Page MenuHomeFreeBSD
Differential D54214

vfs: Let prison_enforce_statfs zero the fsid
ClosedPublic
Actions

Authored by des on Dec 13 2025, 10:08 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, May 19, 10:53 PM
Unknown Object (File)
Wed, May 6, 10:25 AM
Unknown Object (File)
Wed, May 6, 10:25 AM
Unknown Object (File)
Wed, May 6, 6:38 AM
Unknown Object (File)
Tue, May 5, 2:10 PM
Unknown Object (File)
Mon, May 4, 11:55 PM
Unknown Object (File)
Apr 27 2026, 5:59 AM
Unknown Object (File)
Apr 18 2026, 9:50 AM
View All 34 Files
Subscribers
imp
olce

Details

Reviewers
kib
mjg
Commits
rGb063e9c13a91: vfs: Let prison_enforce_statfs zero the fsid
rG90e09bfe799d: vfs: Let prison_enforce_statfs zero the fsid
rGb43159901f11: vfs: Let prison_enforce_statfs zero the fsid
rGd4f25d0c7957: vfs: Let prison_enforce_statfs zero the fsid
Summary

Currently, we unconditionally zero the fsid before returning a struct
statfs to a jailed process. Move this into prison_enforce_statfs() so
it only happens if enforce_statfs is greater than 1, or enforce_statfs
is 1 but the mountpoint is outside the jail.

PR: 291301
MFC after: 1 week

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 69237
Build 66120: arc lint + arc unit

Event Timeline

des created this revision.Dec 13 2025, 10:08 PM
Herald added subscribers: olce, imp. · View Herald TranscriptDec 13 2025, 10:08 PM
des requested review of this revision.Dec 13 2025, 10:08 PM
Harbormaster completed remote builds in B69237: Diff 167990.Dec 13 2025, 10:08 PM
kib accepted this revision.Dec 14 2025, 2:13 AM
This revision is now accepted and ready to land.Dec 14 2025, 2:13 AM
des added a comment.EditedDec 14 2025, 10:40 AM

@kib can you also please take a look at the PR? the originator claims this used to work as recently as 14.2 but I see no evidence that it has ever worked, the code to zero out the fsid has been there since 1997.

kib added a comment.Dec 14 2025, 1:14 PM
In D54214#1238647, @des wrote:

@kib can you also please take a look at the PR? the originator claims this used to work as recently as 14.2 but I see no evidence that it has ever worked, the code to zero out the fsid has been there since 1997.

I concur. I looked both at kern_do_statfs() and at priv_check_cred_vfs_generation{,slow}() on 14.2.0 and then 14.0.0, and I come to the same conclusion as you.

Closed by commit rGd4f25d0c7957: vfs: Let prison_enforce_statfs zero the fsid (authored by des). · Explain WhyDec 14 2025, 1:46 PM
This revision was automatically updated to reflect the committed changes.
des added a commit: rGd4f25d0c7957: vfs: Let prison_enforce_statfs zero the fsid.
des added a commit: rGb43159901f11: vfs: Let prison_enforce_statfs zero the fsid.Dec 19 2025, 6:07 PM
des added a commit: rG90e09bfe799d: vfs: Let prison_enforce_statfs zero the fsid.
des added a commit: rGb063e9c13a91: vfs: Let prison_enforce_statfs zero the fsid.

Revision Contents
Changeset List

PathSize
sys/
kern/
3 lines
5 lines

Diff 167990

View Options

sys/kern/kern_jail.c

Loading...
View Options

sys/kern/vfs_syscalls.c

Loading...