aboutsummaryrefslogtreecommitdiff
path: root/sys/kern/kern_jail.c
diff options
context:
space:
mode:
authorRobert Watson <rwatson@FreeBSD.org>2004-02-14 18:31:11 +0000
committerRobert Watson <rwatson@FreeBSD.org>2004-02-14 18:31:11 +0000
commitf08df373a3342d6447592b8744b177e1061b136a (patch)
tree9fffcf3b0b401139cbfcaea52b596d05f0317778 /sys/kern/kern_jail.c
parent281591449af7e344edaf22553ae9f63b9e499856 (diff)
downloadsrc-f08df373a3342d6447592b8744b177e1061b136a.tar.gz
src-f08df373a3342d6447592b8744b177e1061b136a.zip
Notes
Diffstat (limited to 'sys/kern/kern_jail.c')
-rw-r--r--sys/kern/kern_jail.c20
1 files changed, 20 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 79be2492ccc9..8d19dcb9c7b4 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -54,6 +54,11 @@ SYSCTL_INT(_security_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
&jail_sysvipc_allowed, 0,
"Processes in jail can use System V IPC primitives");
+int jail_getfsstatroot_only = 1;
+SYSCTL_INT(_security_jail, OID_AUTO, getfsstate_getfsstatroot_only, CTLFLAG_RW,
+ &jail_getfsstatroot_only, 0,
+ "Processes see only their root file system in getfsstat()");
+
/* allprison, lastprid, and prisoncount are protected by allprison_mtx. */
struct prisonlist allprison;
struct mtx allprison_mtx;
@@ -418,6 +423,21 @@ getcredhostname(struct ucred *cred, char *buf, size_t size)
strlcpy(buf, hostname, size);
}
+/*
+ * Return 1 if the passed credential can "see" the passed mountpoint
+ * when performing a getfsstat(); otherwise, 0.
+ */
+int
+prison_check_mount(struct ucred *cred, struct mount *mp)
+{
+
+ if (jail_getfsstatroot_only) {
+ if (cred->cr_prison->pr_root->v_mount != mp)
+ return (0);
+ }
+ return (1);
+}
+
static int
sysctl_jail_list(SYSCTL_HANDLER_ARGS)
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 09:24:54 +0000