On Sun, 27 Jun 2004, Pawel Jakub Dawidek wrote: > On Sun, Jun 27, 2004 at 03:53:35PM +0000, Bjoern A. Zeeb wrote: > +> One thing that I have seen while skipping through the first time: > +> > +> could we avoid the function calls for non-jails or with > +> jail_enforce_statfs=0 ? This would make the code somewhat longer > +> as this part would be copied over multiple functions > +> > +> if (jailed(cred) && jail_enforce_statfs) { > +> /* call of the two functions */ > +> } > +> > +> (perhaps use a macro ?) but save people outside jails, w/o jails > +> or with jail_enforce_statfs=0 the function calls. > > IMHO it should stay as it is, because: > > - Some other prison_* functions do the same, i.e. check jailed(cred) > by themselfs. > - Function prison_canseemount() should be renamed some day to > cr_canseemount(), so I don't want it to be treated as jail-specific. > - Code is much cleaner. > - It doesn't save as too much CPU, really, and we don't need speed here. > > +> To answer another question: though I maybe thought/said s.th. else in > +> the past I would like to keep the sysctl global and not have it per > +> jail (if we start doing per-jail things we might really consider > +> vimages (perhaps in 6-CURRENT) but that's out of the scope of > +> this discussion). > > I agree, it shouldn't be per-jail. More than that, it should be removed > in the future to don't allow for old behaviour. I agree that the old behaviour was a bug, and the setting of the sysctl being able to show the old info is only so that people can continue to run old scripts. the several levels of security that are in one version of the script are, I think, a little too much.. I'd just like one sysctl to enable it, and after a while we swap the default, and then after a bit more time we remove it... > > -- > Pawel Jakub Dawidek http://www.FreeBSD.org > pjd_at_FreeBSD.org http://garage.freebsd.pl > FreeBSD committer Am I Evil? Yes, I Am! >Received on Sun Jun 27 2004 - 19:01:46 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:59 UTC