svn commit: r333263 - in head: lib/libjail sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/compat/linprocfs sys/compat/linsysfs sys/fs/devfs sys/fs/fdescfs sys/fs/nullfs sys/fs/procfs sys/fs/pse...

[Alan Somers]

On Fri, May 4, 2018 at 2:54 PM Jamie Gritton <jamie at freebsd.org> wrote:

> Author: jamie
> Date: Fri May  4 20:54:27 2018
> New Revision: 333263
> URL: https://svnweb.freebsd.org/changeset/base/333263
>
> Log:
>   Make it easier for filesystems to count themselves as jail-enabled,
>   by doing most of the work in a new function prison_add_vfs in kern_jail.c
>   Now a jail-enabled filesystem need only mark itself with VFCF_JAIL, and
>   the rest is taken care of.  This includes adding a jail parameter like
>   allow.mount.foofs, and a sysctl like security.jail.mount_foofs_allowed.
>   Both of these used to be a static list of known filesystems, with
>   predefined permission bits.
>
>   Reviewed by:  kib
>   Differential Revision:        D14681
>
> Modified:
>   head/lib/libjail/jail.c
>   head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c
>   head/sys/compat/linprocfs/linprocfs.c
>   head/sys/compat/linsysfs/linsysfs.c
>   head/sys/fs/devfs/devfs_vfsops.c
>   head/sys/fs/fdescfs/fdesc_vfsops.c
>   head/sys/fs/nullfs/null_vfsops.c
>   head/sys/fs/procfs/procfs.c
>   head/sys/fs/pseudofs/pseudofs.h
>   head/sys/fs/tmpfs/tmpfs_vfsops.c
>   head/sys/kern/kern_jail.c
>   head/sys/kern/vfs_init.c
>   head/sys/kern/vfs_mount.c
>   head/sys/kern/vfs_subr.c
>   head/sys/sys/jail.h
>   head/sys/sys/mount.h
>   head/usr.sbin/jail/jail.8
>
> Modified: head/lib/libjail/jail.c
>
> ==============================================================================
> --- head/lib/libjail/jail.c     Fri May  4 20:38:26 2018        (r333262)
> +++ head/lib/libjail/jail.c     Fri May  4 20:54:27 2018        (r333263)
> @@ -1048,7 +1048,13 @@ kldload_param(const char *name)
>         else if (strcmp(name, "sysvmsg") == 0 || strcmp(name, "sysvsem")
> == 0 ||
>             strcmp(name, "sysvshm") == 0)
>                 kl = kldload(name);
> -       else {
> +       else if (strncmp(name, "allow.mount.", 12) == 0) {
> +               /* Load the matching filesystem */
> +               kl = kldload(name + 12);
> +               if (kl < 0 && errno == ENOENT &&
> +                   strncmp(name + 12, "no", 2) == 0)
> +                       kl = kldload(name + 14);
> +       } else {
>                 errno = ENOENT;
>                 return (-1);
>         }
>

I'm curious about this part of the change.  Why is it necessary to load the
module in the "allow.mount.noXXXfs" case, when the jail is forbidden to
mount the filesystem? It seems like that would just load modules that
aren't going to be used.

Additional discussion at https://github.com/iocage/iocage/issues/689 .

-Alan