mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 06:37:44 +00:00
Base: Add a note about Jails open access in the Mitigations(7) document
This commit is contained in:
parent
d4b65f644e
commit
905becc991
1 changed files with 2 additions and 0 deletions
|
@ -103,6 +103,8 @@ Special restrictions on filesystem also apply:
|
|||
- Read accesses is forbidden by default to all nodes in `/sys/kernel` directory, except for:
|
||||
`df`, `interrupts`, `keymap`, `memstat`, `processes`, `stats` and `uptime`.
|
||||
- Write access is forbidden to kernel variables (which are located in `/sys/kernel/variables`).
|
||||
- Open access is forbidden to all device nodes except for `/dev/full`, `/dev/null`, `/dev/zero`, `/dev/random` and various
|
||||
other TTY/PTY devices (not including Kernel virtual consoles).
|
||||
|
||||
It was first added in the following [commit](https://github.com/SerenityOS/serenity/commit/5e062414c11df31ed595c363990005eef00fa263),
|
||||
for kernel support, and the following commits added basic userspace utilities:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue