Date: Sat, 19 Dec 2009 20:54:57 +0200 From: Kostik Belousov <kostikbel@gmail.com> To: Ed Schouten <ed@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r200732 - in head/sys: fs/devfs kern sys Message-ID: <20091219185457.GH2170@deviant.kiev.zoral.com.ua> In-Reply-To: <200912191842.nBJIgDgP040506@svn.freebsd.org> References: <200912191842.nBJIgDgP040506@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--lQSB8Tqijvu1+4Ba Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 19, 2009 at 06:42:12PM +0000, Ed Schouten wrote: > Author: ed > Date: Sat Dec 19 18:42:12 2009 > New Revision: 200732 > URL: http://svn.freebsd.org/changeset/base/200732 >=20 > Log: > Let access overriding to TTYs depend on the cdev_priv, not the vnode. > =20 > Basically this commit changes two things, which improves access to TTYs > in exceptional conditions. Basically the problem was that when you ran > jexec(8) to attach to a jail, you couldn't use /dev/tty (well, also the > node of the actual TTY, e.g. /dev/pts/X). This is very inconvenient if > you want to attach to screens quickly, use ssh(1), etc. > =20 > The fixes: > =20 > - Cache the cdev_priv of the controlling TTY in struct session. Change > devfs_access() to compare against the cdev_priv instead of the vnode. > This allows you to bypass UNIX permissions, even across different > mounts of devfs. > =20 > - Extend devfs_prison_check() to unconditionally expose the device node > of the controlling TTY, even if normal prison nesting rules normally > don't allow this. This actually allows you to interact with this > device node. > =20 > To be honest, I'm not really happy with this solution. We now have to > store three pointers to a controlling TTY (s_ttyp, s_ttyvp, s_ttydp). > In an ideal world, we should just get rid of the latter two and only use > s_ttyp, but this makes certian pieces of code very impractical (e.g. > devfs, kern_exit.c). Note that struct devfs_dirent is available as vp->v_data, and devfs_dirent' de_cdp member contains pointer to cdev_priv. I think this would allow to remove s_ttydp. --lQSB8Tqijvu1+4Ba Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkstIYAACgkQC3+MBN1Mb4hR/QCgm8Ov8UdK/Tdm1mSUI0bbDiZD M/QAoLYyMcPUw4NMkDuXze8lMe2FKMQx =gT/U -----END PGP SIGNATURE----- --lQSB8Tqijvu1+4Ba--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091219185457.GH2170>