Allowing tmpfs to be mounted in jail?

Sam Fourman Jr. sfourman at
Thu Aug 22 23:20:23 UTC 2013

Xin Li,

> I can envision the use of tmpfs without providing access to mounting other
> devices within a jail context.
> It would be better if this feature had its own sysctl to control the
> jail's state, particularly as a DOS could "inadvertently" be
> introduced, per Kib's earlier point. Other devices-types have additional
> mitigation strategies, such as exclusion via dev.rules
> which tmpfs doesn't have.
> Regards, Dewayne.

This is a Great feature and it has several use cases, what about the
possibility of a sysctl that adds a max amount
that a jail could set a tmpfs... this would be per jail, now in theory you
could over commit resources, but that would
be a administrators decision, and not one jail could consume all resources.

Sam Fourman Jr.

More information about the freebsd-security mailing list