Use execve(2) instead of fexecve(2).
AbandonedPublic
Actions

Authored by crest_freebsd_rlwinm.de on Apr 28 2026, 5:49 PM.

Tags

None

Referenced Files

	Unknown Object (File)
	Sun, Jun 14, 4:54 PM

	Unknown Object (File)
	Thu, Jun 4, 7:48 PM

	Unknown Object (File)
	May 24 2026, 12:23 AM

	Unknown Object (File)
	May 14 2026, 5:46 PM

	Unknown Object (File)
	May 14 2026, 11:35 AM

	Unknown Object (File)
	May 13 2026, 11:47 PM

	Unknown Object (File)
	May 13 2026, 10:20 PM

	Unknown Object (File)
	May 13 2026, 12:51 PM

View All 16 Files

Subscribers

imp

Details

Reviewers: None

Summary

The dynamic jail.conf is probably a (shell) script.
In that case fexecve(2) will result in kernel running
the interpreter with the script as argument e.g. /dev/fd/$n.
This only works if /dev/fd was mounted with the non-default "nodup"
option, because the kernel doesn't honor O_RDONLY | O_EXEC
and instead opens the file (description) with just FEXEC.

See PR #294780

Event: Wiesbaden Hackathon 202604