Date: Sat, 19 Dec 2009 18:42:12 +0000 (UTC) From: Ed Schouten <ed@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/sys/fs/devfs devfs_vnops.c src/sys/kern kern_exit.c kern_proc.c src/sys/sys proc.h Message-ID: <200912191842.nBJIguZp031561@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
ed 2009-12-19 18:42:12 UTC
FreeBSD src repository
Modified files:
sys/fs/devfs devfs_vnops.c
sys/kern kern_exit.c kern_proc.c
sys/sys proc.h
Log:
SVN rev 200732 on 2009-12-19 18:42:12Z by ed
Let access overriding to TTYs depend on the cdev_priv, not the vnode.
Basically this commit changes two things, which improves access to TTYs
in exceptional conditions. Basically the problem was that when you ran
jexec(8) to attach to a jail, you couldn't use /dev/tty (well, also the
node of the actual TTY, e.g. /dev/pts/X). This is very inconvenient if
you want to attach to screens quickly, use ssh(1), etc.
The fixes:
- Cache the cdev_priv of the controlling TTY in struct session. Change
devfs_access() to compare against the cdev_priv instead of the vnode.
This allows you to bypass UNIX permissions, even across different
mounts of devfs.
- Extend devfs_prison_check() to unconditionally expose the device node
of the controlling TTY, even if normal prison nesting rules normally
don't allow this. This actually allows you to interact with this
device node.
To be honest, I'm not really happy with this solution. We now have to
store three pointers to a controlling TTY (s_ttyp, s_ttyvp, s_ttydp).
In an ideal world, we should just get rid of the latter two and only use
s_ttyp, but this makes certian pieces of code very impractical (e.g.
devfs, kern_exit.c).
Reported by: Many people
Revision Changes Path
1.182 +18 -7 src/sys/fs/devfs/devfs_vnops.c
1.333 +1 -0 src/sys/kern/kern_exit.c
1.290 +1 -0 src/sys/kern/kern_proc.c
1.541 +1 -0 src/sys/sys/proc.h
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912191842.nBJIguZp031561>