Date: Mon, 22 Apr 2013 09:13:52 -0600 From: Jamie Gritton <jamie@FreeBSD.org> To: Mateusz Guzik <mjguzik@gmail.com> Cc: freebsd-jail@FreeBSD.org Subject: Re: automatic garbage collection of stuff mounted (etc.) by jailed root Message-ID: <517553B0.6010602@FreeBSD.org> In-Reply-To: <20130422091711.GA3115@dft-labs.eu> References: <20130422091711.GA3115@dft-labs.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 04/22/13 03:17, Mateusz Guzik wrote: > Hello, > > This is something that imho could be done by GSoC student. > > It is possible to allow jailed root to mount various filesystems. But > once all processes are dead, mounts done by jailed root that he didn't > clean up are still hanging around. > > As time passes and more stuff gets jailable we should expect problems > like this in different subsystems. > > So I propose that someone(tm) implements a solution which cleans this > stuff during jail destruction. > > One idea how to do it: implement a list with clean up operations. Using > mount example: you add a filesystem to be cleaned up after it is > mounted, you delete it after it is unmounted. When the jail is going to > die you just traverse the list backwareds and call cleaning functions, > in this case unmounting filesystems. Maybe this is is a bad idea in the > first place and it is better to take a look at mount tree and traverse > that, I don't know, you should investigate. :) Note that the code has to > be robust in case of errors (e.g. given fs may not be unmountable > because someone from prison0 is inside). > > Again, the goal is to have jails clean up automatically after anything > jailed root was permitted to do. > > Thoughts? This already happens when jails are created using a jail.conf file. Any mounts there are unmounted as part of the jail removal process. Just recently I fixed it to properly do this unmounting in reverse order. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?517553B0.6010602>