Date: Thu, 14 Feb 2013 14:27:15 +0100 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Jamie Gritton <jamie@FreeBSD.org> Cc: fs@FreeBSD.org Subject: Re: Marking some FS as jailable Message-ID: <20130214132715.GG44004@ithaqua.etoilebsd.net> In-Reply-To: <511B1F55.3080500@FreeBSD.org> References: <20130212194047.GE12760@ithaqua.etoilebsd.net> <511B1F55.3080500@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--/Zw+/jwnNHcBRYYu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Feb 12, 2013 at 10:06:29PM -0700, Jamie Gritton wrote:
> On 02/12/13 12:40, Baptiste Daroussin wrote:
> > Hi,
> >
> > I would like to mark some filesystem as jailable, here is the one I nee=
d:
> > linprocfs, tmpfs and fdescfs, I was planning to do it with adding a
> > allow.mount.${fs} for each one.
> >
> > Anyone has an objection?
> >
> > regards,
> > Bapt
>=20
> Would it make sense for linprocfs to use the existing allow.mount.procfs
> flag?
Here is a patch that uses allow.mount.procfs for linsysfs and linprocfs.
It also addd a new allow.mount.tmpfs to allow tmpfs.
It seems to work here, can anyone confirm this is the right way to do it?
I'll commit in 2 parts: first lin*fs, second tmpfs related things
http://people.freebsd.org/~bapt/jail-fs.diff
regards,
Bapt
--/Zw+/jwnNHcBRYYu
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
iEYEARECAAYFAlEc5jIACgkQ8kTtMUmk6EyC2ACfWk8tYvAnJyD4XG9+4lHrCvRr
LMoAnR4PQwxYOAknOa8tL368YlftWXaf
=RkRX
-----END PGP SIGNATURE-----
--/Zw+/jwnNHcBRYYu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130214132715.GG44004>