Commit Graph

18 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
f3a8d2f93c Add security.jail.mount_allowed sysctl, which allows to mount and
unmount jail-friendly file systems from within a jail.
Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and
PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user.
It is turned off by default.

A jail-friendly file system is a file system which driver registers
itself with VFCF_JAIL flag via VFS_SET(9) API.
The lsvfs(1) command can be used to see which file systems are
jail-friendly ones.

There currently no jail-friendly file systems, ZFS will be the first one.
In the future we may consider marking file systems like nullfs as
jail-friendly.

Reviewed by:	rwatson
2007-04-05 21:03:05 +00:00
Maxime Henrion
24befda40b Add #include <sys/sysctl.h>. In my tree, mount.h includes
sysctl.h and I was depending on this namespace pollution.

Submitted by:	jake
2002-08-11 02:07:43 +00:00
Maxime Henrion
5965373e69 - Introduce a new struct xvfsconf, the userland version of struct vfsconf.
- Make getvfsbyname() take a struct xvfsconf *.
- Convert several consumers of getvfsbyname() to use struct xvfsconf.
- Correct the getvfsbyname.3 manpage.
- Create a new vfs.conflist sysctl to dump all the struct xvfsconf in the
  kernel, and rewrite getvfsbyname() to use this instead of the weird
  existing API.
- Convert some {set,get,end}vfsent() consumers to use the new vfs.conflist
  sysctl.
- Convert a vfsload() call in nfsiod.c to kldload() and remove the useless
  vfsisloadable() and endvfsent() calls.
- Add a warning printf() in vfs_sysctl() to tell people they are using
  an old userland.

After these changes, it's possible to modify struct vfsconf without
breaking the binary compatibility.  Please note that these changes don't
break this compatibility either.

When bp will have updated mount_smbfs(8) with the patch I sent him, there
will be no more consumers of the {set,get,end}vfsent(), vfsisloadable()
and vfsload() API, and I will promptly delete it.
2002-08-10 20:19:04 +00:00
David E. O'Brien
e026a48c34 Consistently use FBSDID 2002-06-30 05:25:07 +00:00
Dima Dorfman
471caa34a4 Silence warning and set WARNS=2.
Submitted by:	Mike Barcroft <mike@q9media.com>
Reviewed by:	md5(1)
2001-06-24 18:56:00 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Ruslan Ermilov
c3e53c0457 getvfsbyname() returns zero on success.
PR:		12000
Submitted by:	Anatoly A. Orehovsky <tolik@mpeks.tomsk.su>
1999-06-03 09:03:50 +00:00
Bruce Evans
0fccc7dafd Fixed anachronisms (nuked vfs type number; don't give a 1/6-baked list
of vfs flags in the man page).
1998-08-29 13:53:22 +00:00
Bruce Evans
10abc80013 Started getting rid of the compatibility cruft for the Lite1 mount()
and the pre-Lite2 vfsconf interfaces.

For lsvfs, use the new interface for getvfsbyname(), and use the
old interface for getvfsent() explicitly instead of depending on
macro hacks in <sys/mount.h>.  This is an intermediate step.
1998-01-17 16:24:27 +00:00
Philippe Charnier
176d344d18 Typo. 1997-07-23 06:48:01 +00:00
Bruce Evans
9361c5abbd Added missing #include, cleaned up #includes.
Print VFCF_UNICODE flag in the unlikely event that it is set.
1997-03-03 17:21:57 +00:00
Peter Wemm
c115df18cd Revert $FreeBSD$ to $Id$ 1997-02-22 19:58:13 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Garrett Wollman
0b11bfa164 Fix bonehead formatting error. 1995-03-16 21:43:03 +00:00
Garrett Wollman
be02aec01b Print out the new flags. 1995-03-16 20:29:11 +00:00
Garrett Wollman
f1b2407b0b Print out flags as text rather than a number. 1995-03-16 18:37:47 +00:00
Garrett Wollman
022ad531ed Fix compilation error and formatting mistake. 1994-09-22 20:21:59 +00:00
Garrett Wollman
2a136300ac Added lsvfs command to show loaded VFS modules (including statically-linked
ones).
1994-09-22 01:25:57 +00:00