svn commit: r232059 - in head: sys/fs/devfs sys/fs/nullfs
sys/kern sys/sys usr.sbin/jail
Pawel Jakub Dawidek
pjd at FreeBSD.org
Sat Feb 25 23:05:26 UTC 2012
On Thu, Feb 23, 2012 at 06:51:24PM +0000, Martin Matuska wrote:
> Author: mm
> Date: Thu Feb 23 18:51:24 2012
> New Revision: 232059
> URL: http://svn.freebsd.org/changeset/base/232059
>
> Log:
> To improve control over the use of mount(8) inside a jail(8), introduce
> a new jail parameter node with the following parameters:
>
> allow.mount.devfs:
> allow mounting the devfs filesystem inside a jail
>
> allow.mount.nullfs:
> allow mounting the nullfs filesystem inside a jail
>
> Both parameters are disabled by default (equals the behavior before
> devfs and nullfs in jails). Administrators have to explicitly allow
> mounting devfs and nullfs for each jail. The value "-1" of the
> devfs_ruleset parameter is removed in favor of the new allow setting.
>
> Reviewed by: jamie
> Suggested by: pjd
> MFC after: 2 weeks
Thanks. Could you also add such an option for ZFS? It would also be nice
to document the fact that when file system is using VFCF_JAIL flag, it
should be added to allow.mount. Not sure where would be the best place
to document that, though. VFS_INIT(9) would be best, but eventhough it
is referenced by VFS(9), it doesn't exist...
--
Pawel Jakub Dawidek http://www.wheelsystems.com
FreeBSD committer http://www.FreeBSD.org
Am I Evil? Yes, I Am! http://tupytaj.pl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-head/attachments/20120225/41765464/attachment.pgp
More information about the svn-src-head
mailing list