d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Actually only protect mount-point if security.jail.enforce_statfs is set to 2.

Browse Source 
If we don't return statistics about requested file systems, system tools
may not work correctly or at all.

Approved by:	re (scottl)
This commit is contained in:
pjd 2005-06-23 22:13:29 +00:00
parent be2da9ea22
commit a99a8a69bd
4 changed files with 0 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sys/compat/linux/linux_stats.c
View File

@ -331,9 +331,6 @@ linux_ustat(struct thread *td, struct linux_ustat_args *args)
if (dev != NULL && vfinddev(dev, &vp)) {
if (vp->v_mount == NULL)
return (EINVAL);
error = prison_canseemount(td->td_ucred, vp->v_mount);
if (error)
return (error);
#ifdef MAC
error = mac_check_mount_stat(td->td_ucred, vp->v_mount);
if (error)

1
sys/kern/kern_jail.c
View File

@ -488,7 +488,6 @@ prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp)
return;
pr = cred->cr_prison;
if (prison_canseemount(cred, mp) != 0) {
/* Should never happen. */
bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
strlcpy(sp->f_mntonname, "[restricted]",
sizeof(sp->f_mntonname));

10
sys/kern/vfs_extattr.c
View File

@ -257,11 +257,6 @@ kern_statfs(struct thread *td, char *path, enum uio_seg pathseg,
sp = &mp->mnt_stat;
NDFREE(&nd, NDF_ONLY_PNBUF);
vrele(nd.ni_vp);
error = prison_canseemount(td->td_ucred, mp);
if (error) {
mtx_unlock(&Giant);
return (error);
}
#ifdef MAC
error = mac_check_mount_stat(td->td_ucred, mp);
if (error) {
@ -335,11 +330,6 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
mtx_unlock(&Giant);
return (EBADF);
}
error = prison_canseemount(td->td_ucred, mp);
if (error) {
mtx_unlock(&Giant);
return (error);
}
#ifdef MAC
error = mac_check_mount_stat(td->td_ucred, mp);
if (error) {

10
sys/kern/vfs_syscalls.c
View File

@ -257,11 +257,6 @@ kern_statfs(struct thread *td, char *path, enum uio_seg pathseg,
sp = &mp->mnt_stat;
NDFREE(&nd, NDF_ONLY_PNBUF);
vrele(nd.ni_vp);
error = prison_canseemount(td->td_ucred, mp);
if (error) {
mtx_unlock(&Giant);
return (error);
}
#ifdef MAC
error = mac_check_mount_stat(td->td_ucred, mp);
if (error) {
@ -335,11 +330,6 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf)
mtx_unlock(&Giant);
return (EBADF);
}
error = prison_canseemount(td->td_ucred, mp);
if (error) {
mtx_unlock(&Giant);
return (error);
}
#ifdef MAC
error = mac_check_mount_stat(td->td_ucred, mp);
if (error) {