git: d1fdafc789df - stable/14 - jail: add security.jail.mlock_allowed
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 22 Jan 2024 09:39:29 UTC
The branch stable/14 has been updated by bapt:
URL: https://cgit.FreeBSD.org/src/commit/?id=d1fdafc789dfd6c9ad4145ca0bcfde87b1ca818e
commit d1fdafc789dfd6c9ad4145ca0bcfde87b1ca818e
Author: Baptiste Daroussin <bapt@FreeBSD.org>
AuthorDate: 2024-01-04 14:09:44 +0000
Commit: Baptiste Daroussin <bapt@FreeBSD.org>
CommitDate: 2024-01-22 09:39:16 +0000
jail: add security.jail.mlock_allowed
when the parameter allow.mlock was added a way for jails to check
if the parameter was set or now has not been added, this change
covers it.
MFC After: 3 days
Reviewed by: jamie@
Differential Revision: https://reviews.freebsd.org/D43314
(cherry picked from commit 9fd978680db6495180a4d46f76529d344b003c80)
---
sys/kern/kern_jail.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index e95008be42e8..91466c46bc62 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -4393,6 +4393,10 @@ SYSCTL_PROC(_security_jail, OID_AUTO, mount_allowed,
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I",
"Processes in jail can mount/unmount jail-friendly file systems (deprecated)");
+SYSCTL_PROC(_security_jail, OID_AUTO, mlock_allowed,
+ CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+ NULL, PR_ALLOW_MLOCK, sysctl_jail_default_allow, "I",
+ "Processes in jail can lock/unlock physical pages in memory");
static int
sysctl_jail_default_level(SYSCTL_HANDLER_ARGS)