Date: Sun, 27 Jun 2004 08:59:32 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Julian Elischer <julian@elischer.org> Cc: bzeeb+freebsd@zabbadoz.net Subject: Re: jail getfsstat patches. Message-ID: <20040627065932.GH12007@darkness.comp.waw.pl> In-Reply-To: <Pine.BSF.4.21.0406251809530.1679-100000@InterJet.elischer.org> References: <Pine.BSF.4.21.0406251809530.1679-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--W9OqCIgVwV7zeaDP Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 25, 2004 at 06:15:41PM -0700, Julian Elischer wrote: +> There are patches around to make 'df' and 'mount' +> show pretty much the exact right thing from a jail. +>=20 +> In both -current and 4.x +>=20 +> I propose to commit these. +>=20 +> http://garage.freebsd.pl/ +> "jailfsstat - With this kernel module process in jail can only see file +> systems mounted inside." +>=20 +> for 4.x +>=20 +> and +>=20 +> http://sources.zabbadoz.net/freebsd/jail.html +> for 5.x +>=20 +> with possible small changes.. +>=20 +> e.g. the 4.x version would not be a module=20 +> but would have a sysclt to turn it on=20 +> (off by default) +>=20 +> and the 5.x version may require osme small work too.. +>=20 +>=20 +> Does anyone violently object to these? +>=20 +> The fact that df or mount shows so much not only confuses the hell +> out of users, it makes scripts fail in odd ways. +> (and bugs the hell out of me too). We have talked with rwatson a lot about this (in the past and currently) and this is really non-trivial work if we want to do it as it should be done. First of all we depend on fact, that mount(8) gives full path to mount(2) (without any symlinks, .., ., etc.). If mount(2) will be called with relative path, we're in trouble. To fix this we need to do realpath(3) in kernel, in mount(2) syscall. We don't have such function in kernel atm. I wrote one for cerb, but this code was quite complex and I don't know if we want to bring it in. There are many situations when we can't just depend on f_mntonname field, because path there could not be valid (e.g. when root will rename one of those path's components). Of course it is not good thing to do anyway, but in this situation it brings us in bigger trouble. The best way to do it is to walk up from the vnode where file system is mounted on to the vnode where jail's root directory starts. But I think this is not possible with our VFS. Anyway. I know that it will be a good thing to do something with it, even if we cannot use a perfect solution. IMHO we shouldn't use Bjoern's patch, it is ok, but for base system it is too complex (I found at least one bug, in line 455 in file HEAD-20040606.di= ff) and I think simple sysctl to turn it on and off is enough for us and will simplify code a lot. Bjoern, are you ok with this? If you give me a few days (maybe I'll be ready today) I'll try to prepare patch to commit so we can review it together. --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --W9OqCIgVwV7zeaDP Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA3nBUForvXbEpPzQRAqPxAJ98CHNC0PNIvNt1clFOQyhAPCs0NwCgmjDp HusMWjuvHMc/lenICg4QciI= =bKWF -----END PGP SIGNATURE----- --W9OqCIgVwV7zeaDP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040627065932.GH12007>