On Fri, 6 Aug 2010, Jamie Gritton wrote:
Author: jamie
Date: Fri Aug 6 22:04:18 2010
New Revision: 210974
URL: http://svn.freebsd.org/changeset/base/210974
Log:
Implicitly make a new jail persistent if it's set not to attach.
I am not sure this is a good idea, especially to implement it in the
kernel. This just means that if you accidentally mess up your command
line you are creating jails, possibly eating further resources most
likely without noticing. Lot's of foot shooting potential.
What is the reason you need that?
MFC after: 3 days
Modified:
head/sys/kern/kern_jail.c
Modified: head/sys/kern/kern_jail.c
==============================================================================
--- head/sys/kern/kern_jail.c Fri Aug 6 21:58:53 2010 (r210973)
+++ head/sys/kern/kern_jail.c Fri Aug 6 22:04:18 2010 (r210974)
@@ -599,6 +599,8 @@ kern_jail_set(struct thread *td, struct
vfs_flagopt(opts, pr_flag_names[fi], &pr_flags, 1 << fi);
vfs_flagopt(opts, pr_flag_nonames[fi], &ch_flags, 1 << fi);
}
+ if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE)
+ pr_flags |= PR_PERSIST;
ch_flags |= pr_flags;
for (fi = 0; fi < sizeof(pr_flag_jailsys) / sizeof(pr_flag_jailsys[0]);
fi++) {
@@ -628,12 +630,6 @@ kern_jail_set(struct thread *td, struct
ch_flags |=
pr_flag_jailsys[fi].new | pr_flag_jailsys[fi].disable;
}
- if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE
- && !(pr_flags & PR_PERSIST)) {
- error = EINVAL;
- vfs_opterror(opts, "new jail must persist or attach");
- goto done_errmsg;
- }
#ifdef VIMAGE
if ((flags & JAIL_UPDATE) && (ch_flags & PR_VNET)) {
error = EINVAL;
--
Bjoern A. Zeeb This signature is about you not me.
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
