Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 27 Sep 2014 10:18:32 -0600
From:      James Gritton <jamie@gritton.org>
To:        freebsd-jail@freebsd.org, "freebsd-stable@FreeBSD.org Stable" <freebsd-stable@freebsd.org>
Subject:   Re: fdescfs patch for working hierarchical jails
Message-ID:  <5426E358.9070005@gritton.org>
In-Reply-To: <0CF6D1D0-0721-4395-8290-C92C91FEA45C@verweg.com>
References:  <0B3648E9-21DC-4691-A6A9-26DE2C40947B@verweg.com> <5425BE60.5020900@gritton.org> <0CF6D1D0-0721-4395-8290-C92C91FEA45C@verweg.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 9/27/2014 6:06 AM, Ruben van Staveren wrote:
> Hi James, others,
>
> On 26 Sep 2014, at 21:28, James Gritton <jamie@gritton.org> wrote:
>
>> On 9/25/2014 3:40 AM, Ruben van Staveren wrote:
>>> Hi,
>>>
>>> Could a committer have a look at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192951 ?
>>>
>>> This enables fdescfs in hierarchical jails, would be nice to have this for 10.1
>>>
>>> Thanks!
>>>
>>> Best Regards,
>>>      Ruben van Staveren
>> This would have to go into current first, and then MFC.  Considering
>> 10.1 is getting close to release, I suspect it wouldn't be allowed in.
> I agree, probably better to do it that way indeed.
>
>> Also, I'm not sure I'd want to implement this in quite the proposed
>> way: it might suffice (from a security viewpoint) to use the existing
>> allow.mount.devfs for mounting fdescfs.
> Wouldn’t that be misleading? It would be better to mop up the various pseudofses under the monicker allow.mount.pseudofs.

My thinking is that fdescfs is practically the same as what devfs
already offers - just more descriptors in /dev/fd than the basic
three.  I can't see why allowing one wouldn't be akin to allowing the
other.  In fact, I fail to understand why it was made a separate
filesystem in the first place.  Perhaps someone on the sec team will
tell me otherwise when I ask (which I ought to do before forging
ahead).

- Jamie



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5426E358.9070005>