cvs commit: src/sys/sys jail.h src/sys/kern kern_jail.c
vfs_syscalls.c
Robert Watson
rwatson at FreeBSD.org
Sat Feb 14 10:31:12 PST 2004
rwatson 2004/02/14 10:31:12 PST
FreeBSD src repository
Modified files:
sys/sys jail.h
sys/kern kern_jail.c vfs_syscalls.c
Log:
By default, when a process in jail calls getfsstat(), only return the
data for the file system on which the jail's root vnode is located.
Previous behavior (show data for all mountpoints) can be restored
by setting security.jail.getfsstatroot_only to 0. Note: this also
has the effect of hiding other mounts inside a jail, such as /dev,
/tmp, and /proc, but errs on the side of leaking less information.
Revision Changes Path
1.36 +20 -0 src/sys/kern/kern_jail.c
1.337 +8 -0 src/sys/kern/vfs_syscalls.c
1.20 +3 -0 src/sys/sys/jail.h
More information about the cvs-all
mailing list