diff options
| author | Renato Botelho <renato@netgate.com> | 2016-02-24 07:51:32 -0300 |
|---|---|---|
| committer | Renato Botelho <renato@netgate.com> | 2016-02-24 07:51:32 -0300 |
| commit | b15d3cfa0625b6816b5b55df864fbda78dc2add8 (patch) | |
| tree | c384e7235e9894678587ee5782698526bdcc340e /sys/kern/kern_jail.c | |
| parent | 7c17fc70241a215de420457e10a510834441b90f (diff) | |
| parent | 008df39fd8f9ba2311709c852fa30e39bf891bcf (diff) | |
| download | FreeBSD-src-b15d3cfa0625b6816b5b55df864fbda78dc2add8.zip FreeBSD-src-b15d3cfa0625b6816b5b55df864fbda78dc2add8.tar.gz | |
Merge remote-tracking branch 'origin/stable/10' into devel
Diffstat (limited to 'sys/kern/kern_jail.c')
| -rw-r--r-- | sys/kern/kern_jail.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 42c53c0..0d52c7b 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -208,6 +208,8 @@ static char *pr_allow_names[] = { "allow.mount.procfs", "allow.mount.tmpfs", "allow.mount.fdescfs", + "allow.mount.linprocfs", + "allow.mount.linsysfs", }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -225,6 +227,8 @@ static char *pr_allow_nonames[] = { "allow.mount.noprocfs", "allow.mount.notmpfs", "allow.mount.nofdescfs", + "allow.mount.nolinprocfs", + "allow.mount.nolinsysfs", }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -4315,6 +4319,14 @@ SYSCTL_PROC(_security_jail, OID_AUTO, mount_procfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I", "Processes in jail can mount the procfs file system"); +SYSCTL_PROC(_security_jail, OID_AUTO, mount_linprocfs_allowed, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, PR_ALLOW_MOUNT_LINPROCFS, sysctl_jail_default_allow, "I", + "Processes in jail can mount the linprocfs file system"); +SYSCTL_PROC(_security_jail, OID_AUTO, mount_linsysfs_allowed, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, PR_ALLOW_MOUNT_LINSYSFS, sysctl_jail_default_allow, "I", + "Processes in jail can mount the linsysfs file system"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I", @@ -4481,6 +4493,10 @@ SYSCTL_JAIL_PARAM(_allow_mount, nullfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the nullfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the procfs file system"); +SYSCTL_JAIL_PARAM(_allow_mount, linprocfs, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may mount the linprocfs file system"); +SYSCTL_JAIL_PARAM(_allow_mount, linsysfs, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may mount the linsysfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the tmpfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, |
