upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-10 17:22:46 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

jail: add security.jail.mlock_allowed

Browse source 
when the parameter allow.mlock was added a way for jails to check
if the parameter was set or now has not been added, this change
covers it.

MFC After:	3 days
Reviewed by:	jamie@
Differential Revision:	https://reviews.freebsd.org/D43314

(cherry picked from commit 9fd978680d)
This commit is contained in:
Baptiste Daroussin 2024-01-04 15:09:44 +01:00
parent 0a586a7d75
commit d1fdafc789
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/kern/kern_jail.c
View file

@ -4393,6 +4393,10 @@ SYSCTL_PROC(_security_jail, OID_AUTO, mount_allowed,
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I",
"Processes in jail can mount/unmount jail-friendly file systems (deprecated)");
SYSCTL_PROC(_security_jail, OID_AUTO, mlock_allowed,
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
NULL, PR_ALLOW_MLOCK, sysctl_jail_default_allow, "I",
"Processes in jail can lock/unlock physical pages in memory");
static int
sysctl_jail_default_level(SYSCTL_HANDLER_ARGS)