From nobody Mon Aug 2 10:11:33 2021 X-Original-To: jail@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 0E81912D0428 for ; Mon, 2 Aug 2021 10:11:56 +0000 (UTC) (envelope-from freebsd@grem.de) Received: from mail.evolve.de (mail.evolve.de [213.239.217.29]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail.evolve.de", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GdYhB6ZrTz3hnk; Mon, 2 Aug 2021 10:11:51 +0000 (UTC) (envelope-from freebsd@grem.de) Received: by mail.evolve.de (OpenSMTPD) with ESMTP id 7d19cb40; Mon, 2 Aug 2021 10:11:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=grem.de; h=date:from:to:cc :subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=20180501; bh=a8fldIZJ gnAGWowAOla/r9LN8Ns=; b=OmHi+c1yY3AQDPgGqE/OX09uqtA+NZ1iJfbi9ADk o8oCgX+x/Qmr2bUAj3VOp2vMdHsEStCa0Wmld0owd9v1x+fdIdIClo51qCYXc4OM xwmpSogSKC2S9AA0Gay9JE5O69t6I44k9+w72hbpPSnMFmXLM565M8rGfdQStxm5 /YptmF0426p+kJPHRSUMHSZWq8zVMsO3jsYyQcq5Q+oEJXLBK8NP6cBWWJAb+ERw 9h/QIhVYLKCNs1/iE8o1WhVtWmFq/XCJbc1Gl8BCP/G6WB5IwNZcnQaXGFIHiuxI HpUasud67/KtsvP8a+jmEIpo9nl2lC3alDSJ8w49zAo5Uw== DomainKey-Signature: a=rsa-sha1; c=nofws; d=grem.de; h=date:from:to:cc :subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; q=dns; s=20180501; b=lM orDBYB/lY6IZOdZC40fBLNgh3xZUUMiaPSjhdx/C/bMqozGB8VS4XnHm+S20dePO X4p/v6/YCUODRCZ/uBONPULpWMrLm7UXH18dqaHInFYkr3XgPVntpM5/8T1EJ+Jk gXHHq4em3ZAr6LCsVN0q+whCiZF8ekkN8kz4vtvOz+E7DJR8Nmm0tTGmMsjQiZ8n aWlEruKeDcm4PbrpX+5gnHAhq6+L1Lsgbp4Zh5dMy+/agk87XEsqQz5AzkA7MGuc JHh/fTCGpKF+9TxouW3CPV1NKiV6ZxgkDI2uZSBQaAdmhWWWQIxTUdseERmwZ9kb Kswb9nKh9q6D+a3zyF9Q== Received: by mail.evolve.de (OpenSMTPD) with ESMTPSA id 5abea926 (TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256:256:NO); Mon, 2 Aug 2021 10:11:48 +0000 (UTC) Date: Mon, 2 Aug 2021 12:11:33 +0200 From: Michael Gmelin To: James Gritton Cc: jail@freebsd.org, Michael Gmelin Subject: Re: POSIX shared memory and dying jails Message-ID: <20210802121133.4456fb99@bsd64.grem.de> In-Reply-To: <8d9eb169d7b0072cd6f7ff00f5757842@freebsd.org> References: <20210625164100.73c71055@bsd64.grem.de> <03809b2655a40134dd802386afa6be7d@freebsd.org> <20210625185859.40fead46@bsd64.grem.de> <8d9eb169d7b0072cd6f7ff00f5757842@freebsd.org> X-Face: $wrgCtfdVw_H9WAY?S&9+/F"!41z'L$uo*WzT8miX?kZ~W~Lr5W7v?j0Sde\mwB&/ypo^}> +a'4xMc^^KroE~+v^&^#[B">soBo1y6(TW6#UZiC]o>C6`ej+i Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWJBwe5BQDl LASZU0/LTEWEfHbyj0Txi32+sKrp1Mv944X8/fm1rS+cAAAACXBIWXMAAAsTAAAL EwEAmpwYAAAAB3RJTUUH3wESCxwC7OBhbgAAACFpVFh0Q29tbWVudAAAAAAAQ3Jl YXRlZCB3aXRoIFRoZSBHSU1QbbCXAAAAAghJREFUOMu11DFvEzEUAGCfEhBVFzuq AKkLd0O6VrIQsLXVSZXoWE5N1K3DobBBA9fQpRWc8OkWouaIjedWKiyREOKs+3PY fvalCNjgLVHeF7/3bMtBzV8C/VsQ8tecEgCcDgrzjekwKZ7TwsJZd/ywEKwwP+ZM 8P3drTsAwWn2mpWuDDuYiK1bFs6De0KUUFw0tWxm+D4AIhuuvZqtyWYeO7jQ4Aea 7jUqI+ixhQoHex4WshEvSXdood7stlv4oSuFOC4tqGcr0NjEqXgV4mMJO38nld4+ xKNxRDon7khyKVqY7YR4d+Cg0OMrkWXZOM7YDkEfKiilCn1qYv4mighZiynuHHOA Wq9QJq+BIES7lMFUtcikMnkDGHUoncA+uHgrP0ctIEqfwLHzeSo+eUA66AqzwN6n 2ZHJhw6Qh/PoyC/QENyEyC/AyNjq74Bs+3UH0xYwzDUC4B97HgLocg1QLYgDDO1v f3UX9Y307Ew4AHh67YAFFsxEpkXwpXY3eIgMhAAE3R19L919nNnuD2wlPcDE3UeT L2ytEICQib9BXgS2fU8PrD82ToYO1OEmMSnYTjSqSv9wdC0tPYC+rQRQD9ESnldF CyqfmiYW+tlALt8gH2xrMdC/youbjzPXEun+/ReXsMCDyve3dZc09fn2Oas8oXGc Jj6/fOeK5UmSMPmf/jL+GD8BEj0k/Fn6IO4AAAAASUVORK5CYII= List-Id: Discussion about FreeBSD jail(8) List-Archive: https://lists.freebsd.org/archives/freebsd-jail List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-jail@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4GdYhB6ZrTz3hnk X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=grem.de header.s=20180501 header.b=OmHi+c1y; dmarc=none; spf=pass (mx1.freebsd.org: domain of freebsd@grem.de designates 213.239.217.29 as permitted sender) smtp.mailfrom=freebsd@grem.de X-Spamd-Result: default: False [-3.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[grem.de:s=20180501]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:213.239.217.29/32]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grem.de]; NEURAL_HAM_LONG(-1.00)[-1.000]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[grem.de:+]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:213.239.192.0/18, country:DE]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[jail] X-ThisMailContainsUnwantedMimeParts: N On Fri, 25 Jun 2021 20:18:39 -0700 James Gritton wrote: > On 2021-06-25 09:58, Michael Gmelin wrote: > > Another problem caused by the lack of jail ownership is that access > > semantics are a bit strange. E.g., a jail based on / can easily list > > (and remove) all memory allocations in the system, while for other > > jails > > it depends. They can stat their own allocations like in: > > > > # posixshmcontrol stat /xyz > > output as expected... > > > > But not list them: > > > > # posixshmcontrol ls > > posixshmcontrol: cannot get kern.ipc.posix_shm_list length: > > Operation not permitted > > > > Probably related to matching the path of the allocation, I didn't > > look into the code. > > That's just a case of the sysctl not being marked as jail-safe. > Looking at the code, it's clear that it needs to be altered when > called from within a jail, but preventing it is definitely not the > right thing. > > > but having something automatic in the OS would be nice. Or being > > able to run `posixshmcontrol -j shmtest ls`. Seems like this would > > be quite some effort though to get it right - also in terms of who > > can access what - right now, it's simply based on the path, which > > also gives > > a lot of flexibility. > > Since access to the shared memory segments themselves is only on file > permissions and pathnames, just making a "posixshmcontrol -j" also > rely on pathnames actually makes sense. > > Put this into a bug report, and I'll take a closer look. Probably two > different bugs for different issues (listing and automatic removal). > Hi Jamie, I *finally* found the time to write the bug reports: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257554 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257555 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=257556 I took the liberty to assign them to you. Best, Michael -- Michael Gmelin