diff options
author | mm <mm@FreeBSD.org> | 2012-02-09 10:22:08 +0000 |
---|---|---|
committer | mm <mm@FreeBSD.org> | 2012-02-09 10:22:08 +0000 |
commit | 1626913ed14bc2163e16ddb8e183c16020a65498 (patch) | |
tree | 3bd31b4e43a04f06056c6c020a90c80e37e4b08c /sys/sys | |
parent | bdf6c01f6dc2ef7a36886ddf75d1be91cb6d8680 (diff) | |
download | FreeBSD-src-1626913ed14bc2163e16ddb8e183c16020a65498.zip FreeBSD-src-1626913ed14bc2163e16ddb8e183c16020a65498.tar.gz |
Add support for mounting devfs inside jails.
A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for
mounting devfs inside jails. A value of -1 disables mounting devfs in
jails, a value of zero means no restrictions. Nested jails can only
have mounting devfs disabled or inherit parent's enforcement as jails are
not allowed to view or manipulate devfs(8) rules.
Utilizes new functions introduced in r231265.
Reviewed by: jamie
MFC after: 1 month
Diffstat (limited to 'sys/sys')
-rw-r--r-- | sys/sys/jail.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/sys/jail.h b/sys/sys/jail.h index bbaf381..565efa8 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -176,7 +176,8 @@ struct prison { unsigned pr_allow; /* (p) PR_ALLOW_* flags */ int pr_securelevel; /* (p) securelevel */ int pr_enforce_statfs; /* (p) statfs permission */ - int pr_spare[5]; + int pr_devfs_rsnum; /* (p) devfs ruleset */ + int pr_spare[4]; unsigned long pr_hostid; /* (p) jail hostid */ char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ char pr_path[MAXPATHLEN]; /* (c) chroot path */ |