website/static/security/patches/SA-21:10/jail_mount.12.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

    mount: Disallow mounting over a jail root
--- sys/kern/vfs_mount.c.orig
+++ sys/kern/vfs_mount.c
@@ -844,10 +844,10 @@
 
 	/*
 	 * If the jail of the calling thread lacks permission for this type of
-	 * file system, deny immediately.
+	 * file system, or is trying to cover its own root, deny immediately.
 	 */
-	if (jailed(td->td_ucred) && !prison_allow(td->td_ucred,
-	    vfsp->vfc_prison_flag)) {
+	if (jailed(td->td_ucred) && (!prison_allow(td->td_ucred,
+	    vfsp->vfc_prison_flag) || vp == td->td_ucred->cr_prison->pr_root)) {
 		vput(vp);
 		return (EPERM);
 	}