From owner-svn-src-projects@FreeBSD.ORG Tue Aug 16 16:49:51 2011 Return-Path: Delivered-To: svn-src-projects@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53CCF1065670; Tue, 16 Aug 2011 16:49:51 +0000 (UTC) (envelope-from gibbs@FreeBSD.org) Received: from aslan.scsiguy.com (mail.scsiguy.com [70.89.174.89]) by mx1.freebsd.org (Postfix) with ESMTP id 08DD88FC17; Tue, 16 Aug 2011 16:49:50 +0000 (UTC) Received: from Justins-MacBook-Pro.local (207-225-98-3.dia.static.qwest.net [207.225.98.3]) (authenticated bits=0) by aslan.scsiguy.com (8.14.4/8.14.4) with ESMTP id p7GGP5aN009180 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Tue, 16 Aug 2011 10:25:05 -0600 (MDT) (envelope-from gibbs@FreeBSD.org) Message-ID: <4E4A9984.2040305@FreeBSD.org> Date: Tue, 16 Aug 2011 10:23:32 -0600 From: "Justin T. Gibbs" Organization: The FreeBSD Project User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:5.0) Gecko/20110624 Thunderbird/5.0 MIME-Version: 1.0 To: Pawel Jakub Dawidek References: <201108160435.p7G4ZgNO041036@svn.freebsd.org> <20110816124102.GA1674@garage.freebsd.pl> In-Reply-To: <20110816124102.GA1674@garage.freebsd.pl> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (aslan.scsiguy.com [70.89.174.89]); Tue, 16 Aug 2011 10:25:05 -0600 (MDT) Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: svn-src-projects@FreeBSD.org, src-committers@FreeBSD.org Subject: Re: svn commit: r224901 - projects/zfsd/head/sys/fs/devfs X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: gibbs@FreeBSD.org List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Aug 2011 16:49:51 -0000 On 8/16/11 6:41 AM, Pawel Jakub Dawidek wrote: > On Tue, Aug 16, 2011 at 04:35:42AM +0000, Justin T. Gibbs wrote: > > Author: gibbs > > Date: Tue Aug 16 04:35:42 2011 > > New Revision: 224901 > > URL: http://svn.freebsd.org/changeset/base/224901 > > > > Log: > > Correct the rendering of device aliases that reside in subdirectories > > of a devfs. > > > > devfs/devfs_vnops.c: > > In devfs_readlink(), convert the devfs root relative path > > of an alias's parent, that is recorded in the alias, into a > > fully qualified path that includes the root of the containing > > devfs. This avoids the ugliness of generating a relative path > > by prepending "../"'s. For a non-jailed process, the "symlink > > root" is the devfs's mount point. For a jailed process, we > > must remove any jail prefix in the mount point so that our > > response matches the user process's world view. > > Note that currently realpath for both mount point and jail root is > resolved by userland tools (mount(8) and jail(8)). It is still possible > that someone will use nmount(2) or jail(2) system calls directly and > will pass not a realpath, but something else (eg. ../../foo/bar). > Because of this simple strncmp() is no reliable. There is at least one other location in the kernel that make similar similar assumptions to those made in my changes to devfs_readlink(): prison_canseemount(). I'm sure there are others. > The given paths should be resolved for those syscalls within the kernel using > vn_fullpath_global(), then it would be more reliable. By "those syscalls", you mean nmount(2) and jail(8)? It would be nice to contain the "canonicalization logic" to as few places as possible or provide a clean API to do these conversions. > It still won't work when file system is mount, then its parent > directory is renamed and jail created on now different path I can't quite parse what you mean here. Can you provide an example? Thanks, Justin