Date: Tue, 8 Jan 2019 21:14:36 +0100 From: Mateusz Guzik <mjguzik@gmail.com> To: "Michael W. Lucas" <mwlucas@michaelwlucas.com> Cc: jail@freebsd.org Subject: Re: enforce_statfs showing leading path Message-ID: <CAGudoHEk8JaJ_pR3QKPK2v11t=weHc_wwJMUNvgxGRGA8HCmRg@mail.gmail.com> In-Reply-To: <20190108190347.GA89234@mail.michaelwlucas.com> References: <20190108190347.GA89234@mail.michaelwlucas.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/8/19, Michael W. Lucas <mwlucas@michaelwlucas.com> wrote: > Hi, > > I'm experimenting with enforce_statfs for the jails book, and have hit > an inconsistency. Not sure if the bug should go to src or doc. Running > last week's -current. > > According to jail(8): > > When set to 1, only mount points below the jail's chroot > directory are visible. In addition to that, the path to the > jail's chroot directory is removed from the front of their > path=E2=80=90 > names. > > Seems pretty clear that I shouldn't see anything other than > > # jls -h name enforce_statfs > ... > ioc-www1 1 > > So, as I read it, the jail's chroot directory should be stripped down > to /. But inside the jail: > > root@www1:~ # mount > iocage/iocage/jails/www1/root on / (zfs, local, nfsv4acls) > devfs on /dev (devfs, local, multilabel) > fdescfs on /dev/fd (fdescfs) > > I see the jail's chroot directory. > > This seems to contradict the man page, unless I'm misunderstanding. > > Is this a software bug? A ZFS thing? A doc bug? Or am I just an idiot? > > Also, should this path be stripped when enforce_statfs is set to 1 *or > above*? Or is this strictly when set to 1? If I'm filing a bug, it > might as well be complete... > The "path" you are seeing is dataset name, which you made to resemble the mount point. Whether full dataset name should be exposed or not is a very different question, does illumos do it? Worst case it should be trivial to add a sysctl to just obfuscate the name. --=20 Mateusz Guzik <mjguzik gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGudoHEk8JaJ_pR3QKPK2v11t=weHc_wwJMUNvgxGRGA8HCmRg>