From owner-svn-src-all@freebsd.org Fri Nov 16 21:28:47 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D4D721104F4A; Fri, 16 Nov 2018 21:28:46 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [199.192.165.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gritton.org", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 2D1438FB3D; Fri, 16 Nov 2018 21:28:46 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org ([127.0.0.131]) by gritton.org (8.15.2/8.15.2) with ESMTP id wAGLSdbL037314; Fri, 16 Nov 2018 14:28:39 -0700 (MST) (envelope-from jamie@freebsd.org) MIME-Version: 1.0 Date: Fri, 16 Nov 2018 14:28:39 -0700 From: James Gritton To: Alan Somers Cc: src-committers , svn-src-all , svn-src-head , ross@ross-williams.net Subject: Re: svn commit: r333263 - in head: lib/libjail sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/compat/linprocfs sys/compat/linsysfs sys/fs/devfs sys/fs/fdescfs sys/fs/nullfs sys/fs/procfs sys/fs/pse... In-Reply-To: References: <201805042054.w44KsRtc038808@repo.freebsd.org> Message-ID: X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.3.6 X-Rspamd-Queue-Id: 2D1438FB3D X-Spamd-Result: default: False [-103.08 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; ALLOW_DOMAIN_WHITELIST(-100.00)[freebsd.org]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; DMARC_NA(0.00)[freebsd.org]; R_SPF_SOFTFAIL(0.00)[~all]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: mx66.freebsd.org]; NEURAL_HAM_SHORT(-0.95)[-0.955,0]; IP_SCORE(-0.02)[country: US(-0.10)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:30247, ipnet:199.192.164.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Server: mx1.freebsd.org Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Nov 2018 21:28:47 -0000 On 2018-11-16 10:34, Alan Somers wrote: > On Fri, May 4, 2018 at 2:54 PM Jamie Gritton wrote: > >> Author: jamie >> Date: Fri May 4 20:54:27 2018 >> New Revision: 333263 >> URL: https://svnweb.freebsd.org/changeset/base/333263 >> >> Log: >> Make it easier for filesystems to count themselves as jail-enabled, >> by doing most of the work in a new function prison_add_vfs in kern_jail.c >> Now a jail-enabled filesystem need only mark itself with VFCF_JAIL, and >> the rest is taken care of. This includes adding a jail parameter like >> allow.mount.foofs, and a sysctl like security.jail.mount_foofs_allowed. >> Both of these used to be a static list of known filesystems, with >> predefined permission bits. >> >> Reviewed by: kib >> Differential Revision: D14681 >> >> Modified: >> head/lib/libjail/jail.c >> head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c >> head/sys/compat/linprocfs/linprocfs.c >> head/sys/compat/linsysfs/linsysfs.c >> head/sys/fs/devfs/devfs_vfsops.c >> head/sys/fs/fdescfs/fdesc_vfsops.c >> head/sys/fs/nullfs/null_vfsops.c >> head/sys/fs/procfs/procfs.c >> head/sys/fs/pseudofs/pseudofs.h >> head/sys/fs/tmpfs/tmpfs_vfsops.c >> head/sys/kern/kern_jail.c >> head/sys/kern/vfs_init.c >> head/sys/kern/vfs_mount.c >> head/sys/kern/vfs_subr.c >> head/sys/sys/jail.h >> head/sys/sys/mount.h >> head/usr.sbin/jail/jail.8 >> >> Modified: head/lib/libjail/jail.c >> ============================================================================== >> --- head/lib/libjail/jail.c Fri May 4 20:38:26 2018 (r333262) >> +++ head/lib/libjail/jail.c Fri May 4 20:54:27 2018 (r333263) >> @@ -1048,7 +1048,13 @@ kldload_param(const char *name) >> else if (strcmp(name, "sysvmsg") == 0 || strcmp(name, "sysvsem") == 0 || >> strcmp(name, "sysvshm") == 0) >> kl = kldload(name); >> - else { >> + else if (strncmp(name, "allow.mount.", 12) == 0) { >> + /* Load the matching filesystem */ >> + kl = kldload(name + 12); >> + if (kl < 0 && errno == ENOENT && >> + strncmp(name + 12, "no", 2) == 0) >> + kl = kldload(name + 14); >> + } else { >> errno = ENOENT; >> return (-1); >> } > > I'm curious about this part of the change. Why is it necessary to load the module in the "allow.mount.noXXXfs" case, when the jail is forbidden to mount the filesystem? It seems like that would just load modules that aren't going to be used. > > Additional discussion at https://github.com/iocage/iocage/issues/689 . > > -Alan Presumably such a parameter would be included in some jails in conjunction with the positive being included in others (perhaps as a default). The truth is I never really considered whether the "no" option would be used, I just always treat these option as pairs. It may be reasonable (at least in the allow.mount.* case) to silently disregard a "no" option that doesn't exist, but I don't know how many places would need to be modified for that to go smoothly. Though I don't expect that there would be too many people who bother to include a jail parameter about a filesystem which they're not planning to use. - Jamie From owner-svn-src-all@freebsd.org Fri Nov 16 22:38:51 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D7C101106A5A; Fri, 16 Nov 2018 22:38:50 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3A72A6C991; Fri, 16 Nov 2018 22:38:48 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id Nml9gh7s3ctraNmlBgsN2W; Fri, 16 Nov 2018 15:38:46 -0700 X-Authority-Analysis: v=2.3 cv=Io3Pj43g c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=8nJEP1OIZ-IA:10 a=JHtHm7312UAA:10 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=iKhvJSA4AAAA:8 a=_bTUhD4FoDNiF-lAkjQA:9 a=wPNLvfGTeEIA:10 a=UJ0tAi3fqDAA:10 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=odh9cflL3HIXMm4fY7Wr:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 22672CE0; Fri, 16 Nov 2018 14:38:43 -0800 (PST) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id wAGMcJVd030584; Fri, 16 Nov 2018 14:38:19 -0800 (PST) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id wAGMcJ92030581; Fri, 16 Nov 2018 14:38:19 -0800 (PST) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201811162238.wAGMcJ92030581@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: =?utf-8?Q?Edward_Tomasz_Napiera=C5=82a?= cc: Cy Schubert , rgrimes@freebsd.org, Warner Losh , 0mp@freebsd.org, src-committers , svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r340478 - head/share/man/man7 In-Reply-To: Message from =?utf-8?Q?Edward_Tomasz_Napiera=C5=82a?= of "Fri, 16 Nov 2018 20:09:44 +0000." Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Date: Fri, 16 Nov 2018 14:38:19 -0800 X-CMAE-Envelope: MS4wfFjeQSoSKYVzjAQz0D55H0OiVcji4b6G4NIAPfuAEM+9INcg0poliFLVYfOSMlYctI1PDeXH0gq2GKqFrgIY9h26Z0jfnRC5TRWoKArFHd7GE5XmI02u /6BBXte5SX58HJaEHVSbKPYL76+bAAIALPN5L+MsvX/wsh9JHSeEoiT1FaFCpUwr1FKvOMek+o75awFc6Vnd7iKpNXYq1pMOUshkX8PRqXEETceKdxO2nmdR XKqzI7tG/zFDReMFCeI6Opj11VlHkC6EfLTEs73l0wjSH4LiIgQxiR/PfPyjX/ivBFu4bPl2Zg+gDZZ7vnDNOQWkGB7dOvtdsJELx1KWll4E48f4/PywZKD9 u+GLmtUo9gx478bjDxlKmK+EDyHPPQ== X-Rspamd-Queue-Id: 3A72A6C991 X-Spamd-Result: default: False [-4.82 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; REPLYTO_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: spqr.komquats.com]; NEURAL_HAM_SHORT(-0.98)[-0.976,0]; RCPT_COUNT_SEVEN(0.00)[8]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[139.136.59.64.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; IP_SCORE(-2.13)[ip: (-6.05), ipnet: 64.59.128.0/20(-2.51), asn: 6327(-2.01), country: CA(-0.10)]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.zen.spamhaus.org : 127.0.0.11] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Nov 2018 22:38:51 -0000 In message , =?utf-8?Q?Edward _Tomasz_Napiera=C5=82a?= writes: > > > > On 16 Nov 2018, at 18:40, Cy Schubert wrote: > > > > In message <201811161804.wAGI44WC047387@pdx.rh.CN85.dnsmgr.net>, > > "Rodney W. Gri > > mes" writes: > >>>> On Fri, Nov 16, 2018 at 7:29 AM Mateusz Piotrowski <0mp@freebsd.org> wro > te: > >>>> > >>>> A few years ago jilles@ proposed changing reboot's default to signallin > >> g > >>>> init (preserving reboot -q which just invokes the reboot system call), > >>>> but > >>>> this was not accepted. Perhaps this can be tried again for 13.0. > >>>> > >>> > >>> I didn't like it at the time, however I was wrong. Much of my reasoning f > or > >>> doing it has become muted as well since then, and the need to do it has > >>> become more amplified as more rc scripts have grown shutdown > >>> functionality... > >>> > >>> I think if we make what's now reboot 'fastreboot' or 'reboot -q' (both of > >>> which are historic replacements), we can make 'reboot' what's now 'shutdo > wn > >>> -r now'. > >> > >> I support this position. > > > > reboot(2) should be changed to signal init(8). RB_AUTOBOOT should > > signal init while a new RB_FASTBOOT or RB_LEGACY (or pick a name) would > > preserve traditional behavior. RB_POWEROFF, RB_POWERCYCLE and RB_HALT > > would also signal init except when RB_FASTBOOT flag is set. > > Wouldn’t this break rebooting when UID 1 is not init(8)? You mean PID 1, right? This would obviously require special case handling when the caller is PID 1. Tangentially, though Linux vaguely documents RB_*, they document LINUX_REBOOT_* in their man page, which obviously doesn't work here. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.