Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 2 Mar 2015 21:44:55 -0800
From:      Garrett Cooper <yaneurabeya@gmail.com>
To:        Ian Lepore <ian@freebsd.org>
Cc:        "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org>, Julian Elischer <julian@freebsd.org>
Subject:   Re: svn commit: r279361 - in head: sys/kern sys/sys usr.sbin/jail
Message-ID:  <33AC77F5-8D04-475C-B14A-D7B94733E8AC@gmail.com>
In-Reply-To: <1425327800.1287.7.camel@freebsd.org>
References:  <201502271628.t1RGSurE067472@svn.freebsd.org> <54F42726.3000602@freebsd.org> <1425327800.1287.7.camel@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

> On Mar 2, 2015, at 12:23, Ian Lepore <ian@freebsd.org> wrote:
>=20
>> On Mon, 2015-03-02 at 01:02 -0800, Julian Elischer wrote:
>>> On 2/27/15 8:28 AM, Ian Lepore wrote:
>>>=20
>>>=20
>>> Log:
>>>   Allow the kern.osrelease and kern.osreldate sysctl values to be set in=
 a
>>>   jail's creation parameters.  This allows the kernel version to be reli=
ably
>>>   spoofed within the jail whether examined directly with sysctl or
>>>   indirectly with the uname -r and -K options.
>>> [..]
>>=20
>>>   There is no sanity or range checking, other than disallowing an empty
>>>   release string or a zero release date, by design.  The system
>>>   administrator is trusted to set sane values.  Setting values that are
>>>   newer than the actual running kernel will likely cause compatibility
>>>   problems.
>> I would think that you could at set time ensure that only older=20
>> releases were allowed..
>> I'm not sure what the rule would be with sub-sub-jails..  older than=20
>> parent, or older than base system..?
>=20
> I am a really really strong believer in giving administrators complete
> control of their systems.  If they want to do "something stupid" because
> it works for them, I'm not going to stop them.

Printing out a warning helps folks who are debugging issues though :)..=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33AC77F5-8D04-475C-B14A-D7B94733E8AC>