|
ru.unix.bsd
- RU.UNIX.BSD ------------------------------------------------------------------
From : mitrohin a.s. 2:5020/400 06 Feb 2008 08:36:48
To : Eugene Grosbein
Subject : Re: jail and md mount
--------------------------------------------------------------------------------
On Mon, Feb 04, 2008 at 04:52:42PM +0300, Eugene Grosbein wrote:
> 04 фев 2008, понедельник, в 12:36 KRAT, mitrohin a.s. написал(а):
>
> mas> внутри jail не удается смонтировать md0a. mdconfig, bsdlabel
> mas> работают, mount говорит 'Operation not permitted'.
>
> [skip]
>
> mas> как-нибудь это можно обойти?
>
> Монтировать снаружи. jail-у запрещено что-либо монтировать.
>
а смысл? не отображаем в /dev чего не надо, казалось бы, ...
в общем tinybsd не может образ сделать. придется резать скрипт на
части. абыдна...
security.jail.mount_allowed
This MIB entry determines if a privileged user inside a jail will be
able to mount and unmount file system types marked as jail-friendly.
The lsvfs(1) command can be used to find file system types available
for mount from within a jail. This functionality is disabled by
default, but can be enabled by setting this MIB entry to 1.
pjd 2007-04-05 21:03:05 UTC
FreeBSD src repository
Modified files:
lib/libc/gen getvfsbyname.3
share/man/man9 VFS_SET.9
sys/kern kern_jail.c vfs_mount.c
sys/sys mount.h
usr.bin/lsvfs lsvfs.c
usr.sbin/jail jail.8
Log:
Add security.jail.mount_allowed sysctl, which allows to mount and
unmount jail-friendly file systems from within a jail.
Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and
PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user.
It is turned off by default.
A jail-friendly file system is a file system which driver registers
itself with VFCF_JAIL flag via VFS_SET(9) API.
The lsvfs(1) command can be used to see which file systems are
jail-friendly ones.
There currently no jail-friendly file systems, ZFS will be the first one.
In the future we may consider marking file systems like nullfs as
jail-friendly.
Reviewed by: rwatson
Revision Changes Path
1.17 +7 -0 src/lib/libc/gen/getvfsbyname.3
1.10 +7 -0 src/share/man/man9/VFS_SET.9
1.63 +17 -0 src/sys/kern/kern_jail.c
1.253 +7 -0 src/sys/kern/vfs_mount.c
1.224 +1 -0 src/sys/sys/mount.h
1.18 +5 -0 src/usr.bin/lsvfs/lsvfs.c
1.83 +10 -0 src/usr.sbin/jail/jail.8
http://readlist.com/lists/freebsd.org/freebsd-current/8/42451.html
на выходных буду попробовать поставить флаг VFCF_JAIL на ufs.
/swp
--- ifmail v.2.15dev5.4
* Origin: Barnaul State Pedagogical University InterNetNews site (2:5020/400)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
Re: jail and md mount |
Eugene Grosbein |
04 Feb 2008 17:52:42 |
 Re: jail and md mount |
mitrohin a.s. |
06 Feb 2008 08:36:48 |
|
|
