diff options
author | pjd <pjd@FreeBSD.org> | 2004-05-20 05:30:16 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2004-05-20 05:30:16 +0000 |
commit | 8b1807b878e1530fdd59b4ba5961a54e19a351bf (patch) | |
tree | dd9efd019d8d1535ad16573a58386428fe0de3df /usr.sbin/jail | |
parent | 7cbfe4913ba5f2332292765d3ec72ce075341c5c (diff) | |
download | FreeBSD-src-8b1807b878e1530fdd59b4ba5961a54e19a351bf.zip FreeBSD-src-8b1807b878e1530fdd59b4ba5961a54e19a351bf.tar.gz |
Document security.jail.getfsstatroot_only sysctl.
Obtained from: rwatson's commit log
Approved by: rwatson
Diffstat (limited to 'usr.sbin/jail')
-rw-r--r-- | usr.sbin/jail/jail.8 | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 9ed0d95..96d99ae 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -416,6 +416,20 @@ with the IP address bound to the jail, regardless of whether or not the .Dv IP_HDRINCL flag has been set on the socket. +.It Va security.jail.getfsstatroot_only +This MIB entry determines whether or not processes within a jail is able +to see data for all mountpoints. +When set to 1 (default), +.Xr getfsstat 2 +system call only return (while called by jailed processes) the data for +the file system on which jail's root vnode is located. +Note: this also has the effect of hiding other mounts inside a jail, +such as +.Pa /dev , +.Pa /tmp , +and +.Pa /proc , +but errs on the side of leaking less information. .It Va security.jail.set_hostname_allowed This MIB entry determines whether or not processes within a jail are allowed to change their hostname via |