linux-only jail possible?
Ed Schouten
ed at 80386.nl
Sat Mar 6 18:15:13 UTC 2010
* John Nielsen <lists at jnielsen.net> wrote:
> Pretty or not the hack does the job. Thanks again!
>
> For the record the sshd that ships with Fedora 12 also had the same issue,
> and the hack fixes it as well (not surprisingly). (I'll stick with CentOS
> though, since blatantly lying about the kernel version doesn't give me warm
> fuzzies.)
That's great to hear.
I am still in doubt what to do. Maybe we could consider committing a
patch like this:
%%%
Index: sys/compat/linprocfs/linprocfs.c
===================================================================
--- sys/compat/linprocfs/linprocfs.c (revision 204763)
+++ sys/compat/linprocfs/linprocfs.c (working copy)
@@ -1245,6 +1245,20 @@
#endif
/*
+ * Filler function for proc/pid/fd
+ */
+static int
+linprocfs_dofdescfs(PFS_FILL_ARGS)
+{
+
+ if (p == curproc)
+ sbuf_printf(sb, "/dev/fd");
+ else
+ sbuf_printf(sb, "unknown");
+ return (0);
+}
+
+/*
* Constructor
*/
static int
@@ -1312,6 +1326,8 @@
NULL, NULL, NULL, PFS_RD);
pfs_create_file(dir, "status", &linprocfs_doprocstatus,
NULL, NULL, NULL, PFS_RD);
+ pfs_create_link(dir, "fd", &linprocfs_dofdescfs,
+ NULL, NULL, NULL, 0);
/* /proc/scsi/... */
dir = pfs_create_dir(root, "scsi", NULL, NULL, NULL, 0);
%%%
This is a bit more complete. What it does, is that it creates a symlink
from /proc/%d/fd to /dev/fd, only if the calling process matches. Then
when you mount fdescfs on /dev/fd, it also does the right thing, because
it will always readlink() on a character device, which also returns an
error code.
Comments, suggestions anyone?
--
Ed Schouten <ed at 80386.nl>
WWW: http://80386.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-emulation/attachments/20100306/25cfc3cf/attachment.pgp
More information about the freebsd-emulation
mailing list