From nobody Fri Sep 5 17:34:18 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cJNkg02hRz65tQM; Fri, 05 Sep 2025 17:34:19 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cJNkf627xz4FmQ; Fri, 05 Sep 2025 17:34:18 +0000 (UTC) (envelope-from jamie@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757093658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E0A4jmODOOjphhkcFf4hQsipUzNIXXoUdH2azgmNZ2M=; b=FRUUaQfrBgMfCHMA3mH5ftwLskFMfFYXZbs0Jg7oFfbCQgCLStd0qiW7WxiQ27dlNpAzjA qB0yZhbAExw5L9nCt3LKom2PuXqis7wDA05mjePFx0sIG7cH3lohibEg+Hqmvgqr3GXseS xiIe3zlyPdenpElka/oKV8JAjxX8jYPUM2enlSELRcf1qCFKKBbbgcx4+YAIxYRZETLDnM IQ6upQ+MaEwEasuNWu7t9+9Hw0RKDrdtbkaMYXhdy5ZiyLMMCzDLFMaz5RRDe7YO78qs4j ghlkR/VDcUcFinhje4eyrVm9tX6BOLdOqgXWtxUa3rZ89u3Gf3szd3EidQRyXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757093658; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=E0A4jmODOOjphhkcFf4hQsipUzNIXXoUdH2azgmNZ2M=; b=OApFDGtUqfbdN0Jf6TmRZX5GA48l6q2Lzkaez325qmvOH+ZEvB/l6iMg60JDtym35m3C1s VhjTmkdvLwZiCKUmQ7PGAYbXz3OlEPjcXa1gseDfSgl1d6NJMX/7ZRfxW4GVdqfa1KKBq2 Q1PTqLksdjx8vW4TqEES5KRJ0qgFHEE1QLiSo3Tp5P4GiIgPI/u4GM2qywq2avEjL4aQWo W8SM2szazIWJXDNsNCmwh7dev1xitJZeQ2fLEoNvd0EpKJD3hSkndUl42c1dRIHATuvQGn evhKj0jC4JHSfUTgrbykhTwp+fSZsfd+1XZt7Z6PEuEnJWs8M/cMl7mXtZSR4A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1757093658; a=rsa-sha256; cv=none; b=O2F+IsLtnhvVBLR+sm7qO4mmTz+GsYg0czL/Axp7vQUPAI5b3NMhDFcW+yB2pMQU/e85dV 0Rp0UaTlr/+h106VIrZyJuCN2xi8wVGkJnfrQtf1AAp2jk9tJUaoFSNJtqN2NC1o37sx+U eA/rSZdnKNp2KYA5/MCssHCUdJ9/Yuy9T7SjaxIN5ZiwaAlkkcmvpbfYEi72NGD0TBbq/W X2qeZl2/UE4dP74YkaT/zAeOt8AbFTdqZXd0IvpCzi4vWdwkozc/sK0pQUezujxGoIyTWI N16Q3PtTuyPMUvDTkKVAPGUPLJUbNXZ6h53ShZ3DqFohAafMwehy2QYfZgpmXQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from m2.gritton.org (gritton.org [67.43.236.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: jamie) by smtp.freebsd.org (Postfix) with ESMTPSA id 4cJNkf5D13z141d; Fri, 05 Sep 2025 17:34:18 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (localgritton [127.0.0.212]) by m2.gritton.org (Postfix) with ESMTPSA id 760307A1C8; Fri, 5 Sep 2025 10:34:18 -0700 (PDT) List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Date: Fri, 05 Sep 2025 10:34:18 -0700 From: James Gritton To: Konstantin Belousov Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 851dc7f859c2 - main - jail: add jail descriptors In-Reply-To: References: <202509042031.584KVpxY000408@gitrepo.freebsd.org> Message-ID: <24bbb82cec2509bcfe1d8514500367ab@freebsd.org> X-Sender: jamie@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit On 2025-09-04 22:14, Konstantin Belousov wrote: > On Thu, Sep 04, 2025 at 09:43:13PM -0700, James Gritton wrote: >> On 2025-09-04 16:43, Konstantin Belousov wrote: >> > There are fo_chown/fo_chmod methods that are semantically applied to the >> > jail files, instead of the underlying object. This is quite strange, >> > files >> > do not have concept of owner. >> >> True, it is strange. But jails don't have owners either, and this >> seemed a good way to control how the descriptors could be used. I see >> the jail descriptor as an intermediate object between the jail and the >> file descriptors, like there's a portal to the jail that is owned by >> its creator, and the file descriptor returned is merely the access to >> that portal. It's roughly equivalent to a temp file that doesn't >> exist in the filesystem directory space after its creation, yet is >> still a thing with ownership and permissions. >> >> I could remove this if it's too far out of mainstream practice, but I >> hope not to have to, since it provides a handy to allow some to (for >> instance) attach to a prison, but not alter or remove it. Such things >> are perhaps better left to Capsicum, but I don't have that support in >> place yet. > > Naturally, you would added a jail owner (ucred), and make fo_chown > change the owner then. I quite dislike trying to strength filesystem > DACs > to jail access control. You're not the first to object to this repurposing of of permission bits. I guess the proper thing to do is to get the Capsicum support in place, and use that instead. So this hack may well be going away soon. - Jamie