| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Add support to the jail framework to be able to mount linsysfs(5) and linprocfs(5).
PR: 207179
Requested by: thomas@gibfest.dk
Reviewed by: jamie, bapt
Approved by: re (gjb)
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D5390
|
|
|
|
|
|
|
| |
Fix transposed words in man page.
PR: 201752
Reviewed by: gjb
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the kern.osrelease and kern.osreldate sysctl values to be set in a
jail's creation parameters. This allows the kernel version to be reliably
spoofed within the jail whether examined directly with sysctl or
indirectly with the uname -r and -K options.
Export the new osreldate and osrelease jail parms in jail_get(2).
Fix line wrap.
|
|
|
|
|
|
|
|
|
| |
Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.
Also fix a typo while I'm at it.
PR: 197237 197066
|
|
|
|
|
|
|
| |
Add allow.mount.fdescfs jail flag.
PR: 192951
Submitted by: ruben@verweg.com
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Review pass through jail.8
Replace usage of "prison" with "jail", since that term has mostly dropped
out of use. Note once at the beginning that the "prison" term is equivalent,
but do not use it otherwise. [1]
Some grammar issues.
Some mdoc formatting fixes.
Consistently use \(em for em dashes, with spaces around it.
Avoid contractions.
Prefer ssh to telnet.
PR: 176832 [1]
|
|
|
|
|
|
|
| |
Reword an awkward option description
PR: 191726
Submitted by: yaneurabeya gmail.com
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be used in jails e.g.
ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"
r269340 will not be MFC'ed as mentioned due to the slim window and the
amount of additional commits required to support it.
Sponsored by: Multiplay
|
|
|
|
|
|
|
|
|
|
|
| |
- Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs. The mount happens just after
mount.devfs.
- rc.d/jail now displays whole error message from jail(8) when a jail
fails to start.
Approved by: re (gjb)
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
PR: 168016
Submitted by: Nobuyuki Koganemaru
Approved by: gjb
MFC after: 3 days
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| |
| | |
currently done by /etc/rc.d/jail.
MFC after: 3 months
|
| |
| |
| |
| | |
instead of a mount.devfs.ruleset pseudo-parameter.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Document the potential for jail escape.
From r224615:
Always disable mount and unmount for jails with enforce_statfs==2.
From r231267:
A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for
mounting devfs inside jails. A value of -1 disables mounting devfs in
jails, a value of zero means no restrictions. Nested jails can only
have mounting devfs disabled or inherit parent's enforcement as jails are
not allowed to view or manipulate devfs(8) rules.
From r232059:
To improve control over the use of mount(8) inside a jail(8), introduce
a new jail parameter node with the following parameters:
allow.mount.devfs:
allow mounting the devfs filesystem inside a jail
allow.mount.nullfs:
allow mounting the nullfs filesystem inside a jail
From r232186:
allow.mount.zfs:
allow mounting the zfs filesystem inside a jail
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
cleaning up to do on existing features, but this is pretty much what the
final product will look like.
|
| |
| |
| |
| |
| | |
Reported by: bz
MFC after: 1 week
|
| |
| |
| |
| |
| | |
Reviewed by: jamie
MFC after: 1 week
|
| |
| |
| |
| | |
MFC after: 1 week
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
allow.mount.zfs:
allow mounting the zfs filesystem inside a jail
This way the permssions for mounting all current VFCF_JAIL filesystems
inside a jail are controlled wia allow.mount.* jail parameters.
Update sysctl descriptions.
Update jail(8) and zfs(8) manpages.
TODO: document the connection of allow.mount.* and VFCF_JAIL for kernel
developers
MFC after: 10 days
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
a new jail parameter node with the following parameters:
allow.mount.devfs:
allow mounting the devfs filesystem inside a jail
allow.mount.nullfs:
allow mounting the nullfs filesystem inside a jail
Both parameters are disabled by default (equals the behavior before
devfs and nullfs in jails). Administrators have to explicitly allow
mounting devfs and nullfs for each jail. The value "-1" of the
devfs_ruleset parameter is removed in favor of the new allow setting.
Reviewed by: jamie
Suggested by: pjd
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for
mounting devfs inside jails. A value of -1 disables mounting devfs in
jails, a value of zero means no restrictions. Nested jails can only
have mounting devfs disabled or inherit parent's enforcement as jails are
not allowed to view or manipulate devfs(8) rules.
Utilizes new functions introduced in r231265.
Reviewed by: jamie
MFC after: 1 month
|
| |
| |
| |
| |
| |
| |
| |
| | |
A working statfs(2) is required for umount(8) in jail.
Reviewed by: pjd, kib
Approved by: re (kib)
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| | |
Pointed out by: kib
Pointy hat to: me
Approved by: re (kib, implicit)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
recommended to allow root users in the jail to access the host system.
PR: docs/156853
Submitted by: crees
Patch by: crees
Approved by: re (kib) for BETA1
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Submitted by: Vedad KAJTAZ (vedad % kajtaz net)
PR: 142341
Reviewed by: bz, rwatson
Rewording by: rwatson
Approved by: re (kensmith)
MFC after: 3 days
|
| |
| |
| |
| |
| | |
Various people voiced their concerns about these changes.
Until this is resolved, we should use the old version.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
an attacker with root access to the jail can create a setuid binary for
their own use in the host environment (if they also have this access),
thus breaking root in the host.
This exploit is impossible if the jail's files are not world-readable.
Add instructions to the man page on how to create a jail with the
correct permissions set.
PR: docs/156853
Submitted by: Chris Rees (utisoft at gmail dot com)
Reviewed by: cperciva (security parts)
MFC after: 9 days
|
|
|
|
| |
They have no effect when coming in pairs, or before .Bl/.Bd
|
|
|
|
| |
r210974.
|
|
|
|
|
|
| |
instead of explicitly requiring one of "command" or "persist".
MFC after: 3 days
|
| |
|
|
|
|
| |
Reviewed by: ru
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
whether to use source address selection (default) or the primary
jail address for unbound outgoing connections.
This is intended to be used by people upgrading from single-IP
jails to multi-IP jails but not having to change firewall rules,
application ACLs, ... but to force their connections (unless
otherwise changed) to the primry jail IP they had been used for
years, as well as for people prefering to implement similar policies.
Note that for IPv6, if configured incorrectly, this might lead to
scope violations, which single-IPv6 jails could as well, as by the
design of jails. [1]
Reviewed by: jamie, hrs (ipv6 part)
Pointed out by: hrs [1]
MFC After: 2 weeks
Asked for by: Jase Thew (bazerka beardz.net)
|
|
|
|
| |
Reviewed by: jamie
|
|
|
|
| |
Reported by: bz
|
|
|
|
|
| |
Submitted by: Jille Timmermans <jille quis cx>
MFC after: 1 week
|
|
|
|
|
|
|
|
|
| |
restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.
Approved by: re (kib), bz (mentor)
Discussed with: rwatson
|
|
|
|
| |
Approved by: re (kib), bz (mentor)
|
|
|
|
|
|
| |
parameters. This replaces the simple "allow.jails" permission.
Approved by: bz (mentor)
|
|
|
|
| |
Submitted by: richardtoohey at paradise dot net dot nz on -doc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The system hostname is now stored in prison0, and the global variable
"hostname" has been removed, as has the hostname_mtx mutex. Jails may
have their own host information, or they may inherit it from the
parent/system. The proper way to read the hostname is via
getcredhostname(), which will copy either the hostname associated with
the passed cred, or the system hostname if you pass NULL. The system
hostname can still be accessed directly (and without locking) at
prison0.pr_host, but that should be avoided where possible.
The "similar information" referred to is domainname, hostid, and
hostuuid, which have also become prison parameters and had their
associated global variables removed.
Approved by: bz (mentor)
|