RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 07:57:46 +00:00
Code Issues Activity Actions

Base: Add a note about Jails open access in the Mitigations(7) document

Browse source
This commit is contained in:
Liav A 2022-12-02 11:37:46 +02:00 committed by Andrew Kaster
parent d4b65f644e
commit 905becc991
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Base/usr/share/man/man7/Mitigations.md
View file

@ -103,6 +103,8 @@ Special restrictions on filesystem also apply:
- Read accesses is forbidden by default to all nodes in `/sys/kernel` directory, except for:
`df`, `interrupts`, `keymap`, `memstat`, `processes`, `stats` and `uptime`.
- Write access is forbidden to kernel variables (which are located in `/sys/kernel/variables`).
- Open access is forbidden to all device nodes except for `/dev/full`, `/dev/null`, `/dev/zero`, `/dev/random` and various
other TTY/PTY devices (not including Kernel virtual consoles).
It was first added in the following [commit](https://github.com/SerenityOS/serenity/commit/5e062414c11df31ed595c363990005eef00fa263),
for kernel support, and the following commits added basic userspace utilities: