Richard L. Hamilton rlha...@smart.net wrote:
Is the implementation of hsfs therefore known to be robust
against kernel crashes due to a corrupted filesystem, or is it simply
that the demand is so high for lofi plus hsfs? What about udfs - if
one wants to use CD images, presumably one might
On Sat, Apr 24, 2010 at 12:17:02AM -0700, Richard L. Hamilton wrote:
one wants to use CD images, presumably one might want
do use DVD-ROM
images as well.
P.S. Will mounts in a non-global zone force nodev, or will
unauthorized device nodes be disabled by some other means?
Mounts are
On Sat, Apr 24, 2010 at 12:13:02AM -0700, Richard L. Hamilton wrote:
Is the implementation of hsfs therefore known to be robust
against kernel crashes due to a corrupted filesystem, or is it simply
Yes.
that the demand is so high for lofi plus hsfs? What about udfs - if
one wants to use CD
[...]
Therefore, mounts within a non-global zone are
restricted to a
given allowed list of filesystems, as described
in Section 5 and
Section 6. This applies to all mounts not just
lofi ones.
5. New vfs flag VSW_ZMOUNT
The default list of allowed filesystems is based
upon a new
On Sun, Apr 25, 2010 at 10:26:15AM -0700, Richard L. Hamilton wrote:
This seems to imply the possibility that a physical CD-ROM (at least;
perhaps even CD reader/writer) device could be assigned to a
non-global zone with reasonable safety. Has that been
considered/examined/documented?
[...]
Allowing lofi devices into non-global zones
introduces a security
issue. Some filesystems (notably UFS) are not
sufficiently protected
against corrupted or maliciously constructed
filesystem images,
which lofi allows the zone root user to modify.
This could
potentially lead to a
