From owner-svn-src-all@FreeBSD.ORG Thu Feb 9 21:47:19 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 77B3D106564A; Thu, 9 Feb 2012 21:47:19 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (60.wheelsystems.com [83.12.187.60]) by mx1.freebsd.org (Postfix) with ESMTP id 1EDA38FC0C; Thu, 9 Feb 2012 21:47:18 +0000 (UTC) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) by mail.dawidek.net (Postfix) with ESMTPSA id 6FB3490B; Thu, 9 Feb 2012 22:47:16 +0100 (CET) Date: Thu, 9 Feb 2012 22:46:02 +0100 From: Pawel Jakub Dawidek To: Martin Matuska Message-ID: <20120209214601.GA1313@garage.freebsd.pl> References: <201202091039.q19Ad2aM097022@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="pf9I7BMVVzbSWLtt" Content-Disposition: inline In-Reply-To: <201202091039.q19Ad2aM097022@svn.freebsd.org> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r231269 - head/sys/fs/nullfs X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Feb 2012 21:47:19 -0000 --pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 09, 2012 at 10:39:02AM +0000, Martin Matuska wrote: > Author: mm > Date: Thu Feb 9 10:39:01 2012 > New Revision: 231269 > URL: http://svn.freebsd.org/changeset/base/231269 >=20 > Log: > Allow mounting nullfs(5) inside jails. > =20 > This is now possible thanks to r230129. > =20 > MFC after: 1 month I'd really like to know that someone actually audited nullfs to see it can be safely managed within a jail. devfs is probably even more critical - hopefully it isn't possible to make simple administrative mistake that will allow to get access to, eg. /dev/kmem from within a jail or something similar. Changes like this one, which can have serious security implications, should be really properly reviewed. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk80PpkACgkQForvXbEpPzRtUgCcDDpIn0FF81kIPQc2oc08OD0U aicAoLe+s1uqaITI8yhJXAXFM4ao5fGs =vS6O -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt--