From 531f4e9716c5eb3762f92ef906737d29f6be0d43 Mon Sep 17 00:00:00 2001
From: Geoffroy Desvernay <dgeo@centrale-med.fr>
Date: Fri, 14 Jun 2024 11:31:35 +0200
Subject: [PATCH] add allow_mount_linsysfs

---
 iocage.8                | 10 ++++++++++
 iocage_lib/ioc_json.py  |  9 ++++++++-
 iocage_lib/ioc_start.py |  2 ++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/iocage.8 b/iocage.8
index 9981ae7c..4e79799f 100644
--- a/iocage.8
+++ b/iocage.8
@@ -1698,6 +1698,16 @@ Default: 0
 .Pp
 Source:
 .Xr jail 8
+.It Pf allow_mount_linsysfs= Op 1 | 0
+Privileged users inside the jail will be able to mount and
+unmount the linsysfs file system. This permission is effective
+only together with allow.mount and only when enforce_statfs is
+set to a value lower than 2.
+.Pp
+Default: 0
+.Pp
+Source:
+.Xr jail 8
 .It Pf allow_mount_tmpfs= Op 1 | 0
 Allow privileged users inside the jail to mount and unmount the tmpfs
 file system.
diff --git a/iocage_lib/ioc_json.py b/iocage_lib/ioc_json.py
index 8b7a7b0c..b7dc5725 100644
--- a/iocage_lib/ioc_json.py
+++ b/iocage_lib/ioc_json.py
@@ -434,7 +434,7 @@ def __init__(self, location, checking_datasets, silent, callback):
     @staticmethod
     def get_version():
         """Sets the iocage configuration version."""
-        version = '31'
+        version = '32'
 
         return version
 
@@ -920,6 +920,10 @@ def check_config(self, conf, default=False):
         if not conf.get('allow_nfsd'):
             conf['allow_nfsd'] = 0
 
+        # Version 32 key
+        if not conf.get('allow_mount_linsysfs'):
+            conf['allow_mount_linsysfs'] = 0
+
         if not default:
             conf.update(jail_conf)
 
@@ -1181,6 +1185,7 @@ def retrieve_default_props():
             'allow_mount_nullfs': 0,
             'allow_mount_procfs': 0,
             'allow_mount_linprocfs': 0,
+            'allow_mount_linsysfs': 0,
             'allow_mount_tmpfs': 0,
             'allow_mount_zfs': 0,
             'allow_quotas': 0,
@@ -1353,6 +1358,7 @@ class IOCJson(IOCConfiguration):
         'allow_mount_devfs',
         'allow_mount_fdescfs',
         'allow_mount_linprocfs',
+        'allow_mount_linsysfs',
         'allow_mount',
         'allow_mlock',
         'allow_chflags',
@@ -2106,6 +2112,7 @@ def json_check_prop(self, key, value, conf, default=False):
             "allow_mount_nullfs": truth_variations,
             "allow_mount_procfs": truth_variations,
             "allow_mount_linprocfs": truth_variations,
+            "allow_mount_linsysfs": truth_variations,
             "allow_mount_tmpfs": truth_variations,
             "allow_mount_zfs": truth_variations,
             "allow_quotas": truth_variations,
diff --git a/iocage_lib/ioc_start.py b/iocage_lib/ioc_start.py
index b4a63f06..a58a6dc7 100644
--- a/iocage_lib/ioc_start.py
+++ b/iocage_lib/ioc_start.py
@@ -143,6 +143,7 @@ def __start_jail__(self):
         allow_mount_nullfs = self.conf["allow_mount_nullfs"]
         allow_mount_procfs = self.conf["allow_mount_procfs"]
         allow_mount_linprocfs = self.conf["allow_mount_linprocfs"]
+        allow_mount_linsysfs = self.conf["allow_mount_linsysfs"]
         allow_mount_tmpfs = self.conf["allow_mount_tmpfs"]
         allow_mount_zfs = self.conf["allow_mount_zfs"]
         allow_quotas = self.conf["allow_quotas"]
@@ -565,6 +566,7 @@ def __start_jail__(self):
             f"allow.mount.nullfs={allow_mount_nullfs}",
             f"allow.mount.procfs={allow_mount_procfs}",
             f"allow.mount.linprocfs={allow_mount_linprocfs}",
+            f"allow.mount.linsysfs={allow_mount_linsysfs}",
             f"allow.mount.zfs={allow_mount_zfs}"
         ]