Page MenuHomeFreeBSD

jamie (James Gritton)
User

Projects

User Details

User Since
Aug 3 2014, 10:29 PM (304 w, 6 d)

Recent Activity

Fri, May 29

jamie added a comment to D25041: Add jail_attach2 syscall.

I'll try the jail_set approach.

Fri, May 29, 5:03 PM
jamie added a comment to D25041: Add jail_attach2 syscall.

Considering jail_set(2) can also attach with the JAIL_ATTACH flag, it would be handy to put these new flags in the same space, with a JAIL_ATTACH_MASK including them. Then the attaching done by jail_set can also do the right thing if it chooses.

Fri, May 29, 1:05 AM

Thu, May 14

jamie accepted D24829: jail: Add exec.prepare and exec.release command hooks.
Thu, May 14, 8:10 PM

Wed, May 13

jamie added a comment to D24829: jail: Add exec.prepare and exec.release command hooks.

Might it also be useful to include something similar on the stop side, run after taking down the IP addresses? I can't think of a use offhand, unless one wants to leave absolutely no trace of jails, and remove everything that was added in exec.prepare.

Wed, May 13, 8:46 PM
jamie added a comment to D24829: jail: Add exec.prepare and exec.release command hooks.

It would make sense for this to be two separate commits - one for the reordering of IP_*.

Wed, May 13, 8:43 PM

May 7 2020

jamie added a comment to D24745: jail(8): ignore SIGINT.

There's a "right thing" to do on SIGINT, though it's not immediately obvious what that is. In the jail creation process, it would make sense to clean up a partially created jail, probably in conjunction with letting the jailed processes handle their own SIGINT. But that's not quite the same as just ignoring it, because there are other cases:

May 7 2020, 4:24 PM

May 1 2020

jamie added a comment to D9649: ifconfig(8) and route(8) should be able to manage vnet configurations from prison0.

If jail_attach(2) doesn't leave a process sufficiently jailed to the point that it can be used for jailbreak, that's a bug in jail_attach that should be fixed.

May 1 2020, 2:39 PM · network

Apr 24 2020

jamie accepted D24413: sockstat: Attach to jail if in new vnet.

Looks good!

Apr 24 2020, 3:50 PM

Apr 23 2020

jamie added a comment to D24413: sockstat: Attach to jail if in new vnet.

It may be a better user interface if "-j" automatically did the right thing - limit output to the specified jail for traditional jails, and attach to vnet jails. So after the jail_getid(), a jail_get() or jail_getv() to fetch the jail's vnet parameter. Then the jail_attach() can happen if the vnet is JAIL_SYS_NEW.

Apr 23 2020, 8:12 PM

Apr 14 2020

jamie accepted D24288: Allow hostuuid to be preloaded for early-boot use.
Apr 14 2020, 3:56 PM

Apr 6 2020

jamie added inline comments to D24288: Allow hostuuid to be preloaded for early-boot use.
Apr 6 2020, 10:08 PM

Sep 5 2019

jamie accepted D21328: [jail] removal by jid doesn't trigger pre/post stop scripts.

Aside from a few trailing whitespaces, this all looks good to me.

Sep 5 2019, 10:10 PM

Jun 18 2019

jamie committed rS349180: Unmount filesystems on jail removal with "-f", to get around a situation.
Unmount filesystems on jail removal with "-f", to get around a situation
Jun 18 2019, 11:49 PM

May 23 2019

jamie accepted D20388: jail_getid(3): validate jid string input.

Tested with ps and jexec, passing jail name and jid, and with numerically and non-numerically named jails. All's good :-).

May 23 2019, 10:46 PM

Nov 27 2018

jamie committed rS341084: In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl.
In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl
Nov 27 2018, 5:53 PM
jamie closed D18319: Make security.bsd.unprivileged_proc_debug per-jail.
Nov 27 2018, 5:53 PM
jamie updated the diff for D18319: Make security.bsd.unprivileged_proc_debug per-jail.

New jails are now created with the unprivileged_proc_debug bit inherited from the parent unless otherwise specified.

Nov 27 2018, 5:22 PM
jamie commandeered D18319: Make security.bsd.unprivileged_proc_debug per-jail.

Huh - so I can. I didn't know of (or even suspect) such a possibility.

Nov 27 2018, 5:19 PM
jamie added a comment to D18319: Make security.bsd.unprivileged_proc_debug per-jail.

Sorry for a post-acceptance note, but on trying it out I noticed that jails are created by default with allow.nounprivileged_proc_debug. That's an easy fix - the bit needs to be added to PW_DEFAULT_ALLOW in kern_jail.h. I'm apparently unable to change the diff in this revision, so instead of creating a new revision I'll just mention that's what I'll be committing.

Nov 27 2018, 3:50 AM

Nov 24 2018

jamie accepted D18319: Make security.bsd.unprivileged_proc_debug per-jail.
Nov 24 2018, 11:52 PM
jamie added a comment to D18319: Make security.bsd.unprivileged_proc_debug per-jail.

Because of this, having the check in sys/kern/kern_priv.c is the right place. There's no real need to duplicate the logic to prison_priv_check. I can still add it, if you want, but I believe it would be a waste of cycles.

Nov 24 2018, 9:39 PM
jamie added a comment to D18319: Make security.bsd.unprivileged_proc_debug per-jail.

priv_check_cred() in kern_priv.c isn't the right place to make the check, but prison_priv_check() in kern_jail.c. PRIV_DEBUG_UNPRIV is already in that function's list, in the part that lets jails do things, and it needs to be moved to the bottom part of the function where you'll see a number of other cases where a certain privilege checks a certain pr_allow bit.

Nov 24 2018, 4:56 AM
jamie added a comment to D18319: Make security.bsd.unprivileged_proc_debug per-jail.

Then the jail must simply obey the existing state of unprivileged process debugging. We could go that route, but I wanted to make it flexible. I think setting CTLFLAG_SECURE is a good compromise between flexibility and security.

Nov 24 2018, 12:29 AM
jamie added a comment to D18319: Make security.bsd.unprivileged_proc_debug per-jail.

OK, if the jail needs to have that bit set before anything is run, then yes it needs to be a parameter.

Nov 24 2018, 12:19 AM

Nov 23 2018

jamie added a comment to D18319: Make security.bsd.unprivileged_proc_debug per-jail.

Since this bit is under the full control of the prison itself, does it belong in pr_allow? On the plus side, that lets the system create a jail with this turned on, but that can be just as easily done in the jail's sysctl.conf. It's something of a departure from the idea of this being something the jail is or isn't allowed to do. If you forgo the ability to set it as a jail parameter, then the bit can go into pr_flags and you won't have to bother noting which PR_ALLOW bits are allowed to be set .

Nov 23 2018, 11:53 PM

Nov 10 2018

jamie accepted D17929: libjail: fix handling of allow.mount.fusefs in jailparam_init.
Nov 10 2018, 2:47 AM
jamie added inline comments to D17929: libjail: fix handling of allow.mount.fusefs in jailparam_init.
Nov 10 2018, 2:18 AM
jamie added a comment to D17929: libjail: fix handling of allow.mount.fusefs in jailparam_init.

It's allow.mount.nofusefs. It should (currently) work once the kld is loaded, but the new strcmp will need to be added to make it work before it's loaded.

Nov 10 2018, 2:17 AM
jamie added a comment to D17929: libjail: fix handling of allow.mount.fusefs in jailparam_init.

It works with allow.mount.fusefs, but not with allow.mount.nofusefs (which will still try to kldload "fusefs"). Comparing the fs name to both "fusefs" and "nofusefs" should be all that's needed.

Nov 10 2018, 12:34 AM

Oct 20 2018

jamie committed rS339446: MFC r339409, r339420:.
MFC r339409, r339420:
Oct 20 2018, 4:21 PM

Oct 18 2018

jamie committed rS339420: Fix typos from r339409..
Fix typos from r339409.
Oct 18 2018, 3:03 PM

Oct 17 2018

jamie committed rS339411: MFC r339211:.
MFC r339211:
Oct 17 2018, 4:18 PM
jamie committed rS339410: MFC r339211:.
MFC r339211:
Oct 17 2018, 4:18 PM
jamie committed rS339409: Add a new jail permission, allow.read_msgbuf. When true, jailed processes.
Add a new jail permission, allow.read_msgbuf. When true, jailed processes
Oct 17 2018, 4:12 PM

Oct 6 2018

jamie committed rS339211: Fix the test prohibiting jails from sharing IP addresses..
Fix the test prohibiting jails from sharing IP addresses.
Oct 6 2018, 2:10 AM

Aug 20 2018

jamie committed rS338091: MFC r337867:.
MFC r337867:
Aug 20 2018, 5:33 AM
jamie committed rS338090: MFC r337867:.
MFC r337867:
Aug 20 2018, 5:33 AM

Aug 16 2018

jamie committed rS337925: Revert r337922, except for some documention-only bits. This needs to wait.
Revert r337922, except for some documention-only bits. This needs to wait
Aug 16 2018, 7:09 PM
jamie committed rS337922: Put jail(2) under COMPAT_FREEBSD11. It has been the "old" way of creating.
Put jail(2) under COMPAT_FREEBSD11. It has been the "old" way of creating
Aug 16 2018, 6:40 PM
jamie committed rS337919: security.jail.enforce_statfs is handled by jail_set(2), so handling it in.
security.jail.enforce_statfs is handled by jail_set(2), so handling it in
Aug 16 2018, 6:31 PM
jamie closed D14791: Remove deprecated jail global permission sysctls, and make jail(2) COMPAT_FREEBSD11.
Aug 16 2018, 6:31 PM · committers

Aug 15 2018

jamie committed rS337880: Load filesystem modules associated with allow.mount permissions..
Load filesystem modules associated with allow.mount permissions.
Aug 15 2018, 10:33 PM
jamie committed rS337879: Load filesystem modules associated with allow.mount permissions..
Load filesystem modules associated with allow.mount permissions.
Aug 15 2018, 10:32 PM
jamie committed rS337876: MFC r331332:.
MFC r331332:
Aug 15 2018, 9:38 PM
jamie committed rS337875: MFC r331332:.
MFC r331332:
Aug 15 2018, 9:38 PM
jamie committed rS337867: Don't let clobber jailparam values when checking for modification of.
Don't let clobber jailparam values when checking for modification of
Aug 15 2018, 8:23 PM

Aug 14 2018

jamie updated the diff for D14791: Remove deprecated jail global permission sysctls, and make jail(2) COMPAT_FREEBSD11.

I'm keeping the sysctls around, though without COMPAT_FREEBSD11 (or with BURN_BRIDGES), they're read-only. This preserves the expected behavior for programs that want to find out what they're allowed to do before attempting it (e.g. rc.d/hostname and rc.d/zfs). But they will no longer be used to set global permissions for jails.

Aug 14 2018, 3:16 PM · committers
jamie accepted D15330: jail exec.started hook.

OK, looks good with one last-minute nit: spaces in the jailp.h line where a tab should be

Aug 14 2018, 2:58 PM

Aug 12 2018

jamie added a comment to D15330: jail exec.started hook.

Yes, this is a need that has gone unanswered for a while now.

Aug 12 2018, 2:27 PM

Jul 30 2018

jamie accepted D16057: Support bhyve within a jail.
Jul 30 2018, 5:35 PM · bhyve
jamie added inline comments to D16057: Support bhyve within a jail.
Jul 30 2018, 4:46 PM · bhyve
jamie added a comment to D16057: Support bhyve within a jail.

One more thing to do: jail(8) should mention the flag. There's a section about module-specific flags where I think it would fit better than the main allow.* section.

Jul 30 2018, 2:20 AM · bhyve
jamie added inline comments to D16057: Support bhyve within a jail.
Jul 30 2018, 2:20 AM · bhyve

Jul 20 2018

jamie accepted D16371: Allow mounting FUSE filesystems in jails.

It's good to see that jail-enabling a filesystem is indeed easier now than it used to be!

Jul 20 2018, 9:32 PM

Jul 19 2018

jamie accepted D16342: Add allow.mlock to jail parameters.
Jul 19 2018, 2:58 PM

Jul 6 2018

jamie committed rS336040: MFC r335921:.
MFC r335921:
Jul 6 2018, 7:10 PM
jamie committed rS336039: MFC r335921:.
MFC r335921:
Jul 6 2018, 7:10 PM
jamie committed rS336038: Change prison_add_vfs() to the more generic prison_add_allow(), which.
Change prison_add_vfs() to the more generic prison_add_allow(), which
Jul 6 2018, 6:50 PM
jamie closed D16146: Add prison_add_allow(), for creating dynamic allow.* jail parameters.
Jul 6 2018, 6:50 PM
jamie committed rS336035: Missed a bit of doc change from r335921..
Missed a bit of doc change from r335921.
Jul 6 2018, 4:23 PM

Jul 5 2018

jamie added a comment to D16057: Support bhyve within a jail.

I've added D16146, which makes a new allow.* bit easy:

Jul 5 2018, 6:35 PM · bhyve
jamie created D16146: Add prison_add_allow(), for creating dynamic allow.* jail parameters.
Jul 5 2018, 6:33 PM
jamie added a comment to D16057: Support bhyve within a jail.

In addition to the question of where to check the permissions, there's also the issue that the allow.vmm parameter shouldn't exist in a non-VMM system. This means the SYSCTL_JAIL_PARAM should be defined in vmm_dev.c or some other vmm-related file; that way, if VMM is loaded as a module, the parameter would be attached to that module.

Jul 5 2018, 3:02 PM · bhyve

Jul 4 2018

jamie added inline comments to D16057: Support bhyve within a jail.
Jul 4 2018, 7:17 PM · bhyve

Jul 3 2018

jamie committed rS335921: Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),.
Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
Jul 3 2018, 11:47 PM
jamie closed D16047: Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8), sockstat(1), ugidfw(8).
Jul 3 2018, 11:47 PM

Jun 28 2018

jamie added inline comments to D16047: Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8), sockstat(1), ugidfw(8).
Jun 28 2018, 9:26 PM
jamie created D16047: Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8), sockstat(1), ugidfw(8).
Jun 28 2018, 4:41 PM

Jun 18 2018

jamie added inline comments to D15865: Provide process space virtualisation functionality for jails..
Jun 18 2018, 6:51 PM

May 24 2018

jamie added inline comments to D15556: Initial vps (virtual process space) framework for jails..
May 24 2018, 7:18 PM
jamie added a comment to D15556: Initial vps (virtual process space) framework for jails..

What does this buy us? What I can come up with is:

May 24 2018, 7:14 PM

May 4 2018

jamie committed rS333263: Make it easier for filesystems to count themselves as jail-enabled,.
Make it easier for filesystems to count themselves as jail-enabled,
May 4 2018, 8:54 PM
jamie closed D14681: Dynamically add jail-enabled filesystems.
May 4 2018, 8:54 PM

Mar 22 2018

jamie updated the diff for D14791: Remove deprecated jail global permission sysctls, and make jail(2) COMPAT_FREEBSD11.

Once again, this time actually updating the diff...

Mar 22 2018, 3:39 PM · committers
jamie updated the diff for D14791: Remove deprecated jail global permission sysctls, and make jail(2) COMPAT_FREEBSD11.

As suggested by bz@, I've only removed the sysctls #ifdef BURN_BRIDGES.

Mar 22 2018, 3:37 PM · committers
jamie added a comment to D14681: Dynamically add jail-enabled filesystems.

I have another revision in the works, D14791, which removes those deprecated global permission parameters. Since this patch works with those parameters, I would naturally adjust whichever one goes in last (provided I get away with the parameter removal).

Mar 22 2018, 4:08 AM
jamie updated the diff for D14681: Dynamically add jail-enabled filesystems.

Te latest diff, to account for the changes I committed to neaten the somewhat messy pr_allow_names/pr_allow_nonames array pairs. And I also went with bumping VFS_VERSION instead of __FreeBSD_version.

Mar 22 2018, 4:07 AM
jamie created D14791: Remove deprecated jail global permission sysctls, and make jail(2) COMPAT_FREEBSD11.
Mar 22 2018, 3:56 AM · committers

Mar 21 2018

jamie committed rS331332: If a jail parameter isn't found, try loading a related kernel module..
If a jail parameter isn't found, try loading a related kernel module.
Mar 21 2018, 11:51 PM

Mar 20 2018

jamie committed rS331278: Represent boolean jail options as an array of structures containing the.
Represent boolean jail options as an array of structures containing the
Mar 20 2018, 11:08 PM

Mar 18 2018

jamie added a comment to D14681: Dynamically add jail-enabled filesystems.
In D14681#309678, @kib wrote:

I you might want to bump VFS_VERSION instead of __FreeBSD_version.

Mar 18 2018, 7:11 PM
jamie added inline comments to D14681: Dynamically add jail-enabled filesystems.
Mar 18 2018, 6:41 PM
jamie updated the diff for D14681: Dynamically add jail-enabled filesystems.

The latest changes:

  • Put the bits back into pr_allow. Adding pr_allow_mount only served to duplicate code.
  • Make the KBI change: put a prison flag in struct vfsconf.
  • Replace prison_check_vfs with a call to prison_allow (another advantage of using pr_allow).
  • Use asprintf in prison_add_vfs, instead of sprintf/strdup.
  • Do the right thing ifdef NO_SYSCTL_DESCR.
Mar 18 2018, 3:17 AM

Mar 14 2018

jamie added inline comments to D14681: Dynamically add jail-enabled filesystems.
Mar 14 2018, 11:02 PM
jamie updated the diff for D14681: Dynamically add jail-enabled filesystems.

I've updated the diff to:

Mar 14 2018, 4:45 AM
jamie added a comment to D14681: Dynamically add jail-enabled filesystems.
In D14681#308570, @jhb wrote:

One more thought: if you use the value from 'vfc_name' as the pointer you set in the array, you don't have to do actual string comparisons but can just do pointer compares to find the matching index (and thus bit) in the array in prison_check_vfs(). The jail parameter logic would still have to do string compares though.

Mar 14 2018, 1:29 AM

Mar 13 2018

jamie added a comment to D14681: Dynamically add jail-enabled filesystems.
In D14681#308541, @jhb wrote:

For per-jail settings I would still be tempted to not try to reserve space in the names, but instead perhaps have a separate "allow" mask just for VFS, and parse mount parameters explicitly.

Yes, I could do that - there are a few unused spots in struct prison to make it easy. Then I could leave pr_allow_names pretty much alone (except removing the old static allow.mount.*).

Mar 13 2018, 11:41 PM
jamie added a comment to D14681: Dynamically add jail-enabled filesystems.
In D14681#308495, @jhb wrote:

... You could just add a new 'VFCF_JAIL_ALLOW' which is a dynamic flag that the sysctl knobs turn on/off. The sysctl node would be a SYSCTL_PROC handler and it can take a pointer to the 'struct vfsconf' as its arg2 value.

Mar 13 2018, 7:58 PM
jamie added a comment to D14681: Dynamically add jail-enabled filesystems.
In D14681#308495, @jhb wrote:

I'm not quite a fan of the manual sysctl tree walking. I also don't think you need to worry about pre-creating sysctls if they are written to. I think it is perfectly reasonable to only create the sysctl when the VFS module is loaded (and that's more typical). I think it is cleaner instead of allocating pr_allow bits on the fly, to instead use a flag in the 'struct vfsconf' to be the jail permission. You could just add a new 'VFCF_JAIL_ALLOW' which is a dynamic flag that the sysctl knobs turn on/off. The sysctl node would be a SYSCTL_PROC handler and it can take a pointer to the 'struct vfsconf' as its arg2 value. This avoids concerns about running out of bits, etc. For this you would want to change prison_check_vfs() to take a pointer to 'struct vfsconf' instead of the name.

Mar 13 2018, 7:13 PM
jamie added inline comments to D14681: Dynamically add jail-enabled filesystems.
Mar 13 2018, 6:31 PM
jamie accepted D14683: Add a "jail" keyword to list the name of a jail rather than its ID..
Mar 13 2018, 6:25 PM
jamie created D14681: Dynamically add jail-enabled filesystems.
Mar 13 2018, 3:58 PM

Mar 10 2018

jamie committed rS330743: Don't warn when the "hostname" rc variable is unset, but the hostname.
Don't warn when the "hostname" rc variable is unset, but the hostname
Mar 10 2018, 8:13 PM

Feb 28 2018

jamie accepted D14535: rc.d/jail: avoid misinterpreting expr arguments.
Feb 28 2018, 5:06 PM

Nov 13 2017

jamie committed rS325783: MFC r297935:.
MFC r297935:
Nov 13 2017, 11:21 PM

Oct 29 2017

jamie accepted D9649: ifconfig(8) and route(8) should be able to manage vnet configurations from prison0.
Oct 29 2017, 2:54 PM · network

Oct 27 2017

jamie added a comment to D9649: ifconfig(8) and route(8) should be able to manage vnet configurations from prison0.

I'm good with it - I was just waiting for suggested changed to make it in.

Oct 27 2017, 2:47 PM · network

Oct 25 2017

jamie added a comment to D12789: Add support for cpuset to jail.conf.

One more thing to make it complete: something in the jail(8) man page. There's a pseudo-parameters section for things that aren't part of the kernel interface, where this would belong.

Oct 25 2017, 4:49 PM
jamie added a comment to D12789: Add support for cpuset to jail.conf.

Now that it's not really part of the exec system (aside from execing a program itself for convenience), exec.cpuset doesn't sound like the best name. I think cpuset.list would be good, or at least something under the cpuset.* umbrella since cpuset.id already exists.

Oct 25 2017, 4:48 PM

Jul 31 2017

jamie committed rS321796: Add myself to the birthday calendar..
Add myself to the birthday calendar.
Jul 31 2017, 3:29 PM