Date: Sun, 15 Feb 2004 17:17:04 +0100 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: freebsd-arch@FreeBSD.org Subject: Re: cvs commit: src/sys/sys jail.h src/sys/kern kern_jail.c vfs_syscalls.c Message-ID: <20040215161704.GY14639@garage.freebsd.pl> In-Reply-To: <200402141831.i1EIVCwL079081@repoman.freebsd.org> References: <200402141831.i1EIVCwL079081@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--SwLo357mIESq0V3a Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 14, 2004 at 10:31:12AM -0800, Robert Watson wrote: +> Commiter: Robert Watson <rwatson@FreeBSD.org> +> Branch: HEAD +>=20 +> Files: +> 1.36 src/sys/kern/kern_jail.c =20 +> 1.337 src/sys/kern/vfs_syscalls.c =20 +> 1.20 src/sys/sys/jail.h =20 +>=20 +> Log: +> By default, when a process in jail calls getfsstat(), only return the +> data for the file system on which the jail's root vnode is located. +> Previous behavior (show data for all mountpoints) can be restored +> by setting security.jail.getfsstatroot_only to 0. Note: this also +> has the effect of hiding other mounts inside a jail, such as /dev, +> /tmp, and /proc, but errs on the side of leaking less information. I don't like this fix... There are many problems related to the fact, that we store path where file system is mounted as a string. This fix is one of them. I've wrote kld module some time ago that shows file systems with cutted path in front (jail chroot directory was removed). This wasn't a nice, clean way, but... In your fix we still leak of where-the-real-root-is information, of course it is much better than we had before, but still not complete. Another problem (changing as PR somewhere) is that when you mount file system in chroot environment, wrong path is stored (path releated to chroot= ). This problem was really important in the past, because such file system was totally unmountable, with FSID it is, but wrong path still exists. I think the complete way is to store vnode related to the directory where file system is mounted, instead of directory as a string. We have some ideas to explore in future, for example allowing file systems mounts inside of jail if vfs.usermount is 1 and then your fix will not be enough. With such fix (vnode instead of string), we will be able to always return file system names related to chroot directory. I'm still not sure if we're able to implement this with our current vn_fullpath() implementation, but we can try, or more - we can try to add a flag to this function DONT_USE_CACHE_JUST_ASK_FILE_SYSTEM_DIRECTLY (as was discussed on #thatchannel). Sooner or later we must do this (before AUDIT will be merged?). I can prepare a patch to change this string to a vnode and we'll see. What you say? [ Let's continue on arch@ ] --=20 Pawel Jakub Dawidek http://www.FreeBSD.org pjd@FreeBSD.org http://garage.freebsd.pl FreeBSD committer Am I Evil? Yes, I Am! --SwLo357mIESq0V3a Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQFAL5uAForvXbEpPzQRAv5vAKDz+N7OtuoGA9M6Gvk3sZFDygj4LQCgpVKI JKiKECKlUMxfLT/hrb9h+gw= =4W4X -----END PGP SIGNATURE----- --SwLo357mIESq0V3a--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040215161704.GY14639>