From owner-svn-src-all@FreeBSD.ORG Wed Feb 29 00:37:33 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8AEDC106564A; Wed, 29 Feb 2012 00:37:33 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25]) by mx1.freebsd.org (Postfix) with ESMTP id 179958FC12; Wed, 29 Feb 2012 00:37:33 +0000 (UTC) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 0C3AB25D3A02; Wed, 29 Feb 2012 00:37:32 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id 270A1BDB5FC; Wed, 29 Feb 2012 00:37:31 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id RMQics467oua; Wed, 29 Feb 2012 00:37:29 +0000 (UTC) Received: from orange-en1.sbone.de (orange-en1.sbone.de [IPv6:fde9:577b:c1a9:31:cabc:c8ff:fecf:e8e3]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id 97A6DBDB5FA; Wed, 29 Feb 2012 00:37:29 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1084) Content-Type: text/plain; charset=us-ascii From: "Bjoern A. Zeeb" In-Reply-To: <201202290030.q1T0UItT098971@svn.freebsd.org> Date: Wed, 29 Feb 2012 00:37:28 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <80B3B04F-C7CC-4D83-963A-20092347C84F@lists.zabbadoz.net> References: <201202290030.q1T0UItT098971@svn.freebsd.org> To: Martin Matuska X-Mailer: Apple Mail (2.1084) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r232278 - in head: sys/compat/linprocfs sys/compat/linsysfs sys/fs/procfs sys/fs/pseudofs sys/kern sys/sys usr.sbin/jail X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Feb 2012 00:37:33 -0000 On 29. Feb 2012, at 00:30 , Martin Matuska wrote: > Author: mm > Date: Wed Feb 29 00:30:18 2012 > New Revision: 232278 > URL: http://svn.freebsd.org/changeset/base/232278 >=20 > Log: > Add procfs to jail-mountable filesystems. >=20 The man page lacks a .Dd update? I also think this one should come with a very big red warning in the man = page that you can easily compromise your host security I fear unless things = changed in "proc" land. > Reviewed by: jamie > MFC after: 1 week >=20 > Modified: > head/sys/compat/linprocfs/linprocfs.c > head/sys/compat/linsysfs/linsysfs.c > head/sys/fs/procfs/procfs.c > head/sys/fs/pseudofs/pseudofs.h > head/sys/kern/kern_jail.c > head/sys/sys/jail.h > head/usr.sbin/jail/jail.8 .. > Modified: head/usr.sbin/jail/jail.8 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/jail.8 Tue Feb 28 23:30:19 2012 = (r232277) > +++ head/usr.sbin/jail/jail.8 Wed Feb 29 00:30:18 2012 = (r232278) > @@ -428,6 +428,14 @@ This permission is effective only togeth > and if > .Va enforce_statfs > is set to a value lower than 2. > +.It Va allow.mount.procfs > +privileged users inside the jail will be able to mount and unmount = the > +procfs file system. > +This permission is effective only together with > +.Va allow.mount > +and if > +.Va enforce_statfs > +is set to a value lower than 2. > .It Va allow.mount.zfs > privileged users inside the jail will be able to mount and unmount the > ZFS file system. --=20 Bjoern A. Zeeb You have to have visions! It does not matter how good you are. It matters what good you do!