svn commit: r279361 - in head: sys/kern sys/sys usr.sbin/jail

[Garrett Cooper]

> On Mar 2, 2015, at 12:23, Ian Lepore <ian at freebsd.org> wrote:
> 
>> On Mon, 2015-03-02 at 01:02 -0800, Julian Elischer wrote:
>>> On 2/27/15 8:28 AM, Ian Lepore wrote:
>>> 
>>> 
>>> Log:
>>>   Allow the kern.osrelease and kern.osreldate sysctl values to be set in a
>>>   jail's creation parameters.  This allows the kernel version to be reliably
>>>   spoofed within the jail whether examined directly with sysctl or
>>>   indirectly with the uname -r and -K options.
>>> [..]
>> 
>>>   There is no sanity or range checking, other than disallowing an empty
>>>   release string or a zero release date, by design.  The system
>>>   administrator is trusted to set sane values.  Setting values that are
>>>   newer than the actual running kernel will likely cause compatibility
>>>   problems.
>> I would think that you could at set time ensure that only older 
>> releases were allowed..
>> I'm not sure what the rule would be with sub-sub-jails..  older than 
>> parent, or older than base system..?
> 
> I am a really really strong believer in giving administrators complete
> control of their systems.  If they want to do "something stupid" because
> it works for them, I'm not going to stop them.

Printing out a warning helps folks who are debugging issues though :)..