User Details
- User Since
- Aug 3 2014, 10:29 PM (564 w, 2 d)
Mon, May 19
I appreciate the single vfs_lookup_isroot function - it took me an embarrassingly long time to discover a second copy of that code had appeared in vfs_cache.c a mere five years ago.
Sat, May 17
Fri, May 16
Sat, May 10
Apr 21 2025
Apr 19 2025
No opinion on slew vs skew, the rest looks good.
Apr 16 2025
This looks good to me, but I'm hoping someone from networking will chime in.
It looks very basic, and is good by me. But I'm inviting Mariusz to make sure he didn't have a particular reason not to include PRIV_SETTIMEOFDAY when he added PRIV_CLOCK_SETTIME.
Mar 31 2025
OK, I understand the problem with the maximum sizes. I think we need to pursue something in libjail that makes this seamless, but that can be later work.
Mar 30 2025
I'm not sure what the point of the soft/hard size limits is. I imagine I could find it in the code, but could you explain it to me? Something more than the one comment about it, but less detail than the code itself :-).
I don't disagree that the way the character set is limited is efficient and doesn't add much to the code base. It's just the entire direction that I don't like. There are many places where sloppy text interpretation can cause problems. Environment variables come to mind - they too are passed between processes in the kernel. But user-level string injection has never been considered a kernel problem, and I don't see why it should start now. That's just not the kernel's job.
Mar 24 2025
Everything looks good, except that allowed chars part. That still looks like a kernel-level solution to a user-level non-problem.
Mar 9 2025
Mar 5 2025
Feb 23 2025
Feb 17 2025
Feb 13 2025
Feb 8 2025
A few observations from actually running this:
Jan 23 2025
Jan 22 2025
Jan 6 2025
No further comments, except sorry for taking so long to mention that.
Dec 17 2024
There are currently a wide variety of strings in jail parameters, and for that matter many more elsewhere in the kernel. So far, we have gotten by with counting on administrators putting reasonable values in them.
Dec 14 2024
Accepted with the caveat I mentioned in D48074.
I'd prefer it to take the slot number, and do the "slot - 1" translation in the macro. That came to mind looking at D48075 which passes in slot - 1.
Dec 13 2024
Dec 9 2024
Longer term, I'd like to push some of vnet removal into the period between prison_cleanup() and the final jail destruction; interface removal is definitely part of that desire. But that's a mess of dependencies that hasn't found a solution yet, so I can see how we need this.
Dec 6 2024
I'm surprised the wrong behavior existed for this long without being noticed. I guess that shows how little-used kill(-1) is in usual operation.
Nov 27 2024
Nov 19 2024
Nov 18 2024
Not really part of this specific problem, but jail(8) should auto-recognize list parameters because their SYSCTL_JAIL specification has a type with ",a" appended. Ideally, it would build a list of such parameters it sees like that. For non-kernel parameters like vnet.interface and zfs.dataset, putting them in the array is probably as good as its going to get.
Nov 8 2024
Oct 30 2024
I like the idea of flagging sysctls that hold values that can be read per jail. If jail(2) says otherwise, we can change that to match.
Oct 28 2024
Oct 25 2024
Oct 24 2024
Oct 17 2024
Sorry I'm late to the game. This actually seems like something should go in. The null dereference was introduced in 500f82d6c32ed, replacing earlier code that was unintuitive but notably didn't need to dereference that pointer. Unfortunately, the fix didn't include a null check, leading to a statement that has one non-null-checked use of the pointer, followed immediately by a properly checked use (because that one predated 500f82d6c32ed).
Oct 16 2024
It would make sense for the exec.clean parameter to apply to the config execution. Bit of a chicken and egg problem there, but there's still the "-l" flag.
Oct 13 2024
Oct 5 2024
I suppose this will make more sense once there's at least one MAC policy that has an associated jail parameter. Currently, it seems to suggest (being a jailsys parameter) that there's some sort of valid "new" or "deleted" state for MAC inside the jail.
Sep 24 2024
Sep 19 2024
Aug 16 2024
Aug 12 2024
Aug 5 2024
This comes from discussion in Bug 277210.
Jun 28 2024
Jun 24 2024
Jun 21 2024
Jun 19 2024
Jun 10 2024
Is there any value in a virtual time, i.e. letting a jail have its own clock? Apart from a test framework, I can't think of any, but maybe someone else can. That was actually my first thought when I saw the title of this, rather than encapsulating ntpd.
May 16 2024
Diff updated for libsys and other recent changes.
Mar 17 2024
Feb 23 2024
Yes, this is a better way.
Feb 21 2024
I'll admit very little familiarity with the testing framework. If there's a standard to show a test as skipped that doesn't indicate a problem, that sounds best. But if it just claims that it's passed, it would seem better to just not run it. Though both is probably a good idea: still have it pass (like if the test was built at another time), but don't build it on a jail-less system.
Feb 11 2024
Feb 5 2024
Here's the latest diff to address concerns so far (except those that request proper documentation).
Feb 4 2024
Sure, looks helpful for just such a situation.
Feb 2 2024
Feb 1 2024
Jan 26 2024
Jan 25 2024
Looks good to me!
c) Or something else what I have not spotted yet :)
c) Jamie wasn't thinking and of course you don't need it for read-only.
Jan 23 2024
You'll want to add CTLFLAG_PRISON to the sysctl flags.