From owner-freebsd-fs@FreeBSD.ORG  Thu Feb 14 14:41:10 2013
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: fs@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id D2E0414A;
 Thu, 14 Feb 2013 14:41:10 +0000 (UTC)
 (envelope-from jamie@FreeBSD.org)
Received: from m2.gritton.org (gritton.org [199.192.164.235])
 by mx1.freebsd.org (Postfix) with ESMTP id B8F348BC;
 Thu, 14 Feb 2013 14:41:07 +0000 (UTC)
Received: from glorfindel.gritton.org (c-174-52-130-157.hsd1.ut.comcast.net
 [174.52.130.157]) (authenticated bits=0)
 by m2.gritton.org (8.14.5/8.14.5) with ESMTP id r1EEf0EO094215;
 Thu, 14 Feb 2013 07:41:00 -0700 (MST)
 (envelope-from jamie@FreeBSD.org)
Message-ID: <511CF77A.2080005@FreeBSD.org>
Date: Thu, 14 Feb 2013 07:40:58 -0700
From: Jamie Gritton <jamie@FreeBSD.org>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
 rv:1.9.2.24) Gecko/20120129 Thunderbird/3.1.16
MIME-Version: 1.0
To: Baptiste Daroussin <bapt@FreeBSD.org>
Subject: Re: Marking some FS as jailable
References: <20130212194047.GE12760@ithaqua.etoilebsd.net>
 <511B1F55.3080500@FreeBSD.org> <20130214132715.GG44004@ithaqua.etoilebsd.net>
In-Reply-To: <20130214132715.GG44004@ithaqua.etoilebsd.net>
Content-Type: multipart/mixed; boundary="------------040604050308040604010805"
Cc: jail@FreeBSD.org, fs@FreeBSD.org
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2013 14:41:10 -0000

This is a multi-part message in MIME format.
--------------040604050308040604010805
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

On 02/14/13 06:27, Baptiste Daroussin wrote:
> On Tue, Feb 12, 2013 at 10:06:29PM -0700, Jamie Gritton wrote:
>> On 02/12/13 12:40, Baptiste Daroussin wrote:
>>>
>>> I would like to mark some filesystem as jailable, here is the one I need:
>>> linprocfs, tmpfs and fdescfs, I was planning to do it with adding a
>>> allow.mount.${fs} for each one.
>>>
>>> Anyone has an objection?
>>
>> Would it make sense for linprocfs to use the existing allow.mount.procfs
>> flag?
>
> Here is a patch that uses allow.mount.procfs for linsysfs and linprocfs.
>
> It also addd a new allow.mount.tmpfs to allow tmpfs.
>
> It seems to work here, can anyone confirm this is the right way to do it?
>
> I'll commit in 2 parts: first lin*fs, second tmpfs related things
>
> http://people.freebsd.org/~bapt/jail-fs.diff

There are some problems. The usage on the mount side of things looks
correct, but it needs more on the jail side. I'm including a patch just
of that part, with a correction in jail.h and further changes in kern_jail.c

- Jamie

--------------040604050308040604010805
Content-Type: text/plain;
 name="jail-fs.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="jail-fs.diff"

Index: sys/jail.h
===================================================================
--- sys/jail.h	(revision 246791)
+++ sys/jail.h	(working copy)
@@ -227,7 +227,8 @@
 #define	PR_ALLOW_MOUNT_NULLFS		0x0100
 #define	PR_ALLOW_MOUNT_ZFS		0x0200
 #define	PR_ALLOW_MOUNT_PROCFS		0x0400
-#define	PR_ALLOW_ALL			0x07ff
+#define	PR_ALLOW_MOUNT_TMPFS		0x0800
+#define	PR_ALLOW_ALL			0x0fff
 
 /*
  * OSD methods
Index: kern/kern_jail.c
===================================================================
--- kern/kern_jail.c	(revision 246791)
+++ kern/kern_jail.c	(working copy)
@@ -206,6 +206,7 @@
 	"allow.mount.nullfs",
 	"allow.mount.zfs",
 	"allow.mount.procfs",
+	"allow.mount.tmpfs",
 };
 const size_t pr_allow_names_size = sizeof(pr_allow_names);
 
@@ -221,6 +222,7 @@
 	"allow.mount.nonullfs",
 	"allow.mount.nozfs",
 	"allow.mount.noprocfs",
+	"allow.mount.notmpfs",
 };
 const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames);
 
@@ -4208,6 +4210,10 @@
     CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
     NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I",
     "Processes in jail can mount the procfs file system");
+SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed,
+    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+    NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I",
+    "Processes in jail can mount the tmpfs file system");
 SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed,
     CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
     NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I",
@@ -4360,6 +4366,8 @@
     "B", "Jail may mount the nullfs file system");
 SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW,
     "B", "Jail may mount the procfs file system");
+SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW,
+    "B", "Jail may mount the tmpfs file system");
 SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW,
     "B", "Jail may mount the zfs file system");
 

--------------040604050308040604010805--