From owner-svn-src-all@freebsd.org Fri Nov 16 17:41:52 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74B32110027E; Fri, 16 Nov 2018 17:41:52 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-lj1-f170.google.com (mail-lj1-f170.google.com [209.85.208.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A21B688BCD; Fri, 16 Nov 2018 17:41:51 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-lj1-f170.google.com with SMTP id x85-v6so21059491ljb.2; Fri, 16 Nov 2018 09:41:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ubj3Pc3E0J43qC88/jOV7RDSJxfNt1rEdCnwa4RXI7o=; b=l2gKu81udGnbhb7sb1zXOFUWjga6bymRm16l3Ijq4A+Z6dMRTnxLzciYlEpBUVoAU8 GoOsPfohDlTXcMwX0hm7leQJxEGJY7xyp2wKLGOr5/IVkKiKdUvyjqGHQ3Di8w8jKZr1 zOGpTaxME+27me/ubYOUnA0lpZ25ccAfk/nurV4Km9RDzX3/PQinvWVo/28fl3Upm47P eiBRaVkJBSpF0W8mK3wEiYUyTxHi9xvlZwPysFEfP1+dPQaaye6mpPttm6V3kvr9nV1R mC1/tDxG7Mga7LEvx8OqCVBPqwld8Vsu4jvHETDRdLj8dyfFFhuzv2kU4wn8Nx1jBB1Q Q/Gg== X-Gm-Message-State: AGRZ1gKdp6CXV3YVyEA0SuXIN0jPIeu989N1iTb4KbCKMIJ1WwjTa277 IXg6oKHDv4i5oCrN3H8JZ2oGrkL+m2KJD4X1eWUufzg+ X-Google-Smtp-Source: AJdET5eBxM9wm9AcxJV1q22ObcxazcETSeYuC0kqw36PROglOnBe1AM16cozgHM5HSpgAJIl7OEQyhfWDtERazK3wrw= X-Received: by 2002:a2e:20c3:: with SMTP id g64-v6mr7137018lji.101.1542389656982; Fri, 16 Nov 2018 09:34:16 -0800 (PST) MIME-Version: 1.0 References: <201805042054.w44KsRtc038808@repo.freebsd.org> In-Reply-To: <201805042054.w44KsRtc038808@repo.freebsd.org> From: Alan Somers Date: Fri, 16 Nov 2018 10:34:04 -0700 Message-ID: Subject: Re: svn commit: r333263 - in head: lib/libjail sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/compat/linprocfs sys/compat/linsysfs sys/fs/devfs sys/fs/fdescfs sys/fs/nullfs sys/fs/procfs sys/fs/pse... To: jamie@freebsd.org Cc: src-committers , svn-src-all , svn-src-head , ross@ross-williams.net X-Rspamd-Queue-Id: A21B688BCD X-Spamd-Result: default: False [-3.91 / 40.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[freebsd.org]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.84)[-0.839,0]; RCVD_IN_DNSWL_NONE(0.00)[170.208.85.209.list.dnswl.org : 127.0.5.0]; IP_SCORE(-1.06)[ipnet: 209.85.128.0/17(-3.41), asn: 15169(-1.82), country: US(-0.10)]; FORGED_SENDER(0.30)[asomers@freebsd.org,asomers@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[asomers@freebsd.org,asomers@gmail.com]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Server: mx1.freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Nov 2018 17:41:52 -0000 On Fri, May 4, 2018 at 2:54 PM Jamie Gritton wrote: > Author: jamie > Date: Fri May 4 20:54:27 2018 > New Revision: 333263 > URL: https://svnweb.freebsd.org/changeset/base/333263 > > Log: > Make it easier for filesystems to count themselves as jail-enabled, > by doing most of the work in a new function prison_add_vfs in kern_jail.c > Now a jail-enabled filesystem need only mark itself with VFCF_JAIL, and > the rest is taken care of. This includes adding a jail parameter like > allow.mount.foofs, and a sysctl like security.jail.mount_foofs_allowed. > Both of these used to be a static list of known filesystems, with > predefined permission bits. > > Reviewed by: kib > Differential Revision: D14681 > > Modified: > head/lib/libjail/jail.c > head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c > head/sys/compat/linprocfs/linprocfs.c > head/sys/compat/linsysfs/linsysfs.c > head/sys/fs/devfs/devfs_vfsops.c > head/sys/fs/fdescfs/fdesc_vfsops.c > head/sys/fs/nullfs/null_vfsops.c > head/sys/fs/procfs/procfs.c > head/sys/fs/pseudofs/pseudofs.h > head/sys/fs/tmpfs/tmpfs_vfsops.c > head/sys/kern/kern_jail.c > head/sys/kern/vfs_init.c > head/sys/kern/vfs_mount.c > head/sys/kern/vfs_subr.c > head/sys/sys/jail.h > head/sys/sys/mount.h > head/usr.sbin/jail/jail.8 > > Modified: head/lib/libjail/jail.c > > ============================================================================== > --- head/lib/libjail/jail.c Fri May 4 20:38:26 2018 (r333262) > +++ head/lib/libjail/jail.c Fri May 4 20:54:27 2018 (r333263) > @@ -1048,7 +1048,13 @@ kldload_param(const char *name) > else if (strcmp(name, "sysvmsg") == 0 || strcmp(name, "sysvsem") > == 0 || > strcmp(name, "sysvshm") == 0) > kl = kldload(name); > - else { > + else if (strncmp(name, "allow.mount.", 12) == 0) { > + /* Load the matching filesystem */ > + kl = kldload(name + 12); > + if (kl < 0 && errno == ENOENT && > + strncmp(name + 12, "no", 2) == 0) > + kl = kldload(name + 14); > + } else { > errno = ENOENT; > return (-1); > } > I'm curious about this part of the change. Why is it necessary to load the module in the "allow.mount.noXXXfs" case, when the jail is forbidden to mount the filesystem? It seems like that would just load modules that aren't going to be used. Additional discussion at https://github.com/iocage/iocage/issues/689 . -Alan