From owner-svn-src-head@FreeBSD.ORG Sat Aug 7 17:10:07 2010 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6D0B41065675; Sat, 7 Aug 2010 17:10:07 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 266098FC12; Sat, 7 Aug 2010 17:10:07 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 8120041C74D; Sat, 7 Aug 2010 19:10:06 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id f6c0UBNx1tCq; Sat, 7 Aug 2010 19:10:05 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id D451341C749; Sat, 7 Aug 2010 19:10:05 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 4C3794448EC; Sat, 7 Aug 2010 17:08:29 +0000 (UTC) Date: Sat, 7 Aug 2010 17:08:29 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Jamie Gritton In-Reply-To: <201008062204.o76M4IvZ044635@svn.freebsd.org> Message-ID: <20100807170607.S48418@maildrop.int.zabbadoz.net> References: <201008062204.o76M4IvZ044635@svn.freebsd.org> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r210974 - head/sys/kern X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Aug 2010 17:10:07 -0000 On Fri, 6 Aug 2010, Jamie Gritton wrote: > Author: jamie > Date: Fri Aug 6 22:04:18 2010 > New Revision: 210974 > URL: http://svn.freebsd.org/changeset/base/210974 > > Log: > Implicitly make a new jail persistent if it's set not to attach. I am not sure this is a good idea, especially to implement it in the kernel. This just means that if you accidentally mess up your command line you are creating jails, possibly eating further resources most likely without noticing. Lot's of foot shooting potential. What is the reason you need that? > MFC after: 3 days > > Modified: > head/sys/kern/kern_jail.c > > Modified: head/sys/kern/kern_jail.c > ============================================================================== > --- head/sys/kern/kern_jail.c Fri Aug 6 21:58:53 2010 (r210973) > +++ head/sys/kern/kern_jail.c Fri Aug 6 22:04:18 2010 (r210974) > @@ -599,6 +599,8 @@ kern_jail_set(struct thread *td, struct > vfs_flagopt(opts, pr_flag_names[fi], &pr_flags, 1 << fi); > vfs_flagopt(opts, pr_flag_nonames[fi], &ch_flags, 1 << fi); > } > + if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE) > + pr_flags |= PR_PERSIST; > ch_flags |= pr_flags; > for (fi = 0; fi < sizeof(pr_flag_jailsys) / sizeof(pr_flag_jailsys[0]); > fi++) { > @@ -628,12 +630,6 @@ kern_jail_set(struct thread *td, struct > ch_flags |= > pr_flag_jailsys[fi].new | pr_flag_jailsys[fi].disable; > } > - if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE > - && !(pr_flags & PR_PERSIST)) { > - error = EINVAL; > - vfs_opterror(opts, "new jail must persist or attach"); > - goto done_errmsg; > - } > #ifdef VIMAGE > if ((flags & JAIL_UPDATE) && (ch_flags & PR_VNET)) { > error = EINVAL; > -- Bjoern A. Zeeb This signature is about you not me.