Restrict visibility of per-dataset kstats inside FreeBSD jails

[allanjude]

Motivation and Context

When inside a jail, visibility on datasets not "jailed" to the jail is restricted. However, it was possible to enumerate all datasets in the pool by looking at the kstats sysctl MIB.

Only the kstats corresponding to datasets that the user has visibility on are accessible now.

Sponsored-by: Bundeskriminalamt (bka.de) Sponsored-by: Klara Inc. Signed-off-by: Allan Jude [email protected]

Description

Restrict visibility on kstat system MIBs for per-dataset kstats

How Has This Been Tested?

Manually

Types of changes

• [x] Bug fix (non-breaking change which fixes an issue)
• [ ] New feature (non-breaking change which adds functionality)
• [ ] Performance enhancement (non-breaking change which improves efficiency)
• [ ] Code cleanup (non-breaking change which makes code smaller or more readable)
• [ ] Breaking change (fix or feature that would cause existing functionality to change)
• [ ] Library ABI change (libzfs, libzfs_core, libnvpair, libuutil and libzfsbootenv)
• [ ] Documentation (a change to man pages or other documentation)

Checklist:

• [ ] My code follows the OpenZFS code style requirements.
• [ ] I have updated the documentation accordingly.
• [ ] I have read the contributing document.
• [ ] I have added tests to cover my changes.
• [ ] I have run the ZFS Test Suite with this change applied.
• [x] All commit messages are properly formatted and contain Signed-off-by.