From owner-freebsd-hackers@freebsd.org  Mon Jul  8 18:12:33 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3F0C15E5856
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Mon,  8 Jul 2019 18:12:32 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id CF74983692
 for <freebsd-hackers@FreeBSD.org>; Mon,  8 Jul 2019 18:12:31 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5])
 by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id x68ICRCm042369
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Mon, 8 Jul 2019 18:12:28 GMT (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: yuri@rawbw.com
Received: from [10.58.0.4] ([10.58.0.4])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id x68ICOel091899
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Tue, 9 Jul 2019 01:12:24 +0700 (+07)
 (envelope-from eugen@grosbein.net)
Subject: Re: What is the best way for the process to determine that it runs in
 jail?
To: Yuri <yuri@rawbw.com>, Freebsd hackers list <freebsd-hackers@FreeBSD.org>
References: <bafb7230-6e18-39d6-3ba4-ec3f7fac1cb1@rawbw.com>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <aa64d090-40c5-2e31-6ca0-e065fa8cc58a@grosbein.net>
Date: Tue, 9 Jul 2019 01:12:18 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <bafb7230-6e18-39d6-3ba4-ec3f7fac1cb1@rawbw.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM,
 SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000]
 *  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
 * -0.0 SPF_PASS SPF: sender matches SPF record
 *  2.6 LOCAL_FROM From my domains
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net
X-Rspamd-Queue-Id: CF74983692
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism
 not recognized by this client) smtp.mailfrom=eugen@grosbein.net
X-Spamd-Result: default: False [-1.69 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.995,0]; MX_INVALID(0.50)[cached];
 FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0];
 MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+];
 DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
 R_SPF_PERMFAIL(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
 NEURAL_HAM_SHORT(-0.34)[-0.344,0];
 IP_SCORE(-0.75)[ipnet: 2a01:4f8::/29(-1.95), asn: 24940(-1.79), country:
 DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 SUBJECT_ENDS_QUESTION(1.00)[];
 ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 18:12:33 -0000

07.07.2019 7:43, Yuri wrote:

> I found online that it is possible to stat the root folder and find its inode number.
> 
> The inode number is 2 when the root is on UFS, and 4 if the root is on ZFS.
> 
> This looks pretty hackish to me. Is this reliable?
> 
> Is there a better/best way?

We have check_jail subroutine in the /etc/rc.subr that is supposed to be called
with single "jailed" argument so it just checks if sysctl security.jail.jailed exists and set to 1.

We have sysctlbyname(3) function of out libc to do same in C.