From owner-freebsd-jail@freebsd.org Tue Jan 8 19:27:52 2019 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5ED971488143 for ; Tue, 8 Jan 2019 19:27:52 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id D7DCF73553 for ; Tue, 8 Jan 2019 19:27:51 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: by mailman.ysv.freebsd.org (Postfix) id 97F331488142; Tue, 8 Jan 2019 19:27:51 +0000 (UTC) Delivered-To: jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 84F031488141 for ; Tue, 8 Jan 2019 19:27:51 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: from mail.michaelwlucas.com (mail.michaelwlucas.com [104.236.197.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 12CE573550 for ; Tue, 8 Jan 2019 19:27:51 +0000 (UTC) (envelope-from mwlucas@mail.michaelwlucas.com) Received: from mail.michaelwlucas.com (localhost [127.0.0.1]) by mail.michaelwlucas.com (8.15.2/8.15.2) with ESMTP id x08J3l21089297 for ; Tue, 8 Jan 2019 14:03:48 -0500 (EST) (envelope-from mwlucas@mail.michaelwlucas.com) Received: (from mwlucas@localhost) by mail.michaelwlucas.com (8.15.2/8.15.2/Submit) id x08J3lK8089296 for jail@freebsd.org; Tue, 8 Jan 2019 14:03:47 -0500 (EST) (envelope-from mwlucas) Date: Tue, 8 Jan 2019 14:03:47 -0500 From: "Michael W. Lucas" To: jail@freebsd.org Subject: enforce_statfs showing leading path Message-ID: <20190108190347.GA89234@mail.michaelwlucas.com> MIME-Version: 1.0 Content-Type: text/plain; charset=unknown-8bit Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.10.1 (2018-07-13) X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.2 (mail.michaelwlucas.com [127.0.0.1]); Tue, 08 Jan 2019 14:03:50 -0500 (EST) X-Rspamd-Queue-Id: 12CE573550 X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [4.42 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_SPAM_SHORT(0.87)[0.871,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[jail@freebsd.org]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_COUNT_THREE(0.00)[3]; RCVD_TLS_LAST(0.00)[]; MX_GOOD(-0.01)[cached: mail.michaelwlucas.com]; NEURAL_SPAM_LONG(0.99)[0.993,0]; DMARC_NA(0.00)[michaelwlucas.com]; NEURAL_SPAM_MEDIUM(0.77)[0.770,0]; R_SPF_NA(0.00)[]; FORGED_SENDER(0.30)[mwlucas@michaelwlucas.com,mwlucas@mail.michaelwlucas.com]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14061, ipnet:104.236.192.0/18, country:US]; FROM_NEQ_ENVFROM(0.00)[mwlucas@michaelwlucas.com,mwlucas@mail.michaelwlucas.com]; IP_SCORE(0.59)[asn: 14061(3.04), country: US(-0.08)] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2019 19:27:52 -0000 Hi, I'm experimenting with enforce_statfs for the jails book, and have hit an inconsistency. Not sure if the bug should go to src or doc. Running last week's -current. According to jail(8): When set to 1, only mount points below the jail's chroot directory are visible. In addition to that, the path to the jail's chroot directory is removed from the front of their path‐ names. Seems pretty clear that I shouldn't see anything other than # jls -h name enforce_statfs ... ioc-www1 1 So, as I read it, the jail's chroot directory should be stripped down to /. But inside the jail: root@www1:~ # mount iocage/iocage/jails/www1/root on / (zfs, local, nfsv4acls) devfs on /dev (devfs, local, multilabel) fdescfs on /dev/fd (fdescfs) I see the jail's chroot directory. This seems to contradict the man page, unless I'm misunderstanding. Is this a software bug? A ZFS thing? A doc bug? Or am I just an idiot? Also, should this path be stripped when enforce_statfs is set to 1 *or above*? Or is this strictly when set to 1? If I'm filing a bug, it might as well be complete... Thanks, ==ml -- Michael W. Lucas https://mwl.io/ author of: Absolute OpenBSD, SSH Mastery, git commit murder, Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...