diff options
| author | Jamie Gritton <jamie@FreeBSD.org> | 2018-05-04 20:54:27 +0000 |
|---|---|---|
| committer | Jamie Gritton <jamie@FreeBSD.org> | 2018-05-04 20:54:27 +0000 |
| commit | 0e5c6bd43646821dc676a6db03b7175f2668ec88 (patch) | |
| tree | 3ababcca953402d6c1fa7ca587685de9a95cbdf6 /sys/fs/nullfs | |
| parent | d55f0e89c807d794d9e2b5b75301f42da4d3da1f (diff) | |
| download | src-0e5c6bd43646821dc676a6db03b7175f2668ec88.tar.gz src-0e5c6bd43646821dc676a6db03b7175f2668ec88.zip | |
Make it easier for filesystems to count themselves as jail-enabled,
by doing most of the work in a new function prison_add_vfs in kern_jail.c
Now a jail-enabled filesystem need only mark itself with VFCF_JAIL, and
the rest is taken care of. This includes adding a jail parameter like
allow.mount.foofs, and a sysctl like security.jail.mount_foofs_allowed.
Both of these used to be a static list of known filesystems, with
predefined permission bits.
Reviewed by: kib
Differential Revision: D14681
Notes
Notes:
svn path=/head/; revision=333263
Diffstat (limited to 'sys/fs/nullfs')
| -rw-r--r-- | sys/fs/nullfs/null_vfsops.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/sys/fs/nullfs/null_vfsops.c b/sys/fs/nullfs/null_vfsops.c index 4def1cf522b4..8ea7b07575bf 100644 --- a/sys/fs/nullfs/null_vfsops.c +++ b/sys/fs/nullfs/null_vfsops.c @@ -78,15 +78,12 @@ nullfs_mount(struct mount *mp) struct vnode *lowerrootvp, *vp; struct vnode *nullm_rootvp; struct null_mount *xmp; - struct thread *td = curthread; char *target; int isvnunlocked = 0, len; struct nameidata nd, *ndp = &nd; NULLFSDEBUG("nullfs_mount(mp = %p)\n", (void *)mp); - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_NULLFS)) - return (EPERM); if (mp->mnt_flag & MNT_ROOTFS) return (EOPNOTSUPP); |