Date: Sat, 20 Jun 2009 14:50:32 +0000 (UTC) From: Ed Schouten <ed@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/fs/devfs devfs_vnops.c src/sys/kern tty.c src/sys/sys priv.h Message-ID: <200906201451.n5KEpPKD017677@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
ed 2009-06-20 14:50:32 UTC
FreeBSD src repository
Modified files:
sys/fs/devfs devfs_vnops.c
sys/kern tty.c
sys/sys priv.h
Log:
SVN rev 194532 on 2009-06-20 14:50:32Z by ed
Improve nested jail awareness of devfs by handling credentials.
Now that we start to use credentials on character devices more often
(because of MPSAFE TTY), move the prison-checks that are in place in the
TTY code into devfs.
Instead of strictly comparing the prisons, use the more common
prison_check() function to compare credentials. This means that
pseudo-terminals are only visible in devfs by processes within the same
jail and parent jails.
Even though regular users in parent jails can now interact with
pseudo-terminals from child jails, this seems to be the right approach.
These processes are also capable of interacting with the jailed
processes anyway, through signals for example.
Reviewed by: kib, rwatson (older version)
Revision Changes Path
1.181 +22 -0 src/sys/fs/devfs/devfs_vnops.c
1.324 +0 -7 src/sys/kern/tty.c
1.33 +0 -1 src/sys/sys/priv.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906201451.n5KEpPKD017677>