Date: Fri, 24 Oct 2003 15:37:45 -0500 (CDT) From: "C. Stephen Gunn" <csg@waterspout.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/58497: sysctl knob to return current process' jid Message-ID: <200310242037.h9OKbj4G068464@maelstrom.waterspout.com> Resent-Message-ID: <200310242040.h9OKeCmx047673@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 58497 >Category: kern >Synopsis: sysctl knob to return current process' jid >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Oct 24 13:40:12 PDT 2003 >Closed-Date: >Last-Modified: >Originator: C. Stephen Gunn >Release: FreeBSD 5.1-CURRENT i386 >Organization: WaterSpout Communications, Inc. >Environment: FreeBSD dual450.waterspout.com 5.1-CURRENT FreeBSD 5.1-CURRENT #1: Sun Oct 19 21:57:46 CDT 2003 root@dual450.waterspout.com:/usr/src/sys/i386/compile/DUAL450 i386 >Description: There is no easy way to tell if a process is operating in a Jail environment. This lever would be useful in /etc/rc to avoid invocations of privledged commands (sysctl, mount, fsck, etc) that are known to be prohibited in the jail. I have other work against the /etc/rc subsystem that uses this mechanism to avoid carping about operations that are not permitted. >How-To-Repeat: Start a jail and execute /etc/rc, watch all the errors and warnings, fiddle with 'ps | grep ..J..' for a while trying to figure out if you are currently in a jail. >Fix: The following patch (against current), adds a sysctl knob that returns the jid of the calling process, or 0 when the process is not jailed. http://www.waterspout.com/csg/patch/security_jail_jid.diff MD5 (security_jail_jid.diff) = b4b6e0fa944271977c94688e76e9f372 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310242037.h9OKbj4G068464>