Lines 207-212
static char *pr_allow_names[] = {
Link Here
|
207 |
"allow.mount.zfs", |
207 |
"allow.mount.zfs", |
208 |
"allow.mount.procfs", |
208 |
"allow.mount.procfs", |
209 |
"allow.mount.tmpfs", |
209 |
"allow.mount.tmpfs", |
|
|
210 |
"allow.mount.fdescfs", |
210 |
}; |
211 |
}; |
211 |
const size_t pr_allow_names_size = sizeof(pr_allow_names); |
212 |
const size_t pr_allow_names_size = sizeof(pr_allow_names); |
212 |
|
213 |
|
Lines 223-228
static char *pr_allow_nonames[] = {
Link Here
|
223 |
"allow.mount.nozfs", |
224 |
"allow.mount.nozfs", |
224 |
"allow.mount.noprocfs", |
225 |
"allow.mount.noprocfs", |
225 |
"allow.mount.notmpfs", |
226 |
"allow.mount.notmpfs", |
|
|
227 |
"allow.mount.nofdescfs", |
226 |
}; |
228 |
}; |
227 |
const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); |
229 |
const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); |
228 |
|
230 |
|
Lines 4247-4252
SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed,
Link Here
|
4247 |
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, |
4249 |
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, |
4248 |
NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I", |
4250 |
NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I", |
4249 |
"Processes in jail can mount the zfs file system"); |
4251 |
"Processes in jail can mount the zfs file system"); |
|
|
4252 |
SYSCTL_PROC(_security_jail, OID_AUTO, mount_fdescfs_allowed, |
4253 |
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, |
4254 |
NULL, PR_ALLOW_MOUNT_FDESCFS, sysctl_jail_default_allow, "I", |
4255 |
"Processes in jail can mount the fdescfs file system"); |
4250 |
|
4256 |
|
4251 |
static int |
4257 |
static int |
4252 |
sysctl_jail_default_level(SYSCTL_HANDLER_ARGS) |
4258 |
sysctl_jail_default_level(SYSCTL_HANDLER_ARGS) |
Lines 4399-4404
SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW,
Link Here
|
4399 |
"B", "Jail may mount the tmpfs file system"); |
4405 |
"B", "Jail may mount the tmpfs file system"); |
4400 |
SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, |
4406 |
SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, |
4401 |
"B", "Jail may mount the zfs file system"); |
4407 |
"B", "Jail may mount the zfs file system"); |
|
|
4408 |
SYSCTL_JAIL_PARAM(_allow_mount, fdescfs, CTLTYPE_INT | CTLFLAG_RW, |
4409 |
"B", "Jail may mount the fdescfs file system"); |
4402 |
|
4410 |
|
4403 |
void |
4411 |
void |
4404 |
prison_racct_foreach(void (*callback)(struct racct *racct, |
4412 |
prison_racct_foreach(void (*callback)(struct racct *racct, |