Add support for mounting devfs inside jails.

A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for mounting devfs inside jails. A value of -1 disables mounting devfs in jails, a value of zero means no restrictions. Nested jails can only have mounting devfs disabled or inherit parent's enforcement as jails are not allowed to view or manipulate devfs(8) rules. Utilizes new functions introduced in r231265. Reviewed by: jamie MFC after: 1 month
author: mm <mm@FreeBSD.org> 2012-02-09 10:22:08 +0000
committer: mm <mm@FreeBSD.org> 2012-02-09 10:22:08 +0000
commit: 1626913ed14bc2163e16ddb8e183c16020a65498 (patch)
tree: 3bd31b4e43a04f06056c6c020a90c80e37e4b08c /sys/sys
parent: bdf6c01f6dc2ef7a36886ddf75d1be91cb6d8680 (diff)
download: FreeBSD-src-1626913ed14bc2163e16ddb8e183c16020a65498.zip
FreeBSD-src-1626913ed14bc2163e16ddb8e183c16020a65498.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
index bbaf381..565efa8 100644
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -176,7 +176,8 @@ struct prison {
 	unsigned	 pr_allow;			/* (p) PR_ALLOW_* flags */
 	int		 pr_securelevel;		/* (p) securelevel */
 	int		 pr_enforce_statfs;		/* (p) statfs permission */
-	int		 pr_spare[5];
+	int		 pr_devfs_rsnum;		/* (p) devfs ruleset */
+	int		 pr_spare[4];
 	unsigned long	 pr_hostid;			/* (p) jail hostid */
 	char		 pr_name[MAXHOSTNAMELEN];	/* (p) admin jail name */
 	char		 pr_path[MAXPATHLEN];		/* (c) chroot path */
author	mm <mm@FreeBSD.org>	2012-02-09 10:22:08 +0000
committer	mm <mm@FreeBSD.org>	2012-02-09 10:22:08 +0000
commit	1626913ed14bc2163e16ddb8e183c16020a65498 (patch)
tree	3bd31b4e43a04f06056c6c020a90c80e37e4b08c /sys/sys
parent	bdf6c01f6dc2ef7a36886ddf75d1be91cb6d8680 (diff)
download	FreeBSD-src-1626913ed14bc2163e16ddb8e183c16020a65498.zip FreeBSD-src-1626913ed14bc2163e16ddb8e183c16020a65498.tar.gz