> On Mar 2, 2015, at 12:23, Ian Lepore <i...@freebsd.org> wrote: > >> On Mon, 2015-03-02 at 01:02 -0800, Julian Elischer wrote: >>> On 2/27/15 8:28 AM, Ian Lepore wrote: >>> >>> >>> Log: >>> Allow the kern.osrelease and kern.osreldate sysctl values to be set in a >>> jail's creation parameters. This allows the kernel version to be reliably >>> spoofed within the jail whether examined directly with sysctl or >>> indirectly with the uname -r and -K options. >>> [..] >> >>> There is no sanity or range checking, other than disallowing an empty >>> release string or a zero release date, by design. The system >>> administrator is trusted to set sane values. Setting values that are >>> newer than the actual running kernel will likely cause compatibility >>> problems. >> I would think that you could at set time ensure that only older >> releases were allowed.. >> I'm not sure what the rule would be with sub-sub-jails.. older than >> parent, or older than base system..? > > I am a really really strong believer in giving administrators complete > control of their systems. If they want to do "something stupid" because > it works for them, I'm not going to stop them.
Printing out a warning helps folks who are debugging issues though :).. _______________________________________________ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
