From owner-freebsd-current@FreeBSD.ORG Fri Jul 29 20:01:47 2011 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BACF106566C for ; Fri, 29 Jul 2011 20:01:47 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from mail.vx.sk (mail.vx.sk [IPv6:2a01:4f8:100:1043::3]) by mx1.freebsd.org (Postfix) with ESMTP id CF2E78FC14 for ; Fri, 29 Jul 2011 20:01:46 +0000 (UTC) Received: from core.vx.sk (localhost [127.0.0.1]) by mail.vx.sk (Postfix) with ESMTP id 08FED14F77A for ; Fri, 29 Jul 2011 22:01:46 +0200 (CEST) X-Virus-Scanned: amavisd-new at mail.vx.sk Received: from mail.vx.sk ([127.0.0.1]) by core.vx.sk (mail.vx.sk [127.0.0.1]) (amavisd-new, port 10024) with LMTP id i8J86cEivKNi for ; Fri, 29 Jul 2011 22:01:43 +0200 (CEST) Received: from [10.9.8.3] (chello085216231078.chello.sk [85.216.231.78]) by mail.vx.sk (Postfix) with ESMTPSA id 820A314F765 for ; Fri, 29 Jul 2011 22:01:42 +0200 (CEST) Message-ID: <4E3311AA.9080006@FreeBSD.org> Date: Fri, 29 Jul 2011 22:01:46 +0200 From: Martin Matuska User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0 MIME-Version: 1.0 To: freebsd-current@FreeBSD.org References: <4E317951.40601@FreeBSD.org> In-Reply-To: <4E317951.40601@FreeBSD.org> X-Enigmail-Version: 1.2 Content-Type: multipart/mixed; boundary="------------030307010502070904020200" Cc: Subject: [PATCH] Updated jail mount/unmount patch X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jul 2011 20:01:47 -0000 This is a multi-part message in MIME format. --------------030307010502070904020200 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After implementing a suggestion from pjd@, a new version of the patch is attached, now using a more universal solution - vn_fullpath_global() in the mount part. Dňa 28. 7. 2011 16:59, Martin Matuska wrote / napísal(a): > Please review my attached patch. > > The patch fixes f_mntonname with mount/unmount inside a jail with allow.mount enabled. > Filesystems mountable in a jail require the VFCF_JAIL flag (currently only ZFS). > > With this patch, mount and unmount works both with enforce_statfs = 0 and enforce_statfs = 1. > I suggest disabling mount/unmount for jails with enforce_statfs = 2, as this is contradictory and does not play well with or without this patch. > > I have successfully tested this patch with ZFS, nullfs and tmpfs. > > To enable nullfs for a jail, you have to modify tmpfs/tmpfs_vfsops.c and recompile the tmpfs module: > -VFS_SET(tmpfs_vfsops, tmpfs, 0); > +VFS_SET(tmpfs_vfsops, tmpfs, VFCF_JAIL); > > To enable tmpfs for a jail, you have to modify nullfs/null_vfsops.c and recompile the nullfs module: > -VFS_SET(null_vfsops, nullfs, VFCF_LOOPBACK); > +VFS_SET(null_vfsops, nullfs, VFCF_LOOPBACK | VFCF_JAIL); > > The filesystems can be successfully mounted/unmounted inside a jail and also unmounted from the parent host without problems. > > The mount inside jail, a jail needs allow.mount=1 and enforce.statfs=0 or enforce.statfs=1, for more information see jail(8) > I assume other filesystem not dealing with devices may work correctly with this patch, too (e.g. nfs). > > With jailed nullfs we can run tinderbox in a jail ;) > > Please review, comment and/or test my attached patch. > > Cheers, > mm -- Martin Matuska FreeBSD committer http://blog.vx.sk --------------030307010502070904020200 Content-Type: text/plain; name="jail_mount.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="jail_mount.patch" SW5kZXg6IHN5cy9rZXJuL2tlcm5famFpbC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIHN5cy9rZXJu L2tlcm5famFpbC5jCShyZXZpc2lvbiAyMjQ0NzEpCisrKyBzeXMva2Vybi9rZXJuX2phaWwu Ywkod29ya2luZyBjb3B5KQpAQCAtMzg1OCw3ICszODU4LDggQEAKIAljYXNlIFBSSVZfVkZT X1VOTU9VTlQ6CiAJY2FzZSBQUklWX1ZGU19NT1VOVF9OT05VU0VSOgogCWNhc2UgUFJJVl9W RlNfTU9VTlRfT1dORVI6Ci0JCWlmIChjcmVkLT5jcl9wcmlzb24tPnByX2FsbG93ICYgUFJf QUxMT1dfTU9VTlQpCisJCWlmIChjcmVkLT5jcl9wcmlzb24tPnByX2FsbG93ICYgUFJfQUxM T1dfTU9VTlQgJiYKKwkJCWNyZWQtPmNyX3ByaXNvbi0+cHJfZW5mb3JjZV9zdGF0ZnMgIT0g MikKIAkJCXJldHVybiAoMCk7CiAJCWVsc2UKIAkJCXJldHVybiAoRVBFUk0pOwpJbmRleDog c3lzL2tlcm4vdmZzX21vdW50LmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gc3lzL2tlcm4vdmZzX21v dW50LmMJKHJldmlzaW9uIDIyNDQ3MSkKKysrIHN5cy9rZXJuL3Zmc19tb3VudC5jCSh3b3Jr aW5nIGNvcHkpCkBAIC03NDUsNyArNzQ1LDYgQEAKIHZmc19kb21vdW50X2ZpcnN0KAogCXN0 cnVjdCB0aHJlYWQgKnRkLAkJLyogQ2FsbGluZyB0aHJlYWQuICovCiAJc3RydWN0IHZmc2Nv bmYgKnZmc3AsCQkvKiBGaWxlIHN5c3RlbSB0eXBlLiAqLwotCWNoYXIgKmZzcGF0aCwJCQkv KiBNb3VudCBwYXRoLiAqLwogCXN0cnVjdCB2bm9kZSAqdnAsCQkvKiBWbm9kZSB0byBiZSBj b3ZlcmVkLiAqLwogCWludCBmc2ZsYWdzLAkJCS8qIEZsYWdzIGNvbW1vbiB0byBhbGwgZmls ZXN5c3RlbXMuICovCiAJc3RydWN0IHZmc29wdGxpc3QgKipvcHRsaXN0CS8qIE9wdGlvbnMg bG9jYWwgdG8gdGhlIGZpbGVzeXN0ZW0uICovCkBAIC03NTUsMTEgKzc1NCwyMyBAQAogCXN0 cnVjdCBtb3VudCAqbXA7CiAJc3RydWN0IHZub2RlICpuZXdkcDsKIAlpbnQgZXJyb3I7CisJ Y2hhciAqZnNwYXRoLCAqZmJ1ZjsKIAogCW10eF9hc3NlcnQoJkdpYW50LCBNQV9PV05FRCk7 CiAJQVNTRVJUX1ZPUF9FTE9DS0VEKHZwLCBfX2Z1bmNfXyk7CiAJS0FTU0VSVCgoZnNmbGFn cyAmIE1OVF9VUERBVEUpID09IDAsICgiTU5UX1VQREFURSBzaG91bGRuJ3QgYmUgaGVyZSIp KTsKIAorCS8qIENvbnN0cnVjdCBnbG9iYWwgZmlsZXN5c3RlbSBwYXRoIGZyb20gdnAgKi8K KwllcnJvciA9IHZuX2Z1bGxwYXRoX2dsb2JhbCh0ZCwgdnAsICZmc3BhdGgsICZmYnVmKTsK KwlpZiAoZXJyb3IgPT0gMCAmJiBzdHJsZW4oZnNwYXRoKSA+PSBNTkFNRUxFTikKKwkJZXJy b3IgPSBFTkFNRVRPT0xPTkc7CisJaWYgKGVycm9yICE9IDApIHsKKwkJdnB1dCh2cCk7CisJ CWlmIChmYnVmICE9IE5VTEwpCisJCQlmcmVlKGZidWYsIE1fVEVNUCk7CisJCXJldHVybihl cnJvcik7CisJfQorCiAJLyoKIAkgKiBJZiB0aGUgdXNlciBpcyBub3Qgcm9vdCwgZW5zdXJl IHRoYXQgdGhleSBvd24gdGhlIGRpcmVjdG9yeQogCSAqIG9udG8gd2hpY2ggd2UgYXJlIGF0 dGVtcHRpbmcgdG8gbW91bnQuCkBAIC03ODEsMTIgKzc5MiwxNCBAQAogCX0KIAlpZiAoZXJy b3IgIT0gMCkgewogCQl2cHV0KHZwKTsKKwkJZnJlZShmYnVmLCBNX1RFTVApOwogCQlyZXR1 cm4gKGVycm9yKTsKIAl9CiAJVk9QX1VOTE9DSyh2cCwgMCk7CiAKIAkvKiBBbGxvY2F0ZSBh bmQgaW5pdGlhbGl6ZSB0aGUgZmlsZXN5c3RlbS4gKi8KIAltcCA9IHZmc19tb3VudF9hbGxv Yyh2cCwgdmZzcCwgZnNwYXRoLCB0ZC0+dGRfdWNyZWQpOworCWZyZWUoZmJ1ZiwgTV9URU1Q KTsKIAkvKiBYWFhNQUM6IHBhc3MgdG8gdmZzX21vdW50X2FsbG9jPyAqLwogCW1wLT5tbnRf b3B0bmV3ID0gKm9wdGxpc3Q7CiAJLyogU2V0IHRoZSBtb3VudCBsZXZlbCBmbGFncy4gKi8K QEAgLTEwNzAsNyArMTA4Myw3IEBACiAJTkRGUkVFKCZuZCwgTkRGX09OTFlfUE5CVUYpOwog CXZwID0gbmQubmlfdnA7CiAJaWYgKChmc2ZsYWdzICYgTU5UX1VQREFURSkgPT0gMCkgewot CQllcnJvciA9IHZmc19kb21vdW50X2ZpcnN0KHRkLCB2ZnNwLCBmc3BhdGgsIHZwLCBmc2Zs YWdzLAorCQllcnJvciA9IHZmc19kb21vdW50X2ZpcnN0KHRkLCB2ZnNwLCB2cCwgZnNmbGFn cywKIAkJICAgIG9wdGxpc3QpOwogCX0gZWxzZSB7CiAJCWVycm9yID0gdmZzX2RvbW91bnRf dXBkYXRlKHRkLCB2cCwgZnNmbGFncywgb3B0bGlzdCk7CkBAIC0xMTA1LDcgKzExMTgsNyBA QAogCX0gKi8gKnVhcDsKIHsKIAlzdHJ1Y3QgbW91bnQgKm1wOwotCWNoYXIgKnBhdGhidWY7 CisJY2hhciAqcGF0aGJ1ZiwgKnJwYXRoYnVmOwogCWludCBlcnJvciwgaWQwLCBpZDE7CiAK IAlBVURJVF9BUkdfVkFMVUUodWFwLT5mbGFncyk7CkBAIC0xMTQwLDEyICsxMTUzLDI3IEBA CiAJCW10eF91bmxvY2soJm1vdW50bGlzdF9tdHgpOwogCX0gZWxzZSB7CiAJCUFVRElUX0FS R19VUEFUSDEodGQsIHBhdGhidWYpOworCQkvKgorCQkgKiBJZiB3ZSBhcmUgamFpbGVkIGFu ZCBlbmZvcmNlX3N0YXRmcz0xCisJCSAqIGNvbnN0cnVjdCByZWFsIGZpbGVzeXN0ZW0gcGF0 aAorCQkgKi8KKwkJcnBhdGhidWYgPSBtYWxsb2MoTU5BTUVMRU4sIE1fVEVNUCwgTV9XQUlU T0spOworCQlpZiAoamFpbGVkKHRkLT50ZF91Y3JlZCkgJiYKKwkJICAgIHRkLT50ZF91Y3Jl ZC0+Y3JfcHJpc29uLT5wcl9lbmZvcmNlX3N0YXRmcyA9PSAxICYmCisJCSAgICBzdHJjbXAo dGQtPnRkX3VjcmVkLT5jcl9wcmlzb24tPnByX3BhdGgsICIvIikgIT0gMCkgeworCQkJc3Ry bGNweShycGF0aGJ1ZiwgdGQtPnRkX3VjcmVkLT5jcl9wcmlzb24tPnByX3BhdGgsCisJCQkg ICAgTU5BTUVMRU4pOworCQkJc3RybGNhdChycGF0aGJ1ZiwgcGF0aGJ1ZiwgTU5BTUVMRU4p OworCQl9IGVsc2UgeworCQkJc3RybGNweShycGF0aGJ1ZiwgcGF0aGJ1ZiwgTU5BTUVMRU4p OworCQl9CiAJCW10eF9sb2NrKCZtb3VudGxpc3RfbXR4KTsKIAkJVEFJTFFfRk9SRUFDSF9S RVZFUlNFKG1wLCAmbW91bnRsaXN0LCBtbnRsaXN0LCBtbnRfbGlzdCkgewotCQkJaWYgKHN0 cmNtcChtcC0+bW50X3N0YXQuZl9tbnRvbm5hbWUsIHBhdGhidWYpID09IDApCisJCQlpZiAo c3RyY21wKG1wLT5tbnRfc3RhdC5mX21udG9ubmFtZSwgcnBhdGhidWYpID09IDApCiAJCQkJ YnJlYWs7CiAJCX0KIAkJbXR4X3VubG9jaygmbW91bnRsaXN0X210eCk7CisJCWZyZWUocnBh dGhidWYsIE1fVEVNUCk7CiAJfQogCWZyZWUocGF0aGJ1ZiwgTV9URU1QKTsKIAlpZiAobXAg PT0gTlVMTCkgewo= --------------030307010502070904020200--