From nobody Thu Apr 3 19:32:12 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBhF6ZVBz5sM32; Thu, 03 Apr 2025 19:32:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBhF0773z3SRn; Thu, 03 Apr 2025 19:32:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1743708733; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2Ei5lxwUJn7V90/CIL5wltbKekV9rDztVA1PcTK2iUo=; b=HV9H5PjM3Cjx2iT/pvNHa7zg2hvngyRKgnDOTuFel0YrzpbblxDAAtWE+b/kGvMSC+aBjS RPKmMyeRsYatd/pvflKm8dPpXRWL3twQZd22GYS2J4VbULzIwiiCRnW5Uf5+MimIr4TPJ5 nGDkniRsuTMJSI7DANlTglFlNDCDNHMiFlMasIcE0oNyOjWksED9dxDiy/oLmQvCLnx5Uv yTCkJ3C/ADy/7v/TAl/AuAlyd1FH3Nh2A1r0bUgWBy7WLniUYGNzb6CGqKYXixGCTzLR2+ J6Wvx+XXaj+o6AxB+NN+uEMq3frvsNt3CMG53PXLUnIHJmoHrYR9Iw9+U3+PaQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708733; a=rsa-sha256; cv=none; b=uZ+uhnagkLVvuJPtncJ/iAbuZLG5ChgOg3lXN/nkFTRIKvrmjO8Dxb8KPd3LTFuvsAw0bV LmUKP1ysiHnArp0qVugZoGISO4T/G2WO9hf847G39AX9X/g2ujg0rm4V8wwiZMAHrFdCEt ZFJnsfWSWBXkoch22tL+TG4Xc5frNWWcydG7ullNajSmydrbRAxQ+ynVvIvmTo3Hv6hyI1 mxKSH63gDzFxdxKNgUV5vqYNrPauEdXyefhyPdrmEw4twcuZtLvTaaG5EO+uKXJOdwDYM5 BbGAwnwQmnJ7PoSuSPsLcV9Z3I5HrqaQhS/taEtev67Uy5VvvrjcsweoVi0mhA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1743708733; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2Ei5lxwUJn7V90/CIL5wltbKekV9rDztVA1PcTK2iUo=; b=eXhB2sjzYD3F4BpuF+IJx0U5Nz6AQs+OXhFw9RnbHxOcjLmw3i3TNPbni8x6hbCtfSP3mm S9pZn/6aZHKZssGZKPpZoqOhFpNFo252QjTZdLEdGpJdR0hEINJpPErFJNFmx//gAqYS7k BqrWFTcG2/yTOseWS3rGefcPUsc4lmkSZ8kcdCwjHV0NRKJtrA0tB3w4a8t6g7OQFHgHFy 0UzyCWJJhsL+zdB/TCBOv+Bz/SuJX3WEBxcDRkVUxMBmDkmEN6iv64Ge8//0QyOq/GGvtL dqiQwTuqdAAneUh6q/lvy91+cKqkrwZqijwZx7hmZ9SGJOCinMDelNVOEvQuaw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBhD6RdJzLx; Thu, 03 Apr 2025 19:32:12 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JWCY2040058; Thu, 3 Apr 2025 19:32:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JWCxW040055; Thu, 3 Apr 2025 19:32:12 GMT (envelope-from git) Date: Thu, 3 Apr 2025 19:32:12 GMT Message-Id: <202504031932.533JWCxW040055@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: bd9e3fcaa064 - stable/14 - MAC/do: Fix jail_get() (PR_METHOD_GET) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: bd9e3fcaa064779618353cb45fd03d2d5c66a804 Auto-Submitted: auto-generated The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=bd9e3fcaa064779618353cb45fd03d2d5c66a804 commit bd9e3fcaa064779618353cb45fd03d2d5c66a804 Author: Olivier Certner AuthorDate: 2024-07-03 15:22:28 +0000 Commit: Olivier Certner CommitDate: 2025-04-03 19:31:00 +0000 MAC/do: Fix jail_get() (PR_METHOD_GET) - Properly fill 'jsys' before copying it out (we would leak bytes from the kernel stack). When the current jail has its own 'struct rules', set it to the special value JAIL_SYS_DISABLE if it in fact holds no rules. - Don't forget to unlock the jail holding rules on error. - Correctly return errors. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47609 (cherry picked from commit 2a20ce91dc29e5a80f4eeb9352cf3169cd1891b9) --- sys/security/mac_do/mac_do.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 6f68a6f62a79..2482221e43a3 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -353,22 +353,28 @@ mac_do_jail_create(void *obj, void *data __unused) static int mac_do_jail_get(void *obj, void *data) { - struct prison *ppr, *pr = obj; - struct vfsoptlist *opts = data; + struct prison *ppr, *const pr = obj; + struct vfsoptlist *const opts = data; struct rules *rules; int jsys, error; rules = find_rules(pr, &ppr); + + jsys = pr == ppr ? + (TAILQ_EMPTY(&rules->head) ? JAIL_SYS_DISABLE : JAIL_SYS_NEW) : + JAIL_SYS_INHERIT; error = vfs_setopt(opts, "mac.do", &jsys, sizeof(jsys)); if (error != 0 && error != ENOENT) goto done; + error = vfs_setopts(opts, "mac.do.rules", rules->string); if (error != 0 && error != ENOENT) goto done; - prison_unlock(ppr); + error = 0; done: - return (0); + prison_unlock(ppr); + return (error); } static int