Allowing tmpfs to be mounted in jail?
Slawa Olhovchenkov
slw at zxy.spb.ru
Fri Aug 23 11:41:47 UTC 2013
On Fri, Aug 23, 2013 at 12:37:32AM +0300, Konstantin Belousov wrote:
> On Thu, Aug 22, 2013 at 12:15:29PM -0700, Xin Li wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > Hi,
> >
> > Do anybody have concerns if I would commit this?
> >
> > Index: sys/fs/tmpfs/tmpfs_vfsops.c
> > ===================================================================
> > - --- sys/fs/tmpfs/tmpfs_vfsops.c (revision 254663)
> > +++ sys/fs/tmpfs/tmpfs_vfsops.c (working copy)
> > @@ -420,4 +420,4 @@ struct vfsops tmpfs_vfsops = {
> > .vfs_statfs = tmpfs_statfs,
> > .vfs_fhtovp = tmpfs_fhtovp,
> > };
> > - -VFS_SET(tmpfs_vfsops, tmpfs, 0);
> > +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL);
> >
>
> Unrestricted tmpfs mounts can easily consume all available memory,
> making the host unusable. But the change is probably fine, since
> we have global 'disable mount from the jail' flag.
tmpfs in jail must use memory limit from rctl memoryuse, I think.
More information about the freebsd-security
mailing list