linux-only jail possible?
Ed Schouten
ed at 80386.nl
Sat Mar 6 07:31:19 UTC 2010
* John Nielsen <lists at jnielsen.net> wrote:
> Truss from the host side seems okay except that -f doesn't work as expected.
> I can attach manually to the child processes just before submitting an SSH
> password though so hopefully that's enough. If you want me to do any of this
> again with different truss flags or other information just let me know.
Unfortunately it doesn't contain any open() calls on /dev/ptmx, but I
found a way to `fix' it:
%%%
--- sys/compat/linux/linux_file.c
+++ sys/compat/linux/linux_file.c
@@ -883,6 +883,8 @@
error = kern_readlink(td, name, UIO_SYSSPACE, args->buf, UIO_USERSPACE,
args->count);
LFREEPATH(name);
+ if (error == ENOENT)
+ error = EINVAL;
return (error);
}
%%%
It seems a readlink() call on /proc/self/fd/%d fails inside glibc's
ttyname() and the only way to fall back to the looping on /dev/ is by
returning a bogus errno.
ssize_t len = __readlink (procname, ttyname_buf, buflen);
if (__builtin_expect (len == -1 && errno == ENOENT, 0))
{
__set_errno (EBADF);
return NULL;
}
I guess we can only fix this bug properly by adding support for
/proc/self/fd/%d to linprocfs.
--
Ed Schouten <ed at 80386.nl>
WWW: http://80386.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-emulation/attachments/20100306/63e689a7/attachment.pgp
More information about the freebsd-emulation
mailing list