Date: Thu, 14 Jan 2021 20:52:54 -0800 From: James Gritton <jamie@freebsd.org> To: freebsd-jail@freebsd.org, freebsd-arch@freebsd.org Subject: Stopping dead jails from rising again Message-ID: <12f6f121a4ac3a50be556a98d8c6595d@freebsd.org>
next in thread | raw e-mail | index | archive | help
I've got some changes to the jail system, to undo a mistake I made years ago: allowing a dead jail to be brought back to life via jail_set(...JAIL_DYING). The main point of this is to re-create jails with hard-coded JIDs (which themselves were a mistake) without waiting for the old jails to let go of all their resources. Currently, adding such a jail brings the old one back (uf there is an old one), meaning that you're not sure if the "new" jail will start with default values, or with whatever its previous incarnation had. Among other things, there have been rumblings of associated security problems with that (though any specifics have been cleaned up). Since I still need to handle the hard-coded JIDs, the new strategy is to silently renumber the old dying jail, so the new jail can have the ID it expect while still being brand-new. This is imperfect, but I think it's a good deal better than the current alternative. If anyone cares to look into this this for some constructive criticism (or I suppose for any criticism): https://reviews.freebsd.org/D27876 https://reviews.freebsd.org/D28150 - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12f6f121a4ac3a50be556a98d8c6595d>