Re: git: 851dc7f859c2 - main - jail: add jail descriptors

On 2025-09-04 22:14, Konstantin Belousov wrote:
> On Thu, Sep 04, 2025 at 09:43:13PM -0700, James Gritton wrote:
>> On 2025-09-04 16:43, Konstantin Belousov wrote:
>> > There are fo_chown/fo_chmod methods that are semantically applied to the
>> > jail files, instead of the underlying object.  This is quite strange,
>> > files
>> > do not have concept of owner.
>> 
>> True, it is strange.  But jails don't have owners either, and this
>> seemed a good way to control how the descriptors could be used.  I see
>> the jail descriptor as an intermediate object between the jail and the
>> file descriptors, like there's a portal to the jail that is owned by
>> its creator, and the file descriptor returned is merely the access to
>> that portal.  It's roughly equivalent to a temp file that doesn't
>> exist in the filesystem directory space after its creation, yet is
>> still a thing with ownership and permissions.
>> 
>> I could remove this if it's too far out of mainstream practice, but I
>> hope not to have to, since it provides a handy to allow some to (for
>> instance) attach to a prison, but not alter or remove it.  Such things
>> are perhaps better left to Capsicum, but I don't have that support in
>> place yet.
> 
> Naturally, you would added a jail owner (ucred), and make fo_chown
> change the owner then.  I quite dislike trying to strength filesystem 
> DACs
> to jail access control.

You're not the first to object to this repurposing of of permission
bits.  I guess the proper thing to do is to get the Capsicum support
in place, and use that instead.  So this hack may well be going away
soon.

- Jamie