From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 23 23:44:52 2013 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id D1E18478; Tue, 23 Jul 2013 23:44:52 +0000 (UTC) (envelope-from Devin.Teske@fisglobal.com) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9ADCD2CEA; Tue, 23 Jul 2013 23:44:52 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.15]) by ltcfislmsgpa05.fnfis.com (8.14.5/8.14.5) with ESMTP id r6NNipK0003762 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 23 Jul 2013 18:44:51 -0500 Received: from LTCFISWMSGMB21.FNFIS.com ([10.132.99.23]) by LTCFISWMSGHT04.FNFIS.com ([10.132.206.15]) with mapi id 14.02.0309.002; Tue, 23 Jul 2013 18:44:50 -0500 From: "Teske, Devin" To: Mateusz Guzik Subject: Re: Should process run under chroot(8) still see mounts on the original system? Thread-Topic: Should process run under chroot(8) still see mounts on the original system? Thread-Index: AQHOh/rIXlLJowOYcE29FHu1Q8jZsplzPT8AgAAD2YA= Date: Tue, 23 Jul 2013 23:44:49 +0000 Message-ID: <13CA24D6AB415D428143D44749F57D7201FD74F9@ltcfiswmsgmb21> References: <51EF0EEE.8030000@rawbw.com> <20130723233102.GA19249@dft-labs.eu> In-Reply-To: <20130723233102.GA19249@dft-labs.eu> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.121] Content-Type: text/plain; charset="us-ascii" Content-ID: <2019042961626F489433D4609E0770F6@fisglobal.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.10.8794, 1.0.431, 0.0.0000 definitions=2013-07-23_06:2013-07-22,2013-07-23,1970-01-01 signatures=0 Cc: Devin Teske , Yuri , FreeBSD Hackers X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: Devin Teske List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jul 2013 23:44:53 -0000 On Jul 23, 2013, at 4:31 PM, Mateusz Guzik wrote: > On Tue, Jul 23, 2013 at 04:17:02PM -0700, Yuri wrote: >> Currently, mount directories as shown by mount(8) command and >> /compat/linux/dev/mounts from linprocfs(5) still show the original >> mount points as other non-chrooted processes see. >> So, when some program run under chroot tries to read the mount >> points and do something with them it would likely fail because those >> paths aren't what the process actually sees in its file system. >>=20 >> There are two situations: one when the process was started already >> chrooted (like with command chroot(8)), and another one is when >> process calls chroot(2) itself. Currently system seems to not >> differentiate between these two cases. >>=20 >> It looks reasonable to automatically modify mount(8) and >> linprocfs(5) results when the process has been started already >> chrooted and this process is (practically) always unaware of chroot. >> So that when chroot was in place when execve(2), kernel could set >> the boolean flag and later adjust mount directories accordingly. >>=20 >=20 > While changing the code to do what you propose would not be that > difficult, I don't see the point. In cases like this you can simply > jail(2) and there you go (or at least this should work just fine). >=20 > Of course then you may have some unnecessary separation but that I > believe can be simply worked out if it turns out to be problematic. >=20 What the OP wants is implemented for jails via the sysctl ``knob'' "securit= y.jail.enforce_statfs" It can have one of three values. 0 =3D show nothing from the base in jailed df(1) output 2 =3D show everything from the base in jailed df(1) output What you want sounds like the number in-between: 1 =3D show only mount points from the base that appear within the jail *and= * make the jailed df(1) output show a modified path that is rooted in said = jail --=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.