From 5068c36d73213818f0155f06d77db3434d076df5 Mon Sep 17 00:00:00 2001 From: Christopher Hall Date: Fri, 24 Nov 2023 01:44:48 +0800 Subject: [PATCH] support allow_mount_linprocfs (#1211) needs so nested jails can use linprocfs e.g., for poudriere in a jail Signed-off-by: Christopher Hall --- iocage.8 | 12 +++++++++++- iocage_lib/ioc_json.py | 2 ++ iocage_lib/ioc_start.py | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/iocage.8 b/iocage.8 index b7a54a37..9981ae7c 100644 --- a/iocage.8 +++ b/iocage.8 @@ -1074,7 +1074,7 @@ Only applies when and .Ql assign_localhost=1 . Assign the jail localhost IP address to a custom IP address instead -of the first available +of the first available .Dq 127.0.0.# address. .Nm @@ -1688,6 +1688,16 @@ Default: 0 .Pp Source: .Xr jail 8 +.It Pf allow_mount_linprocfs= Op 1 | 0 +Allow privileged users inside the jail to mount and unmount the linprocfs +file system. +This permission is effective only together with allow.mount and if +enforce_statfs is set to a value lower than 2. +.Pp +Default: 0 +.Pp +Source: +.Xr jail 8 .It Pf allow_mount_tmpfs= Op 1 | 0 Allow privileged users inside the jail to mount and unmount the tmpfs file system. diff --git a/iocage_lib/ioc_json.py b/iocage_lib/ioc_json.py index 6adf75fd..e4c90542 100644 --- a/iocage_lib/ioc_json.py +++ b/iocage_lib/ioc_json.py @@ -1172,6 +1172,7 @@ def retrieve_default_props(): 'allow_mount_fusefs': 0, 'allow_mount_nullfs': 0, 'allow_mount_procfs': 0, + 'allow_mount_linprocfs': 0, 'allow_mount_tmpfs': 0, 'allow_mount_zfs': 0, 'allow_quotas': 0, @@ -2093,6 +2094,7 @@ def json_check_prop(self, key, value, conf, default=False): "allow_mount_fusefs": truth_variations, "allow_mount_nullfs": truth_variations, "allow_mount_procfs": truth_variations, + "allow_mount_linprocfs": truth_variations, "allow_mount_tmpfs": truth_variations, "allow_mount_zfs": truth_variations, "allow_quotas": truth_variations, diff --git a/iocage_lib/ioc_start.py b/iocage_lib/ioc_start.py index 614c428b..a1c16568 100644 --- a/iocage_lib/ioc_start.py +++ b/iocage_lib/ioc_start.py @@ -141,6 +141,7 @@ def __start_jail__(self): allow_mount_fusefs = self.conf["allow_mount_fusefs"] allow_mount_nullfs = self.conf["allow_mount_nullfs"] allow_mount_procfs = self.conf["allow_mount_procfs"] + allow_mount_linprocfs = self.conf["allow_mount_linprocfs"] allow_mount_tmpfs = self.conf["allow_mount_tmpfs"] allow_mount_zfs = self.conf["allow_mount_zfs"] allow_quotas = self.conf["allow_quotas"] @@ -556,6 +557,7 @@ def __start_jail__(self): f"allow.mount.devfs={allow_mount_devfs}", f"allow.mount.nullfs={allow_mount_nullfs}", f"allow.mount.procfs={allow_mount_procfs}", + f"allow.mount.linprocfs={allow_mount_linprocfs}", f"allow.mount.zfs={allow_mount_zfs}" ]