unmount jail-friendly file systems from within a jail.
Precisely it grants PRIV_VFS_MOUNT, PRIV_VFS_UNMOUNT and
PRIV_VFS_MOUNT_NONUSER privileges for a jailed super-user.
It is turned off by default.
A jail-friendly file system is a file system which driver registers
itself with VFCF_JAIL flag via VFS_SET(9) API.
The lsvfs(1) command can be used to see which file systems are
jail-friendly ones.
There currently no jail-friendly file systems, ZFS will be the first one.
In the future we may consider marking file systems like nullfs as
jail-friendly.
Reviewed by: rwatson
to sockaddr ones and using svc_getrpccaller instead of svc_getcaller.
A similar patch was committed to rpc.lockd back in 2002 .
PR: bin/42004
MFC after: 1 week
the user's newly created home directory. If omitted, it's derived
from the current umask.
PR: bin/16880, bin/83253 (partially), bin/104248
MFC in: 1 month
Possibly merge or split with netstat -g.
TODO: Make !defined(INET6) clean.
TODO: Add -M/-N instead of -k.
TODO: Use sysctls instead of kvm.
Obtained from: KAME
MFC after: 2 weeks
# ls -ld /mnt/{foo,bar}
drwxr-xr-x 3 root wheel 512 Mar 16 06:56 /mnt/bar
lrwxr-xr-x 1 root wheel 3 Mar 16 12:10 /mnt/foo -> bar
# grep /mnt/foo /etc/fstab
/dev/da1 /mnt/foo ufs rw 0 0
Which means, we give symbolic link as a mount point to mount(8), but mount(8)
use realpath(3) before mounting the file systems, so we get:
# mount | grep /dev/da1
/dev/da1 on /mnt/bar (ufs, local)
Before the commit:
# snapinfo /mnt/foo
usage: snapinfo [-v] -a
snapinfo [-v] mountpoint
# snapinfo /mnt/bar
/mnt/bar/snap
This commit makes snapinfo(8) to first realpath(3) the given mount point and
now we have:
# snapinfo /mnt/foo
/mnt/bar/snap
# snapinfo /mnt/bar
/mnt/bar/snap
point path. This way we properly handle the case when file system listed
in /etc/fstab was unmounted and another file system was mounted on the
same mount point.
the acceleration algorithm. It can be used together with the '-a' flag for
regular acceleration.
PR: bin/110003
Submitted by: Oliver Fromme <olli -at- lurza.secnetix.de>
MFC after: 1 week
sockets. Instead of rejecting all unix domain connections when the
-C flag is given, allow them instead. Aragon tested an earlier
version of the patch.
PR: 109315
MFC after: 2 weeks
Tested-by: Aragon Gouveia <aragon@phat.za.net>
as crontab(5) states it can be. This is supported by all vixie-cron derived
implementations; not sure why FreeBSD was any different.
PR: bin/106442
MFC after: 2 weeks
