From owner-dev-commits-src-branches@freebsd.org Mon Feb 22 18:25:54 2021 Return-Path: Delivered-To: dev-commits-src-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 20184549451; Mon, 22 Feb 2021 18:25:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DkrGV0NYYz4XcV; Mon, 22 Feb 2021 18:25:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0003F2891; Mon, 22 Feb 2021 18:25:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 11MIPrH1074057; Mon, 22 Feb 2021 18:25:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 11MIPrac074056; Mon, 22 Feb 2021 18:25:53 GMT (envelope-from git) Date: Mon, 22 Feb 2021 18:25:53 GMT Message-Id: <202102221825.11MIPrac074056@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jamie Gritton Subject: git: f3f042d850ba - releng/13.0 - MFS jail: Change both root and working directories in jail_attach(2) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jamie X-Git-Repository: src X-Git-Refname: refs/heads/releng/13.0 X-Git-Reftype: branch X-Git-Commit: f3f042d850baaeda1bed19e00c2b3b578644b7e9 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-branches@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commits to the stable branches of the FreeBSD src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Feb 2021 18:25:54 -0000 The branch releng/13.0 has been updated by jamie: URL: https://cgit.FreeBSD.org/src/commit/?id=f3f042d850baaeda1bed19e00c2b3b578644b7e9 commit f3f042d850baaeda1bed19e00c2b3b578644b7e9 Author: Jamie Gritton AuthorDate: 2021-02-19 22:13:35 +0000 Commit: Jamie Gritton CommitDate: 2021-02-22 18:25:23 +0000 MFS jail: Change both root and working directories in jail_attach(2) jail_attach(2) performs an internal chroot operation, leaving it up to the calling process to assure the working directory is inside the jail. Add a matching internal chdir operation to the jail's root. Also ignore kern.chroot_allow_open_directories, and always disallow the operation if there are any directory descriptors open. Reported by: mjg Approved by: re (gjb), markj, kib (cherry picked from commit d4380c0cdd0517dc038403dd5c99242ce78bdeb5) (cherry picked from commit 5dbb407145c8128753fa30b695bc266dc671e433) --- lib/libc/sys/jail.2 | 5 ++++- sys/kern/kern_descrip.c | 45 ++++++++++++++++++++++++++++++++++++++++++--- sys/kern/kern_jail.c | 2 +- sys/sys/filedesc.h | 1 + 4 files changed, 48 insertions(+), 5 deletions(-) diff --git a/lib/libc/sys/jail.2 b/lib/libc/sys/jail.2 index 2e13a6c3a381..82c2e97d4a7b 100644 --- a/lib/libc/sys/jail.2 +++ b/lib/libc/sys/jail.2 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 8, 2012 +.Dd February 19, 2021 .Dt JAIL 2 .Os .Sh NAME @@ -228,6 +228,9 @@ The system call attaches the current process to an existing jail, identified by .Fa jid . +It changes the process's root and current directories to the jail's +.Va path +directory. .Pp The .Fn jail_remove diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c index 059e5123c7b5..31c7d3bf2188 100644 --- a/sys/kern/kern_descrip.c +++ b/sys/kern/kern_descrip.c @@ -3795,9 +3795,8 @@ pwd_drop(struct pwd *pwd) } /* -* Common routine for kern_chroot() and jail_attach(). The caller is -* responsible for invoking priv_check() and mac_vnode_check_chroot() to -* authorize this operation. +* The caller is responsible for invoking priv_check() and +* mac_vnode_check_chroot() to authorize this operation. */ int pwd_chroot(struct thread *td, struct vnode *vp) @@ -3859,6 +3858,46 @@ pwd_chdir(struct thread *td, struct vnode *vp) pwd_drop(oldpwd); } +/* + * jail_attach(2) changes both root and working directories. + */ +int +pwd_chroot_chdir(struct thread *td, struct vnode *vp) +{ + struct pwddesc *pdp; + struct filedesc *fdp; + struct pwd *newpwd, *oldpwd; + int error; + + fdp = td->td_proc->p_fd; + pdp = td->td_proc->p_pd; + newpwd = pwd_alloc(); + FILEDESC_SLOCK(fdp); + PWDDESC_XLOCK(pdp); + oldpwd = PWDDESC_XLOCKED_LOAD_PWD(pdp); + error = chroot_refuse_vdir_fds(fdp); + FILEDESC_SUNLOCK(fdp); + if (error != 0) { + PWDDESC_XUNLOCK(pdp); + pwd_drop(newpwd); + return (error); + } + + vrefact(vp); + newpwd->pwd_rdir = vp; + vrefact(vp); + newpwd->pwd_cdir = vp; + if (oldpwd->pwd_jdir == NULL) { + vrefact(vp); + newpwd->pwd_jdir = vp; + } + pwd_fill(oldpwd, newpwd); + pwd_set(pdp, newpwd); + PWDDESC_XUNLOCK(pdp); + pwd_drop(oldpwd); + return (0); +} + void pwd_ensure_dirs(void) { diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index b56c889eeb7e..90ab69a372d2 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -2495,7 +2495,7 @@ do_jail_attach(struct thread *td, struct prison *pr) goto e_unlock; #endif VOP_UNLOCK(pr->pr_root); - if ((error = pwd_chroot(td, pr->pr_root))) + if ((error = pwd_chroot_chdir(td, pr->pr_root))) goto e_revert_osd; newcred = crget(); diff --git a/sys/sys/filedesc.h b/sys/sys/filedesc.h index 890232b7f160..8c5aa258ed28 100644 --- a/sys/sys/filedesc.h +++ b/sys/sys/filedesc.h @@ -333,6 +333,7 @@ void pdunshare(struct thread *td); void pwd_chdir(struct thread *td, struct vnode *vp); int pwd_chroot(struct thread *td, struct vnode *vp); +int pwd_chroot_chdir(struct thread *td, struct vnode *vp); void pwd_ensure_dirs(void); void pwd_set_rootvnode(void);