diff options
| author | jamie <jamie@FreeBSD.org> | 2015-01-31 17:35:53 +0000 |
|---|---|---|
| committer | jamie <jamie@FreeBSD.org> | 2015-01-31 17:35:53 +0000 |
| commit | c6bc15d7ab08f753864c67985cc70c180d9cf799 (patch) | |
| tree | a0f122f4b76eb51437a7dd525aaf7fc88d4f887f /sys/kern | |
| parent | b397ed48ffe5b08853689953cb68b4ad1dc04241 (diff) | |
| download | FreeBSD-src-c6bc15d7ab08f753864c67985cc70c180d9cf799.zip FreeBSD-src-c6bc15d7ab08f753864c67985cc70c180d9cf799.tar.gz | |
MFC r277855:
Add allow.mount.fdescfs jail flag.
PR: 192951
Submitted by: ruben@verweg.com
Diffstat (limited to 'sys/kern')
| -rw-r--r-- | sys/kern/kern_jail.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 47c68a2..54ca3ff 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -207,6 +207,7 @@ static char *pr_allow_names[] = { "allow.mount.zfs", "allow.mount.procfs", "allow.mount.tmpfs", + "allow.mount.fdescfs", }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -223,6 +224,7 @@ static char *pr_allow_nonames[] = { "allow.mount.nozfs", "allow.mount.noprocfs", "allow.mount.notmpfs", + "allow.mount.nofdescfs", }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -4231,6 +4233,10 @@ SYSCTL_PROC(_security_jail, OID_AUTO, mount_devfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_DEVFS, sysctl_jail_default_allow, "I", "Processes in jail can mount the devfs file system"); +SYSCTL_PROC(_security_jail, OID_AUTO, mount_fdescfs_allowed, + CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, PR_ALLOW_MOUNT_FDESCFS, sysctl_jail_default_allow, "I", + "Processes in jail can mount the fdescfs file system"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_nullfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_NULLFS, sysctl_jail_default_allow, "I", @@ -4391,6 +4397,8 @@ SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount/unmount jail-friendly file systems in general"); SYSCTL_JAIL_PARAM(_allow_mount, devfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the devfs file system"); +SYSCTL_JAIL_PARAM(_allow_mount, fdescfs, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may mount the fdescfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, nullfs, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount the nullfs file system"); SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, |
