From owner-freebsd-hackers@freebsd.org  Sun Jul  7 01:05:32 2019
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C6E115D81B3
 for <freebsd-hackers@mailman.ysv.freebsd.org>;
 Sun,  7 Jul 2019 01:05:32 +0000 (UTC)
 (envelope-from SRS0=IBcZ=VE=vega.codepro.be=kp@codepro.be)
Received: from mercury.codepro.be (mercury.codepro.be
 [IPv6:2001:4b98:dc0:41:216:3eff:fe31:eda8])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "monitoring.codepro.be",
 Issuer "Let's Encrypt Authority X3" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id EAD1789D91
 for <freebsd-hackers@freebsd.org>; Sun,  7 Jul 2019 01:05:31 +0000 (UTC)
 (envelope-from SRS0=IBcZ=VE=vega.codepro.be=kp@codepro.be)
Received: from venus.codepro.be (venus.codepro.be [5.9.86.228])
 by mercury.codepro.be (Postfix) with ESMTPS id C649290486;
 Sun,  7 Jul 2019 01:03:56 +0000 (UTC)
Received: from vega.codepro.be (unknown [172.16.1.3])
 by venus.codepro.be (Postfix) with ESMTP id 3656317609;
 Sun,  7 Jul 2019 03:05:28 +0200 (CEST)
Received: by vega.codepro.be (Postfix, from userid 1001)
 id EA83127844; Sun,  7 Jul 2019 03:05:27 +0200 (CEST)
Date: Sun, 7 Jul 2019 03:05:27 +0200
From: Kristof Provost <kp@freebsd.org>
To: Yuri <yuri@rawbw.com>
Cc: Freebsd hackers list <freebsd-hackers@freebsd.org>
Subject: Re: What is the best way for the process to determine that it runs
 in jail?
Message-ID: <20190707010526.GD10541@vega.codepro.be>
References: <bafb7230-6e18-39d6-3ba4-ec3f7fac1cb1@rawbw.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <bafb7230-6e18-39d6-3ba4-ec3f7fac1cb1@rawbw.com>
X-Checked-By-NSA: Probably
User-Agent: Mutt/1.11.4 (2019-03-13)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jul 2019 01:05:32 -0000

On 2019-07-06 17:43:26 (-0700), Yuri <yuri@rawbw.com> wrote:
> I found online that it is possible to stat the root folder and find its 
> inode number.
> 
> The inode number is 2 when the root is on UFS, and 4 if the root is on ZFS.
> 
> This looks pretty hackish to me. Is this reliable?
> 
It's possible for a jail to use the root file system, so no.

> Is there a better/best way?
> 
sysctl security.jail.jailed

Kristof