From nobody Tue Dec 23 19:22:20 2025
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dbPzJ75lqz6KCfy
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 23 Dec 2025 19:22:36 +0000 (UTC)
	(envelope-from andrea@cocito.eu)
Received: from mail-wm1-x333.google.com (mail-wm1-x333.google.com [IPv6:2a00:1450:4864:20::333])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4dbPzJ0QpWz3rql
	for <freebsd-hackers@freebsd.org>; Tue, 23 Dec 2025 19:22:35 +0000 (UTC)
	(envelope-from andrea@cocito.eu)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=cocito-eu.20230601.gappssmtp.com header.s=20230601 header.b=k4HoYo12;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of andrea@cocito.eu designates 2a00:1450:4864:20::333 as permitted sender) smtp.mailfrom=andrea@cocito.eu
Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-47775fb6cb4so33097855e9.0
        for <freebsd-hackers@freebsd.org>; Tue, 23 Dec 2025 11:22:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cocito-eu.20230601.gappssmtp.com; s=20230601; t=1766517752; x=1767122552; darn=freebsd.org;
        h=to:cc:date:message-id:subject:mime-version:from
         :content-transfer-encoding:from:to:cc:subject:date:message-id
         :reply-to;
        bh=+yq5OEe8XSYkXPzu656314rd4ikBmkdc/JLzI68khxc=;
        b=k4HoYo12sBNVj07q936CcSfs43yr+XkudHS8sHx+AIatIXKMvcJQU5fq27wbCkJ8Wp
         N+61yhnh82GEqL/J/qTnce2j7NGxvw693NOA9VhER/ah6aMMwaQhEgMuMMpOVAtJkVjH
         xTayhlOoE/jzxiVhT1f9knZqiWiZLWIkso42QgcayKau2etjxh2q5Kc/qIEDtobGrlGG
         0J0J4/Tr8y/mP37i1orn91iPfvPssoWb3AWr6QiJ1blpP+K69fDt83DSReWS+adv+SBl
         Y0WpuuTJmfOmoklO+Ponku6CrLwe8YmpvjqwM668k2IrGQr0dSoaOvS4AUcTCQ1t7rvM
         waiw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1766517752; x=1767122552;
        h=to:cc:date:message-id:subject:mime-version:from
         :content-transfer-encoding:x-gm-gg:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=+yq5OEe8XSYkXPzu656314rd4ikBmkdc/JLzI68khxc=;
        b=ChhX1q7cLiRCbIfw/uIcbkV7hsUN+uhbsTLJ7K63UUmMT5fs0RVIqOK2cYJe51ALW7
         cKzW03W6DtgWm8g6hqivQEYiT/DNRfKgQIfoMGEGPPLsImSNeelDWCNMP5HI0W98NsjV
         xZRcXktGPltg7P5peldIB37FVooN+gTOGJey+a5LFaEDC6Qv94VvNU2zvZBoqSKtAlHi
         OQtwW63SETHPOhnGUwQrKve8YOQqdGmMi1awg1doO9lujpnyZKGQnjU+PAWyTZ2UkP1k
         03IE/RXzEb/SZE93nqWikZ2K/vbEKvRCjEG762D3Uhh5aTgLxPkth4BqhfKwI1pK2lz7
         4EGg==
X-Gm-Message-State: AOJu0Yx6/fue6ckd2/yV67sLYBV0L2LfCmnVk1jMDUGc+qewj8CEFms5
	m0pTs0WsOkIw6naXBBN64D8Z9BZ45ZXRieVXXwmcqrTUUfMMZ8w1TtbOv8p06PeuRzPTSZqE9uZ
	hcuNuEak=
X-Gm-Gg: AY/fxX6G1mBZRHvlTvjjRSh4DvuUHdLxrSI5kZOa5H6JnHSM+y1e4tMOehwig0UBRnh
	A4GoucJD1SKKWnhhXJ2oZM0chwvFzYEP7Ab5K2CgyUzXtOoRQt/PyVaANPupdwnxhbL8OdtsdWZ
	6Pw3b4Zd/ns08EjmDEySBdeCDqpKVlclup/kvhLiqFTty61R/X4+pIF5VX8sXDL9KQMJd+/4iWT
	u4LgIHTo9PrKncyhKJPVPDuW1g6E8NM/S9XSNxEpI9MuoOeYI0kqE1XeXkaoua6QJxEHXmek9XN
	gKB96kM2vp7vxhAADDdewVei83IIDOyKwDoWppeZzzOx3dH12iESmSDdRc20WumPFEkptA5zSs2
	+k6GggSslq5dclWF4BWgIYHlU9uUOtIB7Yz/Of+fwqR2GP7wthft4WzWARIH2X8XvLhmbYxGFHX
	EScQUnuuXkdtunEJAeuSrU2r0NnQ==
X-Google-Smtp-Source: AGHT+IGXpZ648o+yYvAQXTXmyrrIIBcxUm1rYhQ8yowq4rjijlVk8vzRmuqXmmLKZ4UcNANAFA/9JA==
X-Received: by 2002:a05:600c:4fc6:b0:477:8b77:155f with SMTP id 5b1f17b1804b1-47d1953865fmr134995265e9.8.1766517751906;
        Tue, 23 Dec 2025 11:22:31 -0800 (PST)
Received: from smtpclient.apple ([78.211.76.14])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47be3af6dbdsm122959695e9.19.2025.12.23.11.22.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 23 Dec 2025 11:22:31 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From: Andrea Cocito <andrea@cocito.eu>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
Mime-Version: 1.0 (1.0)
Subject: Re: Retrieving the kid/jailname of connected peer for a unix socket
Message-Id: <905FD66D-404C-4BAF-9F32-3C5EB62F5DB5@cocito.eu>
Date: Tue, 23 Dec 2025 20:22:20 +0100
Cc: freebsd-hackers@freebsd.org
To: Shawn Webb <shawn.webb@hardenedbsd.org>
X-Mailer: iPhone Mail (23B85)
X-Spamd-Bar: --
X-Spamd-Result: default: False [-2.50 / 15.00];
	FAKE_REPLY(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-0.997];
	R_DKIM_ALLOW(-0.20)[cocito-eu.20230601.gappssmtp.com:s=20230601];
	R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
	MIME_GOOD(-0.10)[text/plain];
	RCVD_COUNT_TWO(0.00)[2];
	DKIM_TRACE(0.00)[cocito-eu.20230601.gappssmtp.com:+];
	RCVD_TLS_LAST(0.00)[];
	DMARC_NA(0.00)[cocito.eu];
	ARC_NA(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	MIME_TRACE(0.00)[0:+];
	APPLE_IOS_MAILER_COMMON(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	TO_DN_SOME(0.00)[];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	MID_RHS_MATCH_FROM(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	BLOCKLISTDE_FAIL(0.00)[78.211.76.14:server fail,2a00:1450:4864:20::333:server fail];
	RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::333:from]
X-Rspamd-Queue-Id: 4dbPzJ0QpWz3rql

=EF=BB=BFOn 23 Dec 2025, at 19:05, Shawn Webb <shawn.webb@hardenedbsd.org> w=
rote:
> So please do keep this thread updated. :-)

Thanks for you input.

I do not think that in my case MAC policies will help, but will surely take a=
 look at that as an option; more likely I=E2=80=99ll patch the kernel to hav=
e the functionality I need.

To explain this is the background: I have developed a =E2=80=9Cfirmware=E2=80=
=9D version of FreeBSD (soon to be open sourced), it boots off =E2=80=9Csome=
thing=E2=80=9D and then becomes entirely =E2=80=9CRAM living=E2=80=9D and st=
ateless except for its own identity stored as a private key in TPM2.

The thing is managed by a =E2=80=9Ccontroller=E2=80=9D which asks it to inst=
all and run =E2=80=9Cmodules=E2=80=9D; so far modules are written by me (I=E2=
=80=99d say =E2=80=9Ctotal trust=E2=80=9D) but the plan is to release an SDK=
 so that modules are written by third parties. As every module lives in a co=
ntained jail I do not want a broken or malicious module to be able to compro=
mise the system.

One of the core services =E2=80=9Coffered=E2=80=9D to any module is =E2=80=9C=
you can make http requests on socket /some/path/socket and the controller wi=
ll handle it=E2=80=9D. It can be ask some info, log an event, store some dat=
a or even mount a WebDAV file system. Of course my =E2=80=9Clocal controller=
 process=E2=80=9D needs to know *which* jail did the request.

I think I=E2=80=99ll end up making getsockopt(fd, SOL_LOCAL, LOCAL_PEERCRED,=
=E2=80=A6) return some form of prison is stating =E2=80=9Cthis is the jail i=
n which the process was running when it invoked connect()=E2=80=9D. Of a pro=
cess in a module does commect() and then it intentionally hands over the fd t=
o some other process it=E2=80=99s its own responsibility, I don=E2=80=99t re=
ally care.=20

Cheers,

A.=20=