Date: Fri, 23 Aug 2013 15:43:50 +0400 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: Konstantin Belousov <kostikbel@gmail.com> Cc: freebsd-fs@FreeBSD.ORG, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, d@delphij.net Subject: Re: Allowing tmpfs to be mounted in jail? Message-ID: <20130823114350.GA64913@zxy.spb.ru> In-Reply-To: <20130822213732.GA4972@kib.kiev.ua> References: <52166351.4030106@delphij.net> <20130822213732.GA4972@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 23, 2013 at 12:37:32AM +0300, Konstantin Belousov wrote:
> On Thu, Aug 22, 2013 at 12:15:29PM -0700, Xin Li wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > Hi,
> >
> > Do anybody have concerns if I would commit this?
> >
> > Index: sys/fs/tmpfs/tmpfs_vfsops.c
> > ===================================================================
> > - --- sys/fs/tmpfs/tmpfs_vfsops.c (revision 254663)
> > +++ sys/fs/tmpfs/tmpfs_vfsops.c (working copy)
> > @@ -420,4 +420,4 @@ struct vfsops tmpfs_vfsops = {
> > .vfs_statfs = tmpfs_statfs,
> > .vfs_fhtovp = tmpfs_fhtovp,
> > };
> > - -VFS_SET(tmpfs_vfsops, tmpfs, 0);
> > +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL);
> >
>
> Unrestricted tmpfs mounts can easily consume all available memory,
> making the host unusable. But the change is probably fine, since
> we have global 'disable mount from the jail' flag.
tmpfs in jail must use memory limit from rctl memoryuse, I think.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130823114350.GA64913>