From 896873f3f82873e43d4e331a70784c482632e1c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Gr=C3=B6nke?= Date: Thu, 10 Jan 2019 06:08:24 +0100 Subject: [PATCH 1/2] allow.vmm jail parameter --- libioc/Config/Jail/Defaults.py | 1 + libioc/Jail.py | 1 + 2 files changed, 2 insertions(+) diff --git a/libioc/Config/Jail/Defaults.py b/libioc/Config/Jail/Defaults.py index dfe379ad..e9a48d5a 100644 --- a/libioc/Config/Jail/Defaults.py +++ b/libioc/Config/Jail/Defaults.py @@ -72,6 +72,7 @@ "allow_mount_tmpfs": 0, "allow_quotas": 0, "allow_socket_af": 0, + "allow_vmm": False, "rlimits": None, "sysvmsg": "new", "sysvsem": "new", diff --git a/libioc/Jail.py b/libioc/Jail.py index 38c879c0..b75b982b 100644 --- a/libioc/Jail.py +++ b/libioc/Jail.py @@ -1700,6 +1700,7 @@ def _launch_command(self) -> typing.List[str]: f"allow.mount.zfs={self._allow_mount_zfs}", f"allow.quotas={self._get_value('allow_quotas')}", f"allow.socket_af={self._get_value('allow_socket_af')}", + f"allow.vmm={self._get_value('allow_vmm')}", f"exec.timeout={self._get_value('exec_timeout')}", f"stop.timeout={self._get_value('stop_timeout')}", f"mount.fstab={self.fstab.path}", From 00a20248d0dd7ca8ad04fa1b9bdd056d41d689d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20Gr=C3=B6nke?= Date: Thu, 10 Jan 2019 07:33:13 +0100 Subject: [PATCH 2/2] allow_vmm devfs_rules --- libioc/Jail.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libioc/Jail.py b/libioc/Jail.py index b75b982b..b9c92019 100644 --- a/libioc/Jail.py +++ b/libioc/Jail.py @@ -1628,6 +1628,11 @@ def devfs_ruleset(self) -> libioc.DevfsRules.DevfsRuleset: f"add path {current_dataset_name}/* unhide" ) + if self.config["allow_vmm"] is True: + devfs_ruleset.append("add path vmm unhide") + devfs_ruleset.append("add path vmm/* unhide") + devfs_ruleset.append("add path nmdm* unhide") + # create if the final rule combination does not exist as ruleset if devfs_ruleset not in self.host.devfs: self.logger.verbose("New devfs ruleset combination")