Am 2023-08-28 13:06, schrieb Dmitry Chagin:
On Sun, Aug 27, 2023 at 09:55:23PM +0200, Felix Palmen wrote:
* Dmitry Chagin <dcha...@freebsd.org> [20230827 22:46]:
> I can fix this completely disabling exttatr for jailed proc,
> however, it's gonna be bullshit, though
Would probably be better than nothing. AFAIK, "Linux jails" are used a
lot, probably with userlands from distributions actually using xattr.
It might sense to allow this priv (PRIV_VFS_EXTATTR_SYSTEM) for linux
jails by default? What do think, James?
I think the question is more if we want to allow it in jails (not
specific to linux jails, as in: if it is ok for linux jails, it should
be ok for FreeBSD jails too). So the question is what does this protect
the hosts from, if this is not allowed in jails? Some kind of
possibility to DoS the host?
Bye,
Alexander.
--
http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF
