git: kernel - Disable various dev accesses for RESTRICTEDROOT environments
Matthew Dillon
dillon at crater.dragonflybsd.org
Fri Oct 13 22:36:50 PDT 2023
commit 857fcb57d0e5e7f20e3d0ef58163c718377e363e
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Fri Oct 13 21:27:30 2023 -0700
kernel - Disable various dev accesses for RESTRICTEDROOT environments
* Do not allow CAM (e.g. /dev/sg0 and so forth) to be accessed if
RESTRICTEDROOT is active. Note that RESTRICTEDROOT is automatically
set for jails.
* Restrict writes to /dev/random and /dev/urandom
* Also restrict evdev, kbd, syscons, pci, console, devctl
Summary of changes:
sys/bus/cam/scsi/scsi_cd.c | 7 +++++++
sys/bus/cam/scsi/scsi_ch.c | 7 +++++++
sys/bus/cam/scsi/scsi_da.c | 7 +++++++
sys/bus/cam/scsi/scsi_pass.c | 7 +++++++
sys/bus/cam/scsi/scsi_pt.c | 7 +++++++
sys/bus/cam/scsi/scsi_sa.c | 7 +++++++
sys/bus/cam/scsi/scsi_ses.c | 7 +++++++
sys/bus/cam/scsi/scsi_sg.c | 9 ++++++++-
sys/bus/cam/scsi/scsi_target.c | 10 ++++++++--
sys/bus/pci/pci_user.c | 7 +++++++
sys/dev/misc/evdev/cdev.c | 7 +++++++
sys/dev/misc/kbd/kbd.c | 11 ++++++++---
sys/dev/misc/syscons/syscons.c | 7 +++++++
sys/kern/kern_memio.c | 17 ++++++++++++++++-
sys/kern/subr_bus.c | 7 +++++++
sys/kern/tty_cons.c | 7 +++++++
16 files changed, 124 insertions(+), 7 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/857fcb57d0e5e7f20e3d0ef58163c718377e363e
--
DragonFly BSD source repository
More information about the Commits
mailing list