Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Aug 2010 17:08:29 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bz@FreeBSD.org>
To:        Jamie Gritton <jamie@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r210974 - head/sys/kern
Message-ID:  <20100807170607.S48418@maildrop.int.zabbadoz.net>
In-Reply-To: <201008062204.o76M4IvZ044635@svn.freebsd.org>
References:  <201008062204.o76M4IvZ044635@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 6 Aug 2010, Jamie Gritton wrote:

> Author: jamie
> Date: Fri Aug  6 22:04:18 2010
> New Revision: 210974
> URL: http://svn.freebsd.org/changeset/base/210974
>
> Log:
>  Implicitly make a new jail persistent if it's set not to attach.

I am not sure this is a good idea, especially to implement it in the
kernel.  This just means that if you accidentally mess up your command
line you are creating jails, possibly eating further resources most
likely without noticing.  Lot's of foot shooting potential.

What is the reason you need that?



>  MFC after:	3 days
>
> Modified:
>  head/sys/kern/kern_jail.c
>
> Modified: head/sys/kern/kern_jail.c
> ==============================================================================
> --- head/sys/kern/kern_jail.c	Fri Aug  6 21:58:53 2010	(r210973)
> +++ head/sys/kern/kern_jail.c	Fri Aug  6 22:04:18 2010	(r210974)
> @@ -599,6 +599,8 @@ kern_jail_set(struct thread *td, struct
> 		vfs_flagopt(opts, pr_flag_names[fi], &pr_flags, 1 << fi);
> 		vfs_flagopt(opts, pr_flag_nonames[fi], &ch_flags, 1 << fi);
> 	}
> +	if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE)
> +	    pr_flags |= PR_PERSIST;
> 	ch_flags |= pr_flags;
> 	for (fi = 0; fi < sizeof(pr_flag_jailsys) / sizeof(pr_flag_jailsys[0]);
> 	    fi++) {
> @@ -628,12 +630,6 @@ kern_jail_set(struct thread *td, struct
> 		ch_flags |=
> 		    pr_flag_jailsys[fi].new | pr_flag_jailsys[fi].disable;
> 	}
> -	if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE
> -	    && !(pr_flags & PR_PERSIST)) {
> -		error = EINVAL;
> -		vfs_opterror(opts, "new jail must persist or attach");
> -		goto done_errmsg;
> -	}
> #ifdef VIMAGE
> 	if ((flags & JAIL_UPDATE) && (ch_flags & PR_VNET)) {
> 		error = EINVAL;
>

-- 
Bjoern A. Zeeb                       This signature is about you not me.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100807170607.S48418>