Date: Fri, 05 Sep 2025 10:34:18 -0700 From: James Gritton <jamie@freebsd.org> To: Konstantin Belousov <kostikbel@gmail.com> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 851dc7f859c2 - main - jail: add jail descriptors Message-ID: <24bbb82cec2509bcfe1d8514500367ab@freebsd.org> In-Reply-To: <aLpxozYUfi_S-U7b@kib.kiev.ua> References: <202509042031.584KVpxY000408@gitrepo.freebsd.org> <aLokHDP-EMa1LR0D@kib.kiev.ua> <da6b56365c188ce55bb4e878636bc911@freebsd.org> <aLpxozYUfi_S-U7b@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2025-09-04 22:14, Konstantin Belousov wrote: > On Thu, Sep 04, 2025 at 09:43:13PM -0700, James Gritton wrote: >> On 2025-09-04 16:43, Konstantin Belousov wrote: >> > There are fo_chown/fo_chmod methods that are semantically applied to the >> > jail files, instead of the underlying object. This is quite strange, >> > files >> > do not have concept of owner. >> >> True, it is strange. But jails don't have owners either, and this >> seemed a good way to control how the descriptors could be used. I see >> the jail descriptor as an intermediate object between the jail and the >> file descriptors, like there's a portal to the jail that is owned by >> its creator, and the file descriptor returned is merely the access to >> that portal. It's roughly equivalent to a temp file that doesn't >> exist in the filesystem directory space after its creation, yet is >> still a thing with ownership and permissions. >> >> I could remove this if it's too far out of mainstream practice, but I >> hope not to have to, since it provides a handy to allow some to (for >> instance) attach to a prison, but not alter or remove it. Such things >> are perhaps better left to Capsicum, but I don't have that support in >> place yet. > > Naturally, you would added a jail owner (ucred), and make fo_chown > change the owner then. I quite dislike trying to strength filesystem > DACs > to jail access control. You're not the first to object to this repurposing of of permission bits. I guess the proper thing to do is to get the Capsicum support in place, and use that instead. So this hack may well be going away soon. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?24bbb82cec2509bcfe1d8514500367ab>