On 27/04/10 03:41 AM, John Levon wrote:
On Mon, Apr 26, 2010 at 09:26:47PM -0700, Darren Reed wrote:
# zonecfg -z ozone
zonecfg:ozone> set fs-allowed=ufs,pcfs
Could you please expand on what is actually meant here?
Is "fs-allowed" for _filesystems_ or _types of filesystems_?
As the example makes obvious, it's for types of filesystems.
Please make the supporting documentation clear on that.
For example, how do I allow a local zone to use lofiadm to
access a ufs filesystem that is in the form of a single file
image but at the same time disallow lofiadm to present a ufs
image on a usb thumbstick or via nfs?
You cannot do that, and your assertion that there is a difference
between the two cases is wrong. Why do you think there is?
Because auto-mounting a filesystem from a USB stick implies that
the system somehow trusts the structure of the data on the USB
stick. As has been proven in the past with security exploits
relating to auto-execution of USB stick files, they are a medium
that isn't to be trusted. But that's not to say that they should
be forbidden to be used in that way inside a local zone.
If, on the other hand, I've got a set of filesystems that have
been created in the form of files and I know where they come
from, then I have greater trust that they will not cause
something bad to happen and it stands to reason that I should
be able to allow them to be used in whichever manner is required.
Whilst this case does understand that there is a threat from
badly constructed filesystems in the form of a file, it does
not enable any distinction to be made about where the file
data comes from. The origin/location of the data does impact
the level of trust that can be put in it.
For example: if I trust the data that is made available via
NFS, how do I allow UFS image files to be mounted with lofiadm
from NFS paths but not USB sticks or DVDs?
Anyway, this is really discussion about a feature that is
not present in Solaris nor is it presented by this case
and something that could possibly be done in the future.
With the documentation updated to make it clear that it is
"types of filesystems" that are used with "fs-allowed",
I have no other issues with what has been presented.
Darren
_______________________________________________
opensolaris-arc mailing list
[email protected]
