Page MenuHomeFreeBSD

sockstat: chdir to jail path before attaching to vnet jail
AbandonedPublic

Authored by freqlabs on Oct 26 2020, 1:22 PM.
Tags
None
Referenced Files
F107780704: D26957.diff
Sat, Jan 18, 3:56 AM
Unknown Object (File)
Dec 10 2024, 4:48 AM
Unknown Object (File)
Nov 19 2024, 5:39 PM
Unknown Object (File)
Nov 2 2024, 7:57 AM
Unknown Object (File)
Oct 31 2024, 7:59 PM
Unknown Object (File)
Oct 29 2024, 9:05 PM
Unknown Object (File)
Oct 25 2024, 10:00 PM
Unknown Object (File)
Oct 19 2024, 6:01 AM
Subscribers

Details

Reviewers
jamie
Summary

jail_attach(2) does not change the working directory, so it must be done separately.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

This is a bug in jail significant enough to add a syscall doing the trick.

Or is it significant enough to just fix a syscall? There's no good reason to attach to a jail while not being inside its directory structure, and I don't know of any program that depends on such a misfeature.

Something like this?

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index afe9afb50471..91e411fb023d 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -2406,6 +2406,7 @@ do_jail_attach(struct thread *td, struct prison *pr)
 		goto e_unlock;
 #endif
 	VOP_UNLOCK(pr->pr_root);
+	pwd_chdir(td, pr->pr_root);
 	if ((error = pwd_chroot(td, pr->pr_root)))
 		goto e_revert_osd;
 

Yes, I imagine that's all it needs.

On a related note, I'm not really happy with chroot_allow_open_directories applying to jail_attach. That one's harder to fix though, as it would take an API change to pwd_chroot or something like that.

A proper fix would avoid entering a jail to begin with, but that may be too much work right now.

I'm arguing for a new syscall because there is probably way more than chdir to add and avoiding changes to jail_attach semantics avoids a case where breakage was detected and it is unclear what to do.

Tl;dr bare minimum this should add jail_attach2(int jid, int flags) arg with flags being hardwired to 0 and meaning switch as much as possible (including chdir).