From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 23 23:31:11 2013 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id A8FCEF82 for ; Tue, 23 Jul 2013 23:31:11 +0000 (UTC) (envelope-from mjguzik@gmail.com) Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 434BD2C64 for ; Tue, 23 Jul 2013 23:31:11 +0000 (UTC) Received: by mail-wi0-f177.google.com with SMTP id ey16so3636137wid.16 for ; Tue, 23 Jul 2013 16:31:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=TqWLO8zuS0ouARqShQrHGyQXgONcI2IZd1FBNfhFKZ0=; b=Do5LFfChafy7xbo+5WQUDDR3fhySTRDrsGl945dl9yCDwSxcJPaZrBafNbIvXSIVr6 KU7QxORvEdycj4O/J+JIekWqsaBnXBOurFnQeLIvVQ9YVA2IykBXbfsh4po0+I+E65MY ebf52CgNYm1XTdkLhARmEffRWOKvTg8/B87+fLyt9n4lBaXEM9qDdmkYtefzbT0bfNbB 76Q34WaN4RUAHCgPZ1Ev5yHK+bHJkh7UQc6E1Fl2jpoutYuMmnmWL7Q1A8GELHfCfVFJ nRFnMf9GOocbF34hf4l5OlI+/FptQe3+vQfrACoA7x3gqacqTmf/YaUsNXk+JjoPrt5H 5aLg== X-Received: by 10.194.104.199 with SMTP id gg7mr25174696wjb.56.1374622269527; Tue, 23 Jul 2013 16:31:09 -0700 (PDT) Received: from dft-labs.eu (n1x0n-1-pt.tunnel.tserv5.lon1.ipv6.he.net. [2001:470:1f08:1f7::2]) by mx.google.com with ESMTPSA id fd3sm1602927wic.10.2013.07.23.16.31.07 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 23 Jul 2013 16:31:08 -0700 (PDT) Date: Wed, 24 Jul 2013 01:31:02 +0200 From: Mateusz Guzik To: Yuri Subject: Re: Should process run under chroot(8) still see mounts on the original system? Message-ID: <20130723233102.GA19249@dft-labs.eu> References: <51EF0EEE.8030000@rawbw.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <51EF0EEE.8030000@rawbw.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: FreeBSD Hackers X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jul 2013 23:31:11 -0000 On Tue, Jul 23, 2013 at 04:17:02PM -0700, Yuri wrote: > Currently, mount directories as shown by mount(8) command and > /compat/linux/dev/mounts from linprocfs(5) still show the original > mount points as other non-chrooted processes see. > So, when some program run under chroot tries to read the mount > points and do something with them it would likely fail because those > paths aren't what the process actually sees in its file system. > > There are two situations: one when the process was started already > chrooted (like with command chroot(8)), and another one is when > process calls chroot(2) itself. Currently system seems to not > differentiate between these two cases. > > It looks reasonable to automatically modify mount(8) and > linprocfs(5) results when the process has been started already > chrooted and this process is (practically) always unaware of chroot. > So that when chroot was in place when execve(2), kernel could set > the boolean flag and later adjust mount directories accordingly. > While changing the code to do what you propose would not be that difficult, I don't see the point. In cases like this you can simply jail(2) and there you go (or at least this should work just fine). Of course then you may have some unnecessary separation but that I believe can be simply worked out if it turns out to be problematic. -- Mateusz Guzik