1NsXnAk2X1lH6 TxIA7wBvEPOGRG28cqQlC3um+iNourgFalPEBML2f61ZVs7MZ06bDZsCvioIB2fi Ns4Y96L2Npu5/zEON93iYf/a5J3yD2G3iDhiMtyeatg2qiwx69j5uIUoiPtzen8E 5p14MI9jWVk7Q0Effij1R6VK1YWX7j+gslg6ktfVBTw9jxYPM0VH4m0p5TWbSMJI rwbai0r9zOakzPw/TCFV =AOCT -----END PGP SIGNATURE----- --bichG//H2mG70Fl1--