]> CyberLeo.Net >> Repos - FreeBSD/stable/9.git/commit
projects / FreeBSD / stable / 9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c8d1595) | patch
Jail-mount MFC: r231265,r231267,r231269,r232059,r232186,r232247,
authormm <mm@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Fri, 9 Mar 2012 16:17:46 +0000 (16:17 +0000)
committermm <mm@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Fri, 9 Mar 2012 16:17:46 +0000 (16:17 +0000)
commitd1d9ddc22758a9543102facd521ae6ed39fa996a
tree7fe64d00492bfff0524d76cc0d3c226d04f3f011tree | snapshot
parentc8d1595ecc915096fd652a9e0f94e587a9b18b20commit | diff
Jail-mount MFC: r231265,r231267,r231269,r232059,r232186,r232247,
r232278,r232307,r232342

MFC r231265:
Introduce the "ruleset=number" option for devfs(5) mounts.
Add support for updating the devfs mount (currently only changing the
ruleset number is supported).
Check mnt_optnew with vfs_filteropt(9).

This new option sets the specified ruleset number as the active ruleset
of the new devfs mount and applies all its rules at mount time. If the
specified ruleset doesn't exist, a new empty ruleset is created.

MFC r231267 [1]:
Add support for mounting devfs inside jails.

A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for
mounting devfs inside jails. A value of -1 disables mounting devfs in
jails, a value of zero means no restrictions. Nested jails can only
have mounting devfs disabled or inherit parent's enforcement as jails are
not allowed to view or manipulate devfs(8) rules.

Utilizes new functions introduced in r231265.

MFC r231269:
Allow mounting nullfs(5) inside jails.

This is now possible thanks to r230129.

MFC r232059 [1]:
To improve control over the use of mount(8) inside a jail(8), introduce
a new jail parameter node with the following parameters:

allow.mount.devfs:
allow mounting the devfs filesystem inside a jail

allow.mount.nullfs:
allow mounting the nullfs filesystem inside a jail

Both parameters are disabled by default (equals the behavior before
devfs and nullfs in jails). Administrators have to explicitly allow
mounting devfs and nullfs for each jail. The value "-1" of the
devfs_ruleset parameter is removed in favor of the new allow setting.

MFC r232186:
Analogous to r232059, add a parameter for the ZFS file system:

allow.mount.zfs:
allow mounting the zfs filesystem inside a jail

This way the permssions for mounting all current VFCF_JAIL filesystems
inside a jail are controlled wia allow.mount.* jail parameters.

Update sysctl descriptions.
Update jail(8) and zfs(8) manpages.

MFC r232247:
mdoc(7) stype - start new sentences on new line

MFC r232278 [1]:
Add procfs to jail-mountable filesystems.

MFC r232291:
Bump .Dd to reflect latest update

MFC r232307:
Add "export" to devfs_opts[] and return EOPNOTSUPP if called with it.
Fixes mountd warnings.

MFC r232342 (jamie) [2]:
Handle the case where a boolean parameter is also a node.

PR: bin/165515 [2]
Reviewed by: jamie [1]

git-svn-id: svn://svn.freebsd.org/base/stable/9@232728 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
15 files changed:
lib/libjail/jail.c diff | blob | history
share/man/man5/devfs.5 diff | blob | history
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c diff | blob | history
sys/compat/linprocfs/linprocfs.c diff | blob | history
sys/compat/linsysfs/linsysfs.c diff | blob | history
sys/fs/devfs/devfs.h diff | blob | history
sys/fs/devfs/devfs_rule.c diff | blob | history
sys/fs/devfs/devfs_vfsops.c diff | blob | history
sys/fs/nullfs/null_vfsops.c diff | blob | history
sys/fs/procfs/procfs.c diff | blob | history
sys/fs/pseudofs/pseudofs.h diff | blob | history
sys/kern/kern_jail.c diff | blob | history
sys/sys/jail.h diff | blob | history
sys/sys/param.h diff | blob | history
usr.sbin/jail/jail.8 diff | blob | history
9-STABLE