Allowing tmpfs to be mounted in jail?
Konstantin Belousov
kostikbel at gmail.com
Thu Aug 22 21:37:47 UTC 2013
On Thu, Aug 22, 2013 at 12:15:29PM -0700, Xin Li wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hi,
>
> Do anybody have concerns if I would commit this?
>
> Index: sys/fs/tmpfs/tmpfs_vfsops.c
> ===================================================================
> - --- sys/fs/tmpfs/tmpfs_vfsops.c (revision 254663)
> +++ sys/fs/tmpfs/tmpfs_vfsops.c (working copy)
> @@ -420,4 +420,4 @@ struct vfsops tmpfs_vfsops = {
> .vfs_statfs = tmpfs_statfs,
> .vfs_fhtovp = tmpfs_fhtovp,
> };
> - -VFS_SET(tmpfs_vfsops, tmpfs, 0);
> +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL);
>
Unrestricted tmpfs mounts can easily consume all available memory,
making the host unusable. But the change is probably fine, since
we have global 'disable mount from the jail' flag.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20130823/15d62662/attachment.sig>
More information about the freebsd-security
mailing list