Page MenuHomeFreeBSD
Differential D3017

Add PF_IMMUTABLE for immutable parameters in jail.conf
ClosedPublic
Actions

Authored by hrs on Jul 7 2015, 6:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 17, 12:09 AM
Unknown Object (File)
Thu, May 16, 7:32 AM
Unknown Object (File)
Sat, May 11, 6:13 AM
Unknown Object (File)
Sat, May 11, 6:13 AM
Unknown Object (File)
Sat, May 11, 6:12 AM
Unknown Object (File)
Fri, May 10, 6:33 PM
Unknown Object (File)
Fri, Apr 26, 6:06 AM
Unknown Object (File)
Fri, Apr 26, 6:06 AM
View All 76 Files
Subscribers
imp

Details

Reviewers
jamie
Commits
rS285279: Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in
Summary

Currently "name" parameter can be redefined as a normal variable
in jail.conf. However, redefinition of it causes a mismatch
between j->intparams[KP_NAME] and j->name, and screws up parameter
configurations. This has been reported in PR 196574.

This patch makes "name" as an immutable parameter. This prevents both

foo { $name = "bar"; }

in jail.conf and a command line like "jail -c name=j1 name=j2".

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage

Event Timeline

hrs updated this revision to Diff 6758.Jul 7 2015, 6:17 PM
hrs retitled this revision from to Add PF_IMMUTABLE for immutable parameters in jail.conf.
hrs updated this object.
hrs edited the test plan for this revision. (Show Details)
hrs added a reviewer: jamie.
Herald added a subscriber: imp. · View Herald TranscriptJul 7 2015, 6:17 PM
jamie edited edge metadata.Jul 7 2015, 8:38 PM

You may want to do the same with jid. You can give the jail.conf block a numeric tag, which will set the jid instead of the name, but will will still set j->name to that tag string. I would expect the same sort of problem from then setting jid=x inside the block.

hrs updated this revision to Diff 6766.Jul 8 2015, 1:00 AM
hrs edited edge metadata.

Add PF_IMMUTABLE flag to both jid and name

hrs added a comment.Jul 8 2015, 1:04 AM
In D3017#59419, @jamie wrote:

You may want to do the same with jid. You can give the jail.conf block a numeric tag, which will set the jid instead of the name, but will will still set j->name to that tag string. I would expect the same sort of problem from then setting jid=x inside the block.

That's true. Thank you for your comment. The updated patch adds immutable flag to jid, too. Can you accept this revision if it is ready to commit?

jamie accepted this revision.Jul 8 2015, 3:43 AM
jamie edited edge metadata.
This revision is now accepted and ready to land.Jul 8 2015, 3:43 AM
Closed by commit rS285279: Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in (authored by hrs). · Explain WhyJul 8 2015, 4:37 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
usr.sbin/
jail/
7 lines
1 line

Diff 6758

View Options

usr.sbin/jail/config.c

Loading...
View Options

usr.sbin/jail/jailp.h

Loading...