User Details
- User Since
- Aug 3 2014, 10:29 PM (583 w, 6 d)
Mon, Sep 15
Sat, Sep 13
Commit 66d8ffe30 has simpler kevent handling for jaildesc, without any recursion. Jail kevents have also have recussion removed. Its lack of guarantees and incomplete problem-solving meant that applications would need a way to handle when notifications weren't 100% collected. As long as that's the case, might as well get rid of the complexity.
Commit 66d8ffe30 has simpler kevent handling for jaildesc, without any recursion. Jail kevents have also have recussion removed. Its lack of guarantees and incomplete problem-solving meant that applications would need a way to handle when notifications weren't 100% collected. As long as that's the case, might as well get rid of the complexity.
Fri, Sep 12
Sep 12 2025
Sep 10 2025
Very well. I suppose it doesn't hurt.
Sep 9 2025
Plan B is in D52462.
Plan A is in D52461.
Yes, EPERM on open directories may be unexpected, but I don't see that is enough cause to change the long-standing tradition of referring to other manual pages when a function may return the set of errors produced by another function.
Sep 5 2025
Sep 4 2025
Sep 3 2025
Sep 1 2025
I've added a "Jail Descriptors" section to jail(2), and added the jail_attach_fd and jail_remove_jd system calls, and the new jail_get/jail_set flags.
Aug 29 2025
Aug 26 2025
Aug 21 2025
The unrelated prison_add_allow talk deserves its own revision, so I made D52105 for that.
Aug 20 2025
prison_add_vfs then goes on to call prison_add_allow, which has its own asprintf call. So unless you fix that as well, you've bought very little. And prison_add_allow really ought to be fixed. It's just a matter of not relying on asprintf with its M_NOWAIT allocation. The context it's called in (and presumably would ever be called in) can handle waiting for allocation.
Aug 17 2025
I've added D51940, which adds kqueue support to jails by JID, so it's separate from the descriptor work, except it contains fixes for the problems I've identified with the current kqueue code in this revision. In particular, it uses the NOTE_TRACK convention that processes use, and adds a flag that notes if attached processes were missed.
Aug 14 2025
Yep, tried it out and it looks good now.
As I learn more about kqueue, I see I am trying to make it do things it's not suited for. In particular, the data field can't contain the kind of information I'm putting it in (process ID, jail ID). The non-queuing nature of kqueue (!) means that one event can be obliterated by the next event, leading to unreliable notification. There's not a lot of advantage of being notified that at least one child jail has been created, and here's the JID of the most recent one.
Aug 12 2025
Aug 7 2025
True, there's no real need for the PR_ALLOW_PRISON0 change, but since you went to the effort to make that macro anyway, it's a good place to showcase it.
It looks fine from the jail side of things.
Jul 31 2025
I like this. Given that a non-root user isn't allowed to mess with a jail, it makes that it wouldn't be allowed to mess with processes in that jail, even if they happen to have the same uid. That sounds like preferable default behavior, even if it's a switch from current practice. The closer we get to namespaces like uid being conceptually a (jail, id) tuple, the better off we are.
Jul 30 2025
The big addition is kevent support. A jail descriptor can pass four notes:
Jul 26 2025
Jul 25 2025
There's a general trend in the "prison can do this thing" functions that they all take a ucred. One the one hand it seems reasonable that they would all take a struct prison instead, but is there a particular reason to break the trend for this case?
Jul 17 2025
I had considered that the -l (exec clean) flag should be considered, but decided it really only makes sense for keeping the jail environment clean.
Jul 7 2025
Yes, anything that makes these things more obviously deprecated is better.
Jun 30 2025
May 19 2025
I appreciate the single vfs_lookup_isroot function - it took me an embarrassingly long time to discover a second copy of that code had appeared in vfs_cache.c a mere five years ago.
May 17 2025
May 16 2025
May 10 2025
Apr 21 2025
Apr 19 2025
No opinion on slew vs skew, the rest looks good.
Apr 16 2025
This looks good to me, but I'm hoping someone from networking will chime in.
It looks very basic, and is good by me. But I'm inviting Mariusz to make sure he didn't have a particular reason not to include PRIV_SETTIMEOFDAY when he added PRIV_CLOCK_SETTIME.
Mar 31 2025
OK, I understand the problem with the maximum sizes. I think we need to pursue something in libjail that makes this seamless, but that can be later work.
Mar 30 2025
I'm not sure what the point of the soft/hard size limits is. I imagine I could find it in the code, but could you explain it to me? Something more than the one comment about it, but less detail than the code itself :-).
I don't disagree that the way the character set is limited is efficient and doesn't add much to the code base. It's just the entire direction that I don't like. There are many places where sloppy text interpretation can cause problems. Environment variables come to mind - they too are passed between processes in the kernel. But user-level string injection has never been considered a kernel problem, and I don't see why it should start now. That's just not the kernel's job.
Mar 24 2025
Everything looks good, except that allowed chars part. That still looks like a kernel-level solution to a user-level non-problem.
Mar 9 2025
Mar 5 2025
Feb 23 2025
Feb 17 2025
Feb 13 2025
Feb 8 2025
A few observations from actually running this:
Jan 23 2025
Jan 22 2025
Jan 6 2025
No further comments, except sorry for taking so long to mention that.
Dec 17 2024
There are currently a wide variety of strings in jail parameters, and for that matter many more elsewhere in the kernel. So far, we have gotten by with counting on administrators putting reasonable values in them.
Dec 14 2024
Accepted with the caveat I mentioned in D48074.
I'd prefer it to take the slot number, and do the "slot - 1" translation in the macro. That came to mind looking at D48075 which passes in slot - 1.
Dec 13 2024
Dec 9 2024
Longer term, I'd like to push some of vnet removal into the period between prison_cleanup() and the final jail destruction; interface removal is definitely part of that desire. But that's a mess of dependencies that hasn't found a solution yet, so I can see how we need this.