From 7e73da14eb8410d6878c1e60cdb665d8a8c74c47 Mon Sep 17 00:00:00 2001 From: pjd Date: Thu, 5 Apr 2007 21:03:05 +0000 Subject: Add security.jail.mount_allowed sysctl, which allows to mount and unmount jail-friendly file systems from within a jail. Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user. It is turned off by default. A jail-friendly file system is a file system which driver registers itself with VFCF_JAIL flag via VFS_SET(9) API. The lsvfs(1) command can be used to see which file systems are jail-friendly ones. There currently no jail-friendly file systems, ZFS will be the first one. In the future we may consider marking file systems like nullfs as jail-friendly. Reviewed by: rwatson --- usr.bin/lsvfs/lsvfs.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'usr.bin/lsvfs/lsvfs.c') diff --git a/usr.bin/lsvfs/lsvfs.c b/usr.bin/lsvfs/lsvfs.c index 1e486d7..1f23e1c 100644 --- a/usr.bin/lsvfs/lsvfs.c +++ b/usr.bin/lsvfs/lsvfs.c @@ -105,5 +105,10 @@ fmt_flags(int flags) strcat(buf, "unicode"); } + if(flags & VFCF_JAIL) { + if(comma++) strcat(buf, ", "); + strcat(buf, "jail"); + } + return buf; } -- cgit v1.1