Restrict jail(8) and jexec(8) to chdir to the user's directory only when the user is expicitly specified
ClosedPublic
Actions

Authored by jamie on Aug 5 2024, 5:41 AM.

Details

Reviewers

None

Group Reviewers

Commits

rG1ff3118d72b1: MFC jail: only chdir to user's home directory when user is specified
rG5cf705491727: jail: only chdir to user's home directory when user is specified

Summary

The exec.clean jail parameter, or the -l option to jexec(8) execute commands in a clean environment. This includes not only environment variables as mentioned in the man pages, but also changes the current directory to the user's HOME.

The directory change, while not documented, has been there for a long time. When a user is specified (exec.jail_user or -u) it makes sense for a clean environment to execute in that user's home, as a login session does.

But when there's no user specified (but still exec.clean), it's unexpected and sometimes problematic for jailed processes to find themselves in "/root". Jail startup typically reflects system startup, which is in "/".

This patch changes jail(8) and jexec(8) to only change to the user's directory when the user is explicitly set. Since the implicit user is always root (these aren't setuid programs), that means that for example "jexec -l" will run in (jailed) "/" instead of the current directory "/root"; it would require "jexec -l -u root" to once again run in "/root".