From nobody Fri May 29 16:01:45 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gRp556ylJz6flb0 for ; Fri, 29 May 2026 16:01:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gRp554Pctz3HSm for ; Fri, 29 May 2026 16:01:45 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1780070505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0UINIjlkD8JlLp6RmMKmS62BsmmSrlfDLGFXGRxTvFY=; b=nXPzD0TPzAmj3Xfsdq//2A3eNLmg6AjFRCUerQ2TegBVg0Ds2i4/1jCsCoC7zj8HKr+qHU iH+izboOW+2CUe1vT0Vq57SexT39R/3aWb0SN4TyGnmUb1LLT7WKrnh9RIJ4bmQMqi9BHp QLT3FGyoISkNh/293OOVbQ40zRDN9CoipMigOPeQ7htovnDOvDsstCT5/ASJngxzr+G2ic 9Du5KNd0d/fzaGXxon1ST6VP7wm7vhqJ7h2dd1QDVY4x22QPjhHSVdZjDOtSkD3+Ze+1sO fw80UDjttX96GUPaegS5MMQjzvYv/XqKNbv1NYpIyPmcMJvDuN73J+C/TjSbvA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1780070505; a=rsa-sha256; cv=none; b=w/mzHp6lpNFpYKGz8DUgQo+2//4ohr3qLATy/a+lRpJSHC1ivv3nfc41RUelBWeO2Lmd+x 40aC7pBqTIBIPdaJ8qp9qw21bvLtkiSHzk3sz1zjgWHodwPIUXlIFvq2zURjaN4VIF6VZN 5k1nxcetvxvQ7QiPMhVWi/rGEiXI0JmwJsunVkhtZQTiKNpaTJ8EM+ATGOYZldwWtPFWrI H9b01lkw+fzP+ZiG9BRkSlYq7W55XRVel8/1hI6lZiMDNgye64B+sLuSSogXboCBwjL8Z0 1A3wn/9cx6W6VIBDxK0dSYkHGvT6qv0ZLrJYb0PKGqt8udOsZD2Km4Lk83n+cA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1780070505; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=0UINIjlkD8JlLp6RmMKmS62BsmmSrlfDLGFXGRxTvFY=; b=yDe5dY65wV6CUu2my8sE8t6e5PwallverhO4bt3TViKQe5fVcsNetDGNgup3xONdRojwsX +McHHW55dmoWcb0509fBEa/xSwkQjMB8XwSgRhMxjQp/fvqoepH3hDsiSLnziC52jzeBGV aNTTtYDcV+eEOZkHf1lhZ0a2GWzZn3rSBihcEMHj0Ro4IU6qxQPMzCJ+lk8Eb4PZfqkU5I GF9hQpf5sRa6ph7VNKldg5+BHis6ceUvW9183HVaaWSP/TsiWIYmGcLJf8VjbW/1QQp7Cx jEIwxPHsA1lrgOFde6xiaDs/ZhwulIag/p0L3T7NKV++VUbM8wQwGZgGviAFAA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gRp553dWNzgCN for ; Fri, 29 May 2026 16:01:45 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 344fc by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 29 May 2026 16:01:45 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: 73215eba8b91 - main - MAC/do: parse_and_set_conf(): Require the model configuration List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 73215eba8b91fab37c1ad380fca04f082f3f92fd Auto-Submitted: auto-generated Date: Fri, 29 May 2026 16:01:45 +0000 Message-Id: <6a19b869.344fc.51914074@gitrepo.freebsd.org> The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=73215eba8b91fab37c1ad380fca04f082f3f92fd commit 73215eba8b91fab37c1ad380fca04f082f3f92fd Author: Olivier Certner AuthorDate: 2026-04-28 09:55:29 +0000 Commit: Olivier Certner CommitDate: 2026-05-29 15:25:09 +0000 MAC/do: parse_and_set_conf(): Require the model configuration This change is a prerequisite for the next change in caller mac_do_jail_set(), which for semantic correctness needs to rely on a stable model configuration. The two other callers already call find_conf() to retrieve the applicable configuration, so for these a second call to find_conf() can be saved. However, this does not fix (actually, makes slightly worse) an atomicity problem when multiple threads concurrently change some jail's configuration (or the configuration inherited by a jail), which has existed since the introduction of executable paths due to being able to change only rules or executable paths independently (and the possibility of not specifying them and having them copied from the currently applicable configuration). Before tackling it in later commits, we first focus on fixing the semantics of configuration changes in the very next patches. Reviewed by: bapt MFC after: 1 month Sponsored by: The FreeBSD Foundation Pull Request: https://ron-dev.freebsd.org/FreeBSD/src/pulls/38 --- sys/security/mac_do/mac_do.c | 66 +++++++++++++++++++++++++------------------- 1 file changed, 38 insertions(+), 28 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index 3ae5aba4bb8a..3da2f4ed5c80 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -1412,49 +1412,46 @@ clone_exec_paths(struct exec_paths *const dst, * * Must be called with '*parse_error' set to NULL. * - * Supports explicitly setting all parameters or only some of them, in which - * case the implicit ones are copied from the currently applicable configuration - * (that of the closest ancestor jail that has one). - * - * An unspecified parameter must be passed as NULL. + * Supports explicitly setting all parameters or only some of them. An + * unspecified parameter must be passed as NULL. The values of unspecified + * parameters are copied from those of the passed model configuration (which is + * expected to be the currently applicable configuration, i.e., that of the + * closest ancestor jail that has one). */ static int -parse_and_set_conf(struct prison *pr, const char *rules_string, - const char *exec_paths_string, struct parse_error **parse_error) +parse_and_set_conf(struct prison *const pr, const char *const rules_string, + const char *const exec_paths_string, const struct conf *const model_conf, + struct parse_error **const parse_error) { - struct conf *applicable_conf = NULL; - struct conf *conf; + struct conf *const conf = new_conf(); int error = 0; - if (rules_string == NULL || exec_paths_string == NULL) - applicable_conf = find_conf(pr, NULL); - - conf = new_conf(); + KASSERT(model_conf != NULL || + (rules_string != NULL && exec_paths_string != NULL), + ("MAC/do: %s: Model configuration needed!", __func__)); if (rules_string != NULL) { error = parse_rules(rules_string, &conf->rules, parse_error); if (error != 0) goto error; } - else if (applicable_conf != NULL) - clone_rules(&conf->rules, &applicable_conf->rules); + else + clone_rules(&conf->rules, &model_conf->rules); if (exec_paths_string != NULL) { error = parse_exec_paths(exec_paths_string, &conf->exec_paths, parse_error); if (error != 0) goto error; - } else if (applicable_conf != NULL) + } else clone_exec_paths(&conf->exec_paths, - &applicable_conf->exec_paths); + &model_conf->exec_paths); set_conf(pr, conf); MPASS(error == 0 && *parse_error == NULL); out: drop_conf(conf); - if (applicable_conf != NULL) - drop_conf(applicable_conf); return (error); error: MPASS(error != 0 && *parse_error != NULL); @@ -1477,8 +1474,7 @@ mac_do_sysctl_rules(SYSCTL_HANDLER_ARGS) if (error != 0 || req->newptr == NULL) goto out; - /* Set our prison's rules, not that of the jail we inherited from. */ - error = parse_and_set_conf(pr, buf, NULL, &parse_error); + error = parse_and_set_conf(pr, buf, NULL, conf, &parse_error); if (error != 0) { if (print_parse_error) printf("MAC/do: Parse error at index %zu: %s\n", @@ -1518,7 +1514,7 @@ mac_do_sysctl_exec_paths(SYSCTL_HANDLER_ARGS) if (error != 0 || req->newptr == NULL) goto out; - error = parse_and_set_conf(pr, NULL, buf, &parse_error); + error = parse_and_set_conf(pr, NULL, buf, conf, &parse_error); if (error != 0) { if (print_parse_error) printf("MAC/do: Parse error at index %zu: %s\n", @@ -1726,6 +1722,7 @@ mac_do_jail_set(void *obj, void *data) struct vfsoptlist *opts = data; char *rules_string, *exec_paths_string; struct parse_error *parse_error = NULL; + struct conf *model_conf; int error, jsys; bool has_rules, has_exec_paths; @@ -1755,20 +1752,32 @@ mac_do_jail_set(void *obj, void *data) jsys = JAIL_SYS_DISABLE; } - switch (jsys) { - case JAIL_SYS_INHERIT: + if (jsys == JAIL_SYS_INHERIT) { + MPASS(!has_rules && !has_exec_paths); remove_conf(pr); return (0); + } + + model_conf = NULL; + switch (jsys) { case JAIL_SYS_DISABLE: rules_string = ""; has_rules = true; /* FALLTHROUGH */ case JAIL_SYS_NEW: + /* + * If 'pr' has a configuration, we want to use it as the model + * (i.e., only change what has been explicitly specified). + * Else, we want as default values those that are inherited. + */ + model_conf = !has_rules || !has_exec_paths ? + find_conf(pr, NULL) : NULL; error = parse_and_set_conf(pr, has_rules ? rules_string : NULL, has_exec_paths ? exec_paths_string : NULL, + model_conf, &parse_error); if (error != 0) { @@ -1776,15 +1785,16 @@ mac_do_jail_set(void *obj, void *data) "MAC/do: Parse error at index %zu: %s\n", parse_error->pos, parse_error->msg); free_parse_error(parse_error); - - return (error); } - - return (0); + break; default: __assert_unreachable(); } + + if (model_conf != NULL) + drop_conf(model_conf); + return (error); } /*