Date: Thu, 17 Jan 2019 06:24:21 +0200 From: Konstantin Belousov <kib@freebsd.org> To: "Michael W. Lucas" <mwlucas@michaelwlucas.com> Cc: jail@freebsd.org Subject: Re: jail-safe filesystems Message-ID: <20190117042421.GK26174@kib.kiev.ua> In-Reply-To: <20190116203547.GA54482@mail.michaelwlucas.com> References: <20190116203547.GA54482@mail.michaelwlucas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 16, 2019 at 03:35:47PM -0500, Michael W. Lucas wrote: > Hi! > > I'm writing about filesystems and jails right now, and the docs have > me wondering: > > Filesystems marked with "jail" in lsvfs(8) are safe to use inside > jails. Cool. > > Is this an "absolutely do not use others within jails" statement, or > is it "don't manage these from jails" rule? Can I leave > enforce_statfs=2 but, say, have the host mount md0 as /tmp for the jail? The mark 'safe to use inside jail' means that the mark author considered the marked filesystem robust enough to trust the mounting to untrusted jail root. For instance, the UFS metadata parsing is *not* robust enough to sustain trying to mount arbitrary bytes from a volume, or esp. a specially crafted malicious volumes. On the other hand, tmpfs is considered safe because it is synthetic and kernel manages all the (meta)data on its own, so the only thing that malicious jail root can do is a consumption of the host memory. That said, md0 is only a memory-disk device, which filesystem you put on it, is up to you. And, personally I recommend to use tmpfs for /tmp, not async UFS over swap-backed md(4). The advantage of the former is avoidance of double-copy and somewhat less locking overhead. > > I *think* it's an absolute prohibition, but want to be sure before I > declare it to be so. It's the sort of thing I'll get complaints about > if I'm wrong. > > Thanks, > ==ml > > -- > Michael W. Lucas https://mwl.io/ > author of: Absolute OpenBSD, SSH Mastery, git commit murder, > Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc... > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190117042421.GK26174>