Page MenuHomeFreeBSD

Add jail awareness to linprocfs and linsysfs

Authored by on Jun 17 2015, 1:28 AM.
Referenced Files
Unknown Object (File)
Sun, Nov 26, 8:27 AM
Unknown Object (File)
Thu, Nov 23, 4:34 PM
Unknown Object (File)
Mon, Nov 13, 11:09 AM
Unknown Object (File)
Oct 25 2023, 5:40 AM
Unknown Object (File)
Oct 2 2023, 11:49 AM
Unknown Object (File)
Oct 2 2023, 3:34 AM
Unknown Object (File)
Sep 27 2023, 10:14 AM
Unknown Object (File)
Sep 5 2023, 3:51 AM



This adds mount.linsysfs, mount.linprocfs, allow.mount.linsysfs, and
allow.mount.linprocfs to jail framework. By setting these values
in jail.conf (or as a sysctl), it is possible to have these filesystems
mountable within a jail.

This allows to nest a Linux jail inside of a native FreeBSD jail.
It is useful to do in order to run (and hack on) a jail management framework
that supports Linux jail while jailed itself.

The motivation is to make development and testing of Docker support in
FreeBSD easier and safer, but it is good for other things as well.

Test Plan

Run jails as usual. This should work.
Run jails with enforce_statfs=1, allow.mount.linsysfs, allow.mount.linprocfs.
This will allow to launch child jails that can mount linsysfs and linprocfs.
Run jails with Linux userland with mount.linsysfs and mount.linprocfs.
This should Just Work and Do The Right Thing.

Diff Detail

rS FreeBSD src repository - subversion
Lint Passed
No Test Coverage

Event Timeline retitled this revision from to Add jail awareness to linprocfs and linsysfs. updated this object. edited the test plan for this revision. (Show Details)
araujo added a reviewer: vangyzen.
araujo edited edge metadata.

I added @jamie and @vangyzen as they were the last two guys that made changes on jail and linprocfs.

I'd prefer it do a little less: first, the old shell-based parameters for /etc/rc.d/jail are for backward compatibility, and anyone who's going to be using new parameters should also be using the "new" config file. Also, the mount.linprocfs/linsysfs parameters don't need to exist. They exist mostly to cover things that were already in the old rc.d system, and can as easily be covered by the more general "mount" parameter.

That reduces this patch to just adding the allow.mount.linprocfs/linsysfs parameters to the kernel. There's a small bug in how that was done - their order in kern_jail.c's pr_allow_names and pr_allow_nonames should match the bit ordering of their flags in jail.h. edited edge metadata.

Address feedback from jamie:

o Remove mount.* changes, which are not even needed to do what
I want to do, but I added for completion's sake.

o Fix kern_jail.c param ordering to match jail.h

All the rest, looks good to me.


Please, here use TAB as made in the other definitions, shall try to keep the same style.


Here, I think you shall BUMP the date again, when this patch get closes to be committed.


I do believe here you won't mention about procfs but you might want to mention about the linsysfs. Anyhow, I think would be good change this part of the content and avoid do the copy and past from the linprocfs section.

Address comments by araujo:

  • keep style in sys/sys/jail.h: I didn't notice that these were tabs
  • fix paste-os in the manpage (I'll bump the date one more time when

this is ready to commit)
I don't understand what can be improved about the content itself.
Can you explain please?

araujo edited edge metadata.

I have double checked it, and I think the content has not that much to be changed. The content is OK.
Thanks to address my comments.

It looks OK to me, I will try to put more people involved to make the review.


This revision is now accepted and ready to land.Jul 7 2015, 1:25 AM

Add ian@ and rodrigc@ to help review this patch.
I'm ok with this patch! LGTM!

jamie edited edge metadata.