Base: Add a note about Jails open access in the Mitigations(7) document

author: Liav A <liavalb@gmail.com> 2022-12-02 11:37:46 +0200
committer: Andrew Kaster <andrewdkaster@gmail.com> 2022-12-09 23:09:00 -0700
commit: 905becc991e66112ea89a173388006360e46bf73 (patch)
tree: 9afd6d0cc7d1af15c671425bf0344e7440e8f7ba /Base/usr
parent: d4b65f644e17923290376e782aa31d51d5fc13f5 (diff)
download: serenity-905becc991e66112ea89a173388006360e46bf73.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/Base/usr/share/man/man7/Mitigations.md b/Base/usr/share/man/man7/Mitigations.md
index 19200d764b..c2f0f33057 100644
--- a/Base/usr/share/man/man7/Mitigations.md
+++ b/Base/usr/share/man/man7/Mitigations.md
@@ -103,6 +103,8 @@ Special restrictions on filesystem also apply:
 - Read accesses is forbidden by default to all nodes in `/sys/kernel` directory, except for:
     `df`, `interrupts`, `keymap`, `memstat`, `processes`, `stats` and `uptime`.
 - Write access is forbidden to kernel variables (which are located in `/sys/kernel/variables`).
+- Open access is forbidden to all device nodes except for `/dev/full`, `/dev/null`, `/dev/zero`, `/dev/random` and various
+    other TTY/PTY devices (not including Kernel virtual consoles).
 
 It was first added in the following [commit](https://github.com/SerenityOS/serenity/commit/5e062414c11df31ed595c363990005eef00fa263),
 for kernel support, and the following commits added basic userspace utilities:
author	Liav A <liavalb@gmail.com>	2022-12-02 11:37:46 +0200
committer	Andrew Kaster <andrewdkaster@gmail.com>	2022-12-09 23:09:00 -0700
commit	905becc991e66112ea89a173388006360e46bf73 (patch)
tree	9afd6d0cc7d1af15c671425bf0344e7440e8f7ba /Base/usr
parent	d4b65f644e17923290376e782aa31d51d5fc13f5 (diff)
download	serenity-905becc991e66112ea89a173388006360e46bf73.zip