From nobody Wed Sep 10 23:27:20 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cMcKh3H2tz67HHM; Wed, 10 Sep 2025 23:27:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cMcKh2tXXz3Mwx; Wed, 10 Sep 2025 23:27:20 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757546840; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZHS2Ln0DgX9Hqkleugqg1oE2fYA8hBrGw2grSjPRpIs=; b=l6NFotiwyaGUs59jo/vLrBukuWx3l3NDBnUPIjO5EE5Exr5SnqAytuKXOBIW1hjn8pub0W C+DtMyJ1weXz7yDN2McMkUVoan/F5QZZNAsq4KOZf0YplwqlrtkjRxl8OC9uo2a2QjKYav BXKYQzUgDHR/AqpnMhM2fHrTY6rG9XyqcFqAel/7IOyr69kSzk14MEoFhdwlI3X9P10GcU tC0aTolzZQlRCis3vaERKUTQz6Qi0JrveiT57RPDXaBTWzn5w5FSVOtFutKxVlW24HV1O2 WYQ7CG/gTZDeeyWSdkiqe0pycnjeBqznaMLHq+7pxGR2CZh61dM5PuhCx7JeXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757546840; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZHS2Ln0DgX9Hqkleugqg1oE2fYA8hBrGw2grSjPRpIs=; b=tzUyLak7D3Qwsfyw/9H8vqLbGtxJTDYA5QM4oHrzc0MJWc+NSmk4Q8JsDmMTrK4gVT17wC 34mraCd+tnUBC4ziIZLPNQ0JDYaYSVSPFe3mWTVem18M1NAzBcur1aAkORZC0t31zwaeaC qO4WuV0jLVSTwyF2IokbSJxPGckIUokI8/9sn0C6sA7POlZtpPW/7WBuMN/PlWNP/cnf6e c9P8O5nodT2VckoO6D6ayWTnNDugv1GMdIBYQx+4MReS02urTh5bDicyB+PDBBuxsh/ONO 0QLNawQXSqEc55c2rfeUIcKuhb+QC+uSU43Fm2iI6O8D988+soDQeyeI2pXRsQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1757546840; a=rsa-sha256; cv=none; b=PY26WGyVxEBS6uFIBJ2nqpXJDnOBfYnYNirbCaXn2A+IpLg8CxE3C5WnWRfP1pIctu8avM P5oQbahfbOydQmcJsQVHVo+MT8JpX70IWlA8JL+v3zVfTta8cuDBkX0T3h/cAPgbSyeepu 5BTcOW+h22i1G9B4kF8Q3Y7XbAJf+NKwGSmFQyprwcevIIvvBlKU0nTUKjRUR4IzMKh3R6 L4r3nG6DrMjqoAx3T+Fr2HPilWP5c4ITazKe6rY/s0eJ6gRrvw8sipZlZ9JrI8Op05b2Jl yGCIjurnkULuI0D+kMOvnmeazn2FwcD7SDlTUze2UWyhnYAxLVUsNRAU+1h3Uw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cMcKh2GClzjdm; Wed, 10 Sep 2025 23:27:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58ANRKst096697; Wed, 10 Sep 2025 23:27:20 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58ANRKgT096694; Wed, 10 Sep 2025 23:27:20 GMT (envelope-from git) Date: Wed, 10 Sep 2025 23:27:20 GMT Message-Id: <202509102327.58ANRKgT096694@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jamie Gritton Subject: git: d81b337d690c - main - jaildesc: remove file-mode-based access controls List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jamie X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d81b337d690c971d60c731494795ee4b81fb929e Auto-Submitted: auto-generated The branch main has been updated by jamie: URL: https://cgit.FreeBSD.org/src/commit/?id=d81b337d690c971d60c731494795ee4b81fb929e commit d81b337d690c971d60c731494795ee4b81fb929e Author: Jamie Gritton AuthorDate: 2025-09-10 23:21:11 +0000 Commit: Jamie Gritton CommitDate: 2025-09-10 23:21:11 +0000 jaildesc: remove file-mode-based access controls Jail descriptors were given a file-like mode, user, and group, for the purpose of controlling how the descriptor may be used. This is too far removed from the file paradigm to make sense. Remove it in favor of a better access control method to be added, such as Capsicum. Also add missing code in jaildesc_fill_kinfo. Reported by: crest at rlwinm.de, kib MFC after: 3 days --- lib/libsys/jail.2 | 67 ------------------------------ sys/kern/kern_jail.c | 72 ++++---------------------------- sys/kern/kern_jaildesc.c | 106 +++++++++++------------------------------------ sys/sys/jaildesc.h | 8 ++-- 4 files changed, 36 insertions(+), 217 deletions(-) diff --git a/lib/libsys/jail.2 b/lib/libsys/jail.2 index a2640071d1f0..d3f871608c1d 100644 --- a/lib/libsys/jail.2 +++ b/lib/libsys/jail.2 @@ -340,31 +340,6 @@ work the same as and .Fn jail_remove , except that they operate on the jail referred to by the passed descriptor. -.Pp -Jail operations via descriptors can be done by processes that do not -normally have permission to see or affect the jail, -as long as they are allowed by the file permissions of the jail -descriptor itself. -These permissions can be changed by the descriptor owner via -.Xr fchmod 2 -and -.Xr fchown 2 . -.Fn jail_get -requires read permission, -.Fn jail_set -and -.Fn jail_remove -require write permission, -and -.Fn jail_attach -requires execute permission. -Also, use of a descriptor with the -.Dv JAIL_AT_DESC -flag requires execute permission. -An owning descriptor is identified by the -.Em sticky bit , -which may also be changed via -.Xr fchmod 2 . .Sh RETURN VALUES If successful, .Fn jail , @@ -402,22 +377,6 @@ The system call will fail if: .Bl -tag -width Er -.It Bq Er EACCES -Write permission is denied on the jail descriptor in the -.Va desc -parameter, -and the -.Dv JAIL_USE_DESC -flag was set. -.It Bq Er EACCES -Execute permission is denied on the jail descriptor in the -.Va desc -parameter, -and either the -.Dv JAIL_AT_DESC -or -.Dv JAIL_ATTACH -flag was set. .It Bq Er EPERM This process is not allowed to create a jail, either because it is not the super-user, or because it would exceed the jail's @@ -505,24 +464,6 @@ The system call will fail if: .Bl -tag -width Er -.It Bq Er EACCES -Read permission is denied on the jail descriptor in the -.Va desc -parameter, -and the -.Dv JAIL_USE_DESC -flag was set. -.It Bq Er EACCES -Execute permission is denied on the jail descriptor in the -.Va desc -parameter, -and the -.Dv JAIL_AT_DESC -flag was set. -.It Bq Er EFAULT -.Fa Iov , -or one of the addresses contained within it, -points to an address outside the allocated address space of the process. .It Bq Er ENOENT The jail referred to by a .Va jid @@ -597,14 +538,6 @@ will fail if: The .Fa fd argument is not a valid jail descriptor. -.It Bq Er EACCES -Permission is denied on the jail descriptor -.Po -execute permission for -.Fn jail_attach_fd , -or write permission for -.Fn jail_remove_fd -.Pc . .It Bq Er EPERM The jail descriptor was created by a user other than the super-user. .It Bq Er EINVAL diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 51a8b5cc0465..3d18b03119ff 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -991,7 +991,6 @@ int kern_jail_set(struct thread *td, struct uio *optuio, int flags) { struct file *jfp_out; - struct jaildesc *desc_in; struct nameidata nd; #ifdef INET struct prison_ip *ip4; @@ -1095,24 +1094,13 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) * descriptor's prison. */ prison_free(mypr); - error = jaildesc_find(td, jfd_in, &desc_in, &mypr, - NULL); + error = jaildesc_find(td, jfd_in, &mypr, NULL); if (error != 0) { vfs_opterror(opts, error == ENOENT ? "descriptor to dead jail" : "not a jail descriptor"); goto done_errmsg; } - /* - * Check file permissions using the current - * credentials, and operation permissions - * using the descriptor's credentials. - */ - error = vaccess(VREG, desc_in->jd_mode, desc_in->jd_uid, - desc_in->jd_gid, VEXEC, td->td_ucred); - JAILDESC_UNLOCK(desc_in); - if (error != 0) - goto done_free; if ((flags & JAIL_CREATE) && mypr->pr_childmax == 0) { error = EPERM; goto done_free; @@ -1516,7 +1504,7 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) } if (flags & JAIL_USE_DESC) { /* Get the jail from its descriptor. */ - error = jaildesc_find(td, jfd_in, &desc_in, &pr, &jdcred); + error = jaildesc_find(td, jfd_in, &pr, &jdcred); if (error) { vfs_opterror(opts, error == ENOENT ? "descriptor to dead jail" : @@ -1524,19 +1512,7 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) goto done_deref; } drflags |= PD_DEREF; - /* - * Check file permissions using the current credentials, - * and operation permissions using the descriptor's - * credentials. - */ - error = vaccess(VREG, desc_in->jd_mode, desc_in->jd_uid, - desc_in->jd_gid, VWRITE, td->td_ucred); - if (error == 0 && (flags & JAIL_ATTACH)) - error = vaccess(VREG, desc_in->jd_mode, desc_in->jd_uid, - desc_in->jd_gid, VEXEC, td->td_ucred); - JAILDESC_UNLOCK(desc_in); - if (error == 0) - error = priv_check_cred(jdcred, PRIV_JAIL_SET); + error = priv_check_cred(jdcred, PRIV_JAIL_SET); if (error == 0 && (flags & JAIL_ATTACH)) error = priv_check_cred(jdcred, PRIV_JAIL_ATTACH); crfree(jdcred); @@ -2500,7 +2476,6 @@ kern_jail_get(struct thread *td, struct uio *optuio, int flags) { struct bool_flags *bf; struct file *jfp_out; - struct jaildesc *desc_in; struct jailsys_flags *jsf; struct prison *pr, *mypr; struct vfsopt *opt; @@ -2547,7 +2522,7 @@ kern_jail_get(struct thread *td, struct uio *optuio, int flags) } if (flags & JAIL_USE_DESC) { /* Get the jail from its descriptor. */ - error = jaildesc_find(td, jfd_in, &desc_in, &pr, NULL); + error = jaildesc_find(td, jfd_in, &pr, NULL); if (error) { vfs_opterror(opts, error == ENOENT ? "descriptor to dead jail" : @@ -2555,11 +2530,6 @@ kern_jail_get(struct thread *td, struct uio *optuio, int flags) goto done; } drflags |= PD_DEREF; - error = vaccess(VREG, desc_in->jd_mode, desc_in->jd_uid, - desc_in->jd_gid, VREAD, td->td_ucred); - JAILDESC_UNLOCK(desc_in); - if (error != 0) - goto done; mtx_lock(&pr->pr_mtx); drflags |= PD_LOCKED; if (!(prison_isalive(pr) || (flags & JAIL_DYING))) { @@ -2573,19 +2543,13 @@ kern_jail_get(struct thread *td, struct uio *optuio, int flags) if (flags & JAIL_AT_DESC) { /* Look up jails based on the descriptor's prison. */ prison_free(mypr); - error = jaildesc_find(td, jfd_in, &desc_in, &mypr, - NULL); + error = jaildesc_find(td, jfd_in, &mypr, NULL); if (error != 0) { vfs_opterror(opts, error == ENOENT ? "descriptor to dead jail" : "not a jail descriptor"); goto done; } - error = vaccess(VREG, desc_in->jd_mode, desc_in->jd_uid, - desc_in->jd_gid, VEXEC, td->td_ucred); - JAILDESC_UNLOCK(desc_in); - if (error != 0) - goto done; } if (flags & (JAIL_GET_DESC | JAIL_OWN_DESC)) { /* Allocate a jail descriptor to return later. */ @@ -2916,23 +2880,14 @@ sys_jail_remove(struct thread *td, struct jail_remove_args *uap) int sys_jail_remove_jd(struct thread *td, struct jail_remove_jd_args *uap) { - struct jaildesc *jd; struct prison *pr; struct ucred *jdcred; int error; - error = jaildesc_find(td, uap->fd, &jd, &pr, &jdcred); + error = jaildesc_find(td, uap->fd, &pr, &jdcred); if (error) return (error); - /* - * Check file permissions using the current credentials, and - * operation permissions using the descriptor's credentials. - */ - error = vaccess(VREG, jd->jd_mode, jd->jd_uid, jd->jd_gid, VWRITE, - td->td_ucred); - JAILDESC_UNLOCK(jd); - if (error == 0) - error = priv_check_cred(jdcred, PRIV_JAIL_REMOVE); + error = priv_check_cred(jdcred, PRIV_JAIL_REMOVE); crfree(jdcred); if (error) { prison_free(pr); @@ -3002,26 +2957,17 @@ sys_jail_attach(struct thread *td, struct jail_attach_args *uap) int sys_jail_attach_jd(struct thread *td, struct jail_attach_jd_args *uap) { - struct jaildesc *jd; struct prison *pr; struct ucred *jdcred; int drflags, error; sx_slock(&allprison_lock); drflags = PD_LIST_SLOCKED; - error = jaildesc_find(td, uap->fd, &jd, &pr, &jdcred); + error = jaildesc_find(td, uap->fd, &pr, &jdcred); if (error) goto fail; drflags |= PD_DEREF; - /* - * Check file permissions using the current credentials, and - * operation permissions using the descriptor's credentials. - */ - error = vaccess(VREG, jd->jd_mode, jd->jd_uid, jd->jd_gid, VEXEC, - td->td_ucred); - JAILDESC_UNLOCK(jd); - if (error == 0) - error = priv_check_cred(jdcred, PRIV_JAIL_ATTACH); + error = priv_check_cred(jdcred, PRIV_JAIL_ATTACH); crfree(jdcred); if (error) goto fail; diff --git a/sys/kern/kern_jaildesc.c b/sys/kern/kern_jaildesc.c index 72e2845aaf42..c9e80f5d8941 100644 --- a/sys/kern/kern_jaildesc.c +++ b/sys/kern/kern_jaildesc.c @@ -41,14 +41,13 @@ #include #include #include +#include #include MALLOC_DEFINE(M_JAILDESC, "jaildesc", "jail descriptors"); static fo_stat_t jaildesc_stat; static fo_close_t jaildesc_close; -static fo_chmod_t jaildesc_chmod; -static fo_chown_t jaildesc_chown; static fo_fill_kinfo_t jaildesc_fill_kinfo; static fo_cmp_t jaildesc_cmp; @@ -61,8 +60,8 @@ static struct fileops jaildesc_ops = { .fo_kqfilter = invfo_kqfilter, .fo_stat = jaildesc_stat, .fo_close = jaildesc_close, - .fo_chmod = jaildesc_chmod, - .fo_chown = jaildesc_chown, + .fo_chmod = invfo_chmod, + .fo_chown = invfo_chown, .fo_sendfile = invfo_sendfile, .fo_fill_kinfo = jaildesc_fill_kinfo, .fo_cmp = jaildesc_cmp, @@ -70,13 +69,13 @@ static struct fileops jaildesc_ops = { }; /* - * Given a jail descriptor number, return the jaildesc, its prison, - * and its credential. The jaildesc will be returned locked, and - * prison and the credential will be returned held. + * Given a jail descriptor number, return its prison and/or its + * credential. They are returned held, and will need to be released + * by the caller. */ int -jaildesc_find(struct thread *td, int fd, struct jaildesc **jdp, - struct prison **prp, struct ucred **ucredp) +jaildesc_find(struct thread *td, int fd, struct prison **prp, + struct ucred **ucredp) { struct file *fp; struct jaildesc *jd; @@ -98,12 +97,11 @@ jaildesc_find(struct thread *td, int fd, struct jaildesc **jdp, JAILDESC_UNLOCK(jd); goto out; } - prison_hold(pr); - *prp = pr; - if (jdp != NULL) - *jdp = jd; - else - JAILDESC_UNLOCK(jd); + if (prp != NULL) { + prison_hold(pr); + *prp = pr; + } + JAILDESC_UNLOCK(jd); if (ucredp != NULL) *ucredp = crhold(fp->f_cred); out: @@ -122,15 +120,12 @@ jaildesc_alloc(struct thread *td, struct file **fpp, int *fdp, int owning) struct file *fp; struct jaildesc *jd; int error; - mode_t mode; if (owning) { error = priv_check(td, PRIV_JAIL_REMOVE); if (error != 0) return (error); - mode = S_ISTXT; - } else - mode = 0; + } jd = malloc(sizeof(*jd), M_JAILDESC, M_WAITOK | M_ZERO); error = falloc_caps(td, &fp, fdp, 0, NULL); if (error != 0) { @@ -140,11 +135,8 @@ jaildesc_alloc(struct thread *td, struct file **fpp, int *fdp, int owning) finit(fp, priv_check_cred(fp->f_cred, PRIV_JAIL_SET) == 0 ? FREAD | FWRITE : FREAD, DTYPE_JAILDESC, jd, &jaildesc_ops); JAILDESC_LOCK_INIT(jd); - jd->jd_uid = fp->f_cred->cr_uid; - jd->jd_gid = fp->f_cred->cr_gid; - jd->jd_mode = S_IFREG | S_IRUSR | S_IRGRP | S_IROTH | mode | - (priv_check(td, PRIV_JAIL_SET) == 0 ? S_IWUSR | S_IXUSR : 0) | - (priv_check(td, PRIV_JAIL_ATTACH) == 0 ? S_IXUSR : 0); + if (owning) + jd->jd_flags |= JDF_OWNING; *fpp = fp; return (0); } @@ -206,7 +198,7 @@ jaildesc_close(struct file *fp, struct thread *td) */ prison_hold(pr); JAILDESC_UNLOCK(jd); - if (jd->jd_mode & S_ISTXT) { + if (jd->jd_flags & JDF_OWNING) { sx_xlock(&allprison_lock); prison_lock(pr); if (jd->jd_prison != NULL) { @@ -246,10 +238,8 @@ jaildesc_stat(struct file *fp, struct stat *sb, struct ucred *active_cred) jd = fp->f_data; JAILDESC_LOCK(jd); if (jd->jd_prison != NULL) { - sb->st_ino = jd->jd_prison ? jd->jd_prison->pr_id : 0; - sb->st_uid = jd->jd_uid; - sb->st_gid = jd->jd_gid; - sb->st_mode = jd->jd_mode; + sb->st_ino = jd->jd_prison->pr_id; + sb->st_mode = S_IFREG | S_IRWXU; } else sb->st_mode = S_IFREG; JAILDESC_UNLOCK(jd); @@ -257,63 +247,15 @@ jaildesc_stat(struct file *fp, struct stat *sb, struct ucred *active_cred) } static int -jaildesc_chmod(struct file *fp, mode_t mode, struct ucred *active_cred, - struct thread *td) -{ - struct jaildesc *jd; - int error; - - /* Reject permissions that the creator doesn't have. */ - if (((mode & (S_IWUSR | S_IWGRP | S_IWOTH)) && - priv_check_cred(fp->f_cred, PRIV_JAIL_SET) != 0) || - ((mode & (S_IXUSR | S_IXGRP | S_IXOTH)) && - priv_check_cred(fp->f_cred, PRIV_JAIL_ATTACH) != 0 && - priv_check_cred(fp->f_cred, PRIV_JAIL_SET) != 0) || - ((mode & S_ISTXT) && - priv_check_cred(fp->f_cred, PRIV_JAIL_REMOVE) != 0)) - return (EPERM); - if (mode & (S_ISUID | S_ISGID)) - return (EINVAL); - jd = fp->f_data; - JAILDESC_LOCK(jd); - error = vaccess(VREG, jd->jd_mode, jd->jd_uid, jd->jd_gid, VADMIN, - active_cred); - if (error == 0) - jd->jd_mode = S_IFREG | (mode & ALLPERMS); - JAILDESC_UNLOCK(jd); - return (error); -} - -static int -jaildesc_chown(struct file *fp, uid_t uid, gid_t gid, struct ucred *active_cred, - struct thread *td) +jaildesc_fill_kinfo(struct file *fp, struct kinfo_file *kif, + struct filedesc *fdp) { struct jaildesc *jd; - int error; - error = 0; jd = fp->f_data; - JAILDESC_LOCK(jd); - if (uid == (uid_t)-1) - uid = jd->jd_uid; - if (gid == (gid_t)-1) - gid = jd->jd_gid; - if ((uid != jd->jd_uid && uid != active_cred->cr_uid) || - (gid != jd->jd_gid && !groupmember(gid, active_cred))) - error = priv_check_cred(active_cred, PRIV_VFS_CHOWN); - if (error == 0) { - jd->jd_uid = uid; - jd->jd_gid = gid; - } - JAILDESC_UNLOCK(jd); - return (error); -} - -static int -jaildesc_fill_kinfo(struct file *fp, struct kinfo_file *kif, - struct filedesc *fdp) -{ - return (EINVAL); + kif->kf_type = KF_TYPE_JAILDESC; + kif->kf_un.kf_jail.kf_jid = jd->jd_prison ? jd->jd_prison->pr_id : 0; + return (0); } static int diff --git a/sys/sys/jaildesc.h b/sys/sys/jaildesc.h index 4bed1ab3b88a..2451b04f7302 100644 --- a/sys/sys/jaildesc.h +++ b/sys/sys/jaildesc.h @@ -54,9 +54,6 @@ struct jaildesc { LIST_ENTRY(jaildesc) jd_list; /* (d,p) this prison's descs */ struct prison *jd_prison; /* (d) the prison */ struct mtx jd_lock; - uid_t jd_uid; /* (d) nominal file owner */ - gid_t jd_gid; /* (d) nominal file group */ - mode_t jd_mode; /* (d) descriptor permissions */ unsigned jd_flags; /* (d) JDF_* flags */ }; @@ -73,9 +70,10 @@ struct jaildesc { * Flags for the jd_flags field */ #define JDF_REMOVED 0x00000002 /* jail was removed */ +#define JDF_OWNING 0x00000004 /* closing descriptor removes jail */ -int jaildesc_find(struct thread *td, int fd, struct jaildesc **jdp, - struct prison **prp, struct ucred **ucredp); +int jaildesc_find(struct thread *td, int fd, struct prison **prp, + struct ucred **ucredp); int jaildesc_alloc(struct thread *td, struct file **fpp, int *fdp, int owning); void jaildesc_set_prison(struct file *jd, struct prison *pr); void jaildesc_prison_cleanup(struct prison *pr);