From owner-dev-commits-src-all@freebsd.org Fri Mar 5 17:06:15 2021 Return-Path: Delivered-To: dev-commits-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9958455F9F5; Fri, 5 Mar 2021 17:06:15 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DsYzW3hPtz4sB4; Fri, 5 Mar 2021 17:06:15 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: from mail-qk1-f169.google.com (mail-qk1-f169.google.com [209.85.222.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) (Authenticated sender: kevans) by smtp.freebsd.org (Postfix) with ESMTPSA id 71F60A850; Fri, 5 Mar 2021 17:06:15 +0000 (UTC) (envelope-from kevans@freebsd.org) Received: by mail-qk1-f169.google.com with SMTP id b130so2623023qkc.10; Fri, 05 Mar 2021 09:06:15 -0800 (PST) X-Gm-Message-State: AOAM531G3WwEXTiFo8MUnuSCwyBTCG0qRFa5R/EsYy80HDsjzyM1ROSf gzYGut/UGf6F16y5x77TrxhJ8NOMSaZ+seX/Znc= X-Google-Smtp-Source: ABdhPJx/ktmA3DMOSHjItdWL74ZYIdVcndOlnrZrv1BfPE+G5pf674IsTYgHDfyzK6VUB6oENMRFm3c8LOX88f09b3o= X-Received: by 2002:a37:988:: with SMTP id 130mr10671117qkj.120.1614963974909; Fri, 05 Mar 2021 09:06:14 -0800 (PST) MIME-Version: 1.0 References: <202102192213.11JMDoiL080275@gitrepo.freebsd.org> In-Reply-To: <202102192213.11JMDoiL080275@gitrepo.freebsd.org> From: Kyle Evans Date: Fri, 5 Mar 2021 11:06:01 -0600 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: git: d4380c0cdd05 - main - jail: Change both root and working directories in jail_attach(2) To: Jamie Gritton Cc: src-committers , "" , dev-commits-src-main@freebsd.org, jails@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: dev-commits-src-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Mar 2021 17:06:15 -0000 On Fri, Feb 19, 2021 at 4:13 PM Jamie Gritton wrote: > > The branch main has been updated by jamie: > > URL: https://cgit.FreeBSD.org/src/commit/?id=d4380c0cdd0517dc038403dd5c99242ce78bdeb5 > > commit d4380c0cdd0517dc038403dd5c99242ce78bdeb5 > Author: Jamie Gritton > AuthorDate: 2021-02-19 22:13:35 +0000 > Commit: Jamie Gritton > CommitDate: 2021-02-19 22:13:35 +0000 > > jail: Change both root and working directories in jail_attach(2) > > jail_attach(2) performs an internal chroot operation, leaving it up to > the calling process to assure the working directory is inside the jail. > > Add a matching internal chdir operation to the jail's root. Also > ignore kern.chroot_allow_open_directories, and always disallow the > operation if there are any directory descriptors open. > Any reason we shouldn't go ahead and drop the explicit chdir() from jexec(8) and jail(8) now that jail_attach *is* guaranteed to chdir along with its chroot? Thanks, Kyle Evans