Re: fdescfs patch for working hierarchical jails
Hi James, others, On 26 Sep 2014, at 21:28, James Gritton ja...@gritton.org wrote: On 9/25/2014 3:40 AM, Ruben van Staveren wrote: Hi, Could a committer have a look at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192951 ? This enables fdescfs in hierarchical jails, would be nice to have this for 10.1 Thanks! Best Regards, Ruben van Staveren This would have to go into current first, and then MFC. Considering 10.1 is getting close to release, I suspect it wouldn't be allowed in. I agree, probably better to do it that way indeed. Also, I'm not sure I'd want to implement this in quite the proposed way: it might suffice (from a security viewpoint) to use the existing allow.mount.devfs for mounting fdescfs. Wouldn’t that be misleading? It would be better to mop up the various pseudofses under the monicker allow.mount.pseudofs. - Jamie - Ruben signature.asc Description: Message signed with OpenPGP using GPGMail
Re: fdescfs patch for working hierarchical jails
On 9/27/2014 6:06 AM, Ruben van Staveren wrote: Hi James, others, On 26 Sep 2014, at 21:28, James Gritton ja...@gritton.org wrote: On 9/25/2014 3:40 AM, Ruben van Staveren wrote: Hi, Could a committer have a look at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192951 ? This enables fdescfs in hierarchical jails, would be nice to have this for 10.1 Thanks! Best Regards, Ruben van Staveren This would have to go into current first, and then MFC. Considering 10.1 is getting close to release, I suspect it wouldn't be allowed in. I agree, probably better to do it that way indeed. Also, I'm not sure I'd want to implement this in quite the proposed way: it might suffice (from a security viewpoint) to use the existing allow.mount.devfs for mounting fdescfs. Wouldn’t that be misleading? It would be better to mop up the various pseudofses under the monicker allow.mount.pseudofs. My thinking is that fdescfs is practically the same as what devfs already offers - just more descriptors in /dev/fd than the basic three. I can't see why allowing one wouldn't be akin to allowing the other. In fact, I fail to understand why it was made a separate filesystem in the first place. Perhaps someone on the sec team will tell me otherwise when I ask (which I ought to do before forging ahead). - Jamie ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
Re: fdescfs patch for working hierarchical jails
On 9/25/2014 3:40 AM, Ruben van Staveren wrote: Hi, Could a committer have a look at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192951 ? This enables fdescfs in hierarchical jails, would be nice to have this for 10.1 Thanks! Best Regards, Ruben van Staveren This would have to go into current first, and then MFC. Considering 10.1 is getting close to release, I suspect it wouldn't be allowed in. Also, I'm not sure I'd want to implement this in quite the proposed way: it might suffice (from a security viewpoint) to use the existing allow.mount.devfs for mounting fdescfs. - Jamie ___ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to freebsd-jail-unsubscr...@freebsd.org
fdescfs patch for working hierarchical jails
Hi, Could a committer have a look at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192951 ? This enables fdescfs in hierarchical jails, would be nice to have this for 10.1 Thanks! Best Regards, Ruben van Staveren signature.asc Description: Message signed with OpenPGP using GPGMail