Page MenuHomeFreeBSD
Differential D54214

vfs: Let prison_enforce_statfs zero the fsid
ClosedPublic
Actions

Authored by des on Dec 13 2025, 10:08 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Feb 27, 1:15 PM
Unknown Object (File)
Fri, Feb 27, 1:15 PM
Unknown Object (File)
Thu, Feb 26, 1:09 PM
Unknown Object (File)
Sat, Feb 7, 5:48 AM
Unknown Object (File)
Jan 22 2026, 11:13 PM
Unknown Object (File)
Jan 16 2026, 10:22 AM
Unknown Object (File)
Jan 14 2026, 1:10 PM
Unknown Object (File)
Jan 12 2026, 10:18 AM
View All 19 Files
Subscribers
imp
olce

Details

Reviewers
kib
mjg
Commits
rGb063e9c13a91: vfs: Let prison_enforce_statfs zero the fsid
rG90e09bfe799d: vfs: Let prison_enforce_statfs zero the fsid
rGb43159901f11: vfs: Let prison_enforce_statfs zero the fsid
rGd4f25d0c7957: vfs: Let prison_enforce_statfs zero the fsid
Summary

Currently, we unconditionally zero the fsid before returning a struct
statfs to a jailed process. Move this into prison_enforce_statfs() so
it only happens if enforce_statfs is greater than 1, or enforce_statfs
is 1 but the mountpoint is outside the jail.

PR: 291301
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

des created this revision.Dec 13 2025, 10:08 PM
Herald added subscribers: olce, imp. · View Herald TranscriptDec 13 2025, 10:08 PM
des requested review of this revision.Dec 13 2025, 10:08 PM
Harbormaster completed remote builds in B69237: Diff 167990.Dec 13 2025, 10:08 PM
kib accepted this revision.Dec 14 2025, 2:13 AM
This revision is now accepted and ready to land.Dec 14 2025, 2:13 AM
des added a comment.EditedDec 14 2025, 10:40 AM

@kib can you also please take a look at the PR? the originator claims this used to work as recently as 14.2 but I see no evidence that it has ever worked, the code to zero out the fsid has been there since 1997.

kib added a comment.Dec 14 2025, 1:14 PM
In D54214#1238647, @des wrote:

@kib can you also please take a look at the PR? the originator claims this used to work as recently as 14.2 but I see no evidence that it has ever worked, the code to zero out the fsid has been there since 1997.

I concur. I looked both at kern_do_statfs() and at priv_check_cred_vfs_generation{,slow}() on 14.2.0 and then 14.0.0, and I come to the same conclusion as you.

Closed by commit rGd4f25d0c7957: vfs: Let prison_enforce_statfs zero the fsid (authored by des). · Explain WhyDec 14 2025, 1:46 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: rGd4f25d0c7957: vfs: Let prison_enforce_statfs zero the fsid.
des added a commit: rGb43159901f11: vfs: Let prison_enforce_statfs zero the fsid.Dec 19 2025, 6:07 PM
des added a commit: rG90e09bfe799d: vfs: Let prison_enforce_statfs zero the fsid.
des added a commit: rGb063e9c13a91: vfs: Let prison_enforce_statfs zero the fsid.

Revision Contents
Changeset List

PathSize
sys/
kern/
3 lines
5 lines

Diff 168004

View Options

sys/kern/kern_jail.c

Loading...
View Options

sys/kern/vfs_syscalls.c

Loading...