Re: Allowing tmpfs to be mounted in jail?

看板FB_security作者時間12年前 (2013/08/23 20:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串5/5 (看更多)
On Fri, Aug 23, 2013 at 12:37:32AM +0300, Konstantin Belousov wrote: > On Thu, Aug 22, 2013 at 12:15:29PM -0700, Xin Li wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > Hi, > > > > Do anybody have concerns if I would commit this? > > > > Index: sys/fs/tmpfs/tmpfs_vfsops.c > > =================================================================== > > - --- sys/fs/tmpfs/tmpfs_vfsops.c (revision 254663) > > +++ sys/fs/tmpfs/tmpfs_vfsops.c (working copy) > > @@ -420,4 +420,4 @@ struct vfsops tmpfs_vfsops = { > > .vfs_statfs = tmpfs_statfs, > > .vfs_fhtovp = tmpfs_fhtovp, > > }; > > - -VFS_SET(tmpfs_vfsops, tmpfs, 0); > > +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL); > > > > Unrestricted tmpfs mounts can easily consume all available memory, > making the host unusable. But the change is probably fine, since > we have global 'disable mount from the jail' flag. tmpfs in jail must use memory limit from rctl memoryuse, I think. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 slw. 的文章
文章代碼(AID): #1I5qx_w- (FB_security)
更多 slw. 的文章
文章代碼(AID): #1I5qx_w- (FB_security)