svn commit: r233048 - head/etc/defaults

Martin Matuska mm at FreeBSD.org
Sun Mar 18 21:50:16 UTC 2012


On 18.3.2012 22:29, Martin Matuska wrote:
> On 17.3.2012 16:35, Alexander Leidinger wrote:
>> On Fri, 16 Mar 2012 21:30:26 +0000 (UTC) Martin Matuska
>> <mm at FreeBSD.org> wrote:
>>
>>> Author: mm
>>> Date: Fri Mar 16 21:30:26 2012
>>> New Revision: 233048
>>> URL: http://svn.freebsd.org/changeset/base/233048
>>>
>>> Log:
>>>   Unhide /dev/zfs in devfsrules_jail.
>>>   
>>>   The /dev/zfs device is required for managing jailed ZFS datasets.
>> This may give more info to a jail (ZFS is in use on this machine) than
>> what someone may want to provide. I have separate rulesets for jails
>> without and with ZFS (actually the one without is the default one and
>> the one with is a new one):
>> ---snip---
>> ...
>>
>> [devfsrules_unhide_zfs=12]
>> add path zfs unhide
>>
>> ...
>>
>> [devfsrules_jail_withzfs=16]
>> add include $devfsrules_hide_all
>> add include $devfsrules_unhide_basic
>> add include $devfsrules_unhide_login
>> add include $devfsrules_unhide_zfs
>> ---snip---
>>
>> Anyone with arguments why this may be overly paranoid? If not, I would
>> suggest that we go this way instead.
>>
>> Bye,
>> Alexander.
>>
> The only disclosed information I know of is whether the zfs module is
> loaded on your system.
> Other alternative I was thinking of would be using a new ruleset (e.g.
> devfsrules_jail_zfs=5).
> The disadvantage here is that users that already have defined a ruleset
> with this number should be informed somehow.
>
Btw. jail has access to sysctl(8) and this discloses a *LOT* of
information, including if ZFS is loaded or not (existence of vfs.zfs)
and all its settings and statistics, hardware devices, geom devices,
network card counters and many more. Compared to this is /dev/zfs really
a minor issue :-)
Until we limit the output of sysctl() we don't hide this information
just by hiding /dev/zfs.

-- 
Martin Matuska
FreeBSD committer
http://blog.vx.sk



More information about the svn-src-all mailing list