Date: Mon, 26 Aug 2024 18:47:25 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 280809] jail_attach(2) fails to document reason for EPERM Message-ID: <bug-280809-227-FRF3pG3DE7@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-280809-227@https.bugs.freebsd.org/bugzilla/> References: <bug-280809-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280809 --- Comment #4 from Karlo Miličević <karlo98.m@gmail.com> --- (In reply to Olivier Certner from comment #1) Ah! I totally missed that paragraph. I guess I should read more carefully. (In reply to crest from comment #3) Could you add "root vnode pointer" to every directory FD to limit their scope? That way, when you reference ".." you would check whether the directory FD equals that pointer and if so, not go above. Also, O_RESOLVE_BENEATH would then just mean that when you open that directory FD you would make the directory itself be the "root vnode pointer" instead of its jail/chroot root directory. Opening directories with openat copies the "root vnode pointer" unless overriden by something like O_RESOLVE_BENEATH. ((I have no experience with VFS code, so take this idea with a grain of salt!)) This reminds me slightly of how sockets have vnet pointers. Should I close this issue or does someone else do that? The reason is documented already, as stated by Olivier Cartner. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-280809-227-FRF3pG3DE7>