diff options
author | mm <mm@FreeBSD.org> | 2012-02-29 00:30:18 +0000 |
---|---|---|
committer | mm <mm@FreeBSD.org> | 2012-02-29 00:30:18 +0000 |
commit | 77766742e1d536bb65e0b2b9b7bab06d722ccb58 (patch) | |
tree | 9e8b5829d1a16cb06fc3ca6022a02aebe8d85d25 /sys/kern/kern_jail.c | |
parent | 2db0395534d0b3319e7f923a1be5bc6410c3d006 (diff) | |
download | FreeBSD-src-77766742e1d536bb65e0b2b9b7bab06d722ccb58.zip FreeBSD-src-77766742e1d536bb65e0b2b9b7bab06d722ccb58.tar.gz |
Add procfs to jail-mountable filesystems.
Reviewed by: jamie
MFC after: 1 week
Diffstat (limited to 'sys/kern/kern_jail.c')
-rw-r--r-- | sys/kern/kern_jail.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 372e0b8..c96d271 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -204,6 +204,7 @@ static char *pr_allow_names[] = { "allow.mount.devfs", "allow.mount.nullfs", "allow.mount.zfs", + "allow.mount.procfs", }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -218,6 +219,7 @@ static char *pr_allow_nonames[] = { "allow.mount.nodevfs", "allow.mount.nonullfs", "allow.mount.nozfs", + "allow.mount.noprocfs", }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -4206,6 +4208,10 @@ SYSCTL_PROC(_security_jail, OID_AUTO, mount_nullfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_NULLFS, sysctl_jail_default_allow, "I", "Processes in jail can mount the nullfs file system"); +SYSCTL_PROC(_security_jail, OID_AUTO, mount_procfs_allowed, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I", + "Processes in jail can mount the procfs file system"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I", @@ -4356,6 +4362,8 @@ SYSCTL_JAIL_PARAM(_allow_mount, devfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the devfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, nullfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the nullfs file system"); +SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may mount the procfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the zfs file system"); |