Date: Wed, 29 Feb 2012 00:37:28 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Martin Matuska <mm@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r232278 - in head: sys/compat/linprocfs sys/compat/linsysfs sys/fs/procfs sys/fs/pseudofs sys/kern sys/sys usr.sbin/jail Message-ID: <80B3B04F-C7CC-4D83-963A-20092347C84F@lists.zabbadoz.net> In-Reply-To: <201202290030.q1T0UItT098971@svn.freebsd.org> References: <201202290030.q1T0UItT098971@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29. Feb 2012, at 00:30 , Martin Matuska wrote: > Author: mm > Date: Wed Feb 29 00:30:18 2012 > New Revision: 232278 > URL: http://svn.freebsd.org/changeset/base/232278 >=20 > Log: > Add procfs to jail-mountable filesystems. >=20 The man page lacks a .Dd update? I also think this one should come with a very big red warning in the man = page that you can easily compromise your host security I fear unless things = changed in "proc" land. > Reviewed by: jamie > MFC after: 1 week >=20 > Modified: > head/sys/compat/linprocfs/linprocfs.c > head/sys/compat/linsysfs/linsysfs.c > head/sys/fs/procfs/procfs.c > head/sys/fs/pseudofs/pseudofs.h > head/sys/kern/kern_jail.c > head/sys/sys/jail.h > head/usr.sbin/jail/jail.8 .. > Modified: head/usr.sbin/jail/jail.8 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/jail.8 Tue Feb 28 23:30:19 2012 = (r232277) > +++ head/usr.sbin/jail/jail.8 Wed Feb 29 00:30:18 2012 = (r232278) > @@ -428,6 +428,14 @@ This permission is effective only togeth > and if > .Va enforce_statfs > is set to a value lower than 2. > +.It Va allow.mount.procfs > +privileged users inside the jail will be able to mount and unmount = the > +procfs file system. > +This permission is effective only together with > +.Va allow.mount > +and if > +.Va enforce_statfs > +is set to a value lower than 2. > .It Va allow.mount.zfs > privileged users inside the jail will be able to mount and unmount the > ZFS file system. --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?80B3B04F-C7CC-4D83-963A-20092347C84F>