[Bug 280809] jail_attach(2) fails to document reason for EPERM
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 280809] jail_attach(2) fails to document reason for EPERM"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 26 Aug 2024 18:47:25 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280809 --- Comment #4 from Karlo Miličević <karlo98.m@gmail.com> --- (In reply to Olivier Certner from comment #1) Ah! I totally missed that paragraph. I guess I should read more carefully. (In reply to crest from comment #3) Could you add "root vnode pointer" to every directory FD to limit their scope? That way, when you reference ".." you would check whether the directory FD equals that pointer and if so, not go above. Also, O_RESOLVE_BENEATH would then just mean that when you open that directory FD you would make the directory itself be the "root vnode pointer" instead of its jail/chroot root directory. Opening directories with openat copies the "root vnode pointer" unless overriden by something like O_RESOLVE_BENEATH. ((I have no experience with VFS code, so take this idea with a grain of salt!)) This reminds me slightly of how sockets have vnet pointers. Should I close this issue or does someone else do that? The reason is documented already, as stated by Olivier Cartner. -- You are receiving this mail because: You are on the CC list for the bug.