Date: Sun, 15 May 2016 18:53:32 +0200 From: Mateusz Guzik <mjguzik@gmail.com> To: Andriy Gapon <avg@FreeBSD.org> Cc: freebsd-arch@FreeBSD.org, freebsd-fs <freebsd-fs@FreeBSD.org> Subject: Re: mount / unmount and mountcheckdirs() Message-ID: <20160515165332.GA27836@dft-labs.eu> In-Reply-To: <5c01bf62-b7b2-2e1d-bca5-859e6bf1f0e5@FreeBSD.org> References: <5c01bf62-b7b2-2e1d-bca5-859e6bf1f0e5@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 15, 2016 at 04:37:05PM +0300, Andriy Gapon wrote: > > I am curious about the purpose of mountcheckdirs() called when mounting and > unmounting a filesystem. > > The function is described as such: > /* > * Scan all active processes and prisons to see if any of them have a current > * or root directory of `olddp'. If so, replace them with the new mount point. > */ > and it seems to be used to "lift" processes and jails to a root of a new > filesystem when it is mounted and to "lower" them onto a covered vnode (if any) > when a filesystem is unmounted. > > What's the purpose of those actions? > It's strange that the machinations are done at all, but it is stranger that they > are applied only to processes and jails at exactly a covered vnode and a root > vnode. Anything below in a filesystem's tree is left alone. Is there anything > so very special about being at exactly those points? > > IMO, the machinations can have unexpected security consequences. > I don't know why this was implemented. It is also being done in NetBSD. It is not done in Solaris nor Linux. Replacement is buggy in at least 2 ways: 1. the process vs jail vnode replacement leaves a time window where these 2 don't match, which screws up with the look up 2. on fork we can have a 'struct filedesc' object copied but not assigned to the new process yet, so it ends up with the old vnode And indeed, interested parties still have access to old vnodes by means of having a file descriptor. That said, this likely needs to be simply changed to /deny/ mount operations which would alter jail roots. -- Mateusz Guzik <mjguzik gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160515165332.GA27836>