Allowing tmpfs to be mounted in jail?

Dewayne Geraghty dewayne.geraghty at heuristicsystems.com.au
Thu Aug 22 23:13:05 UTC 2013 

> -----Original Message-----
> From: owner-freebsd-security at freebsd.org 
> [mailto:owner-freebsd-security at freebsd.org] On Behalf Of Xin Li
> Sent: Friday, 23 August 2013 5:15 AM
> To: freebsd-security at freebsd.org
> Cc: freebsd-fs at freebsd.org; kib at freebsd.org
> Subject: Allowing tmpfs to be mounted in jail?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hi,
> 
> Do anybody have concerns if I would commit this?
> 
> Index: sys/fs/tmpfs/tmpfs_vfsops.c
> ===================================================================
> - --- sys/fs/tmpfs/tmpfs_vfsops.c	(revision 254663)
> +++ sys/fs/tmpfs/tmpfs_vfsops.c	(working copy)
> @@ -420,4 +420,4 @@ struct vfsops tmpfs_vfsops = {
>  	.vfs_statfs =			tmpfs_statfs,
>  	.vfs_fhtovp =			tmpfs_fhtovp,
>  };
> - -VFS_SET(tmpfs_vfsops, tmpfs, 0);
> +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL);
> 
> Cheers,
> - -- 
> Xin LI <delphij at delphij.net>    https://www.delphij.net/
> FreeBSD - The Power to Serve!           Live free or die
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.21 (FreeBSD)
> 
> iQEcBAEBCgAGBQJSFmNRAAoJEG80Jeu8UPuzhFMH/2jligxAHwhYCbaYe43d8XXd
> 8ljxmusiVWLTwsjhcZRs0Pg56BSPFR2yMbf1rLgQQCc1HpIK82N9zd3hfDoSZTM3
> fhY+gB+M3aMfQ3A0lGzpCckFdj7Dlyr+drXuVeKsTCEdM7U82/GRBq/wkI8OGft4
> kCd9kmpiupFL5WmboBJNjC1wSgn0TYeGXazkTY9K4n0HmZP+306xf6ABHEkPO5XI
> nJuGsq8u2MhBmet4Cm38dGJGXym5mWRkU/i+YmgDTCVWbdKwILtEHQyq55krSPkP
> p85ntduffcAwcy8Yl8facveYq+pybQKO9pEP8hUMZIN0bLPCM01FQl5x4vbyFzc=
> =w8tX
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security at freebsd.org mailing list 
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to 
> "freebsd-security-unsubscribe at freebsd.org"

Xin Li,

I can envision the use of tmpfs without providing access to mounting other devices within a jail context.

It would be better if this feature had its own sysctl to control the jail's state, particularly as a DOS could "inadvertently" be
introduced, per Kib's earlier point. Other devices-types have additional mitigation strategies, such as exclusion via dev.rules
which tmpfs doesn't have.

Regards, Dewayne.

More information about the freebsd-security mailing list