On Thu, Sep 04, 2025 at 08:31:51PM +0000, Jamie Gritton wrote:
> The branch main has been updated by jamie:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=851dc7f859c23cab09a348bca03ab655534fb7e0
>
> commit 851dc7f859c23cab09a348bca03ab655534fb7e0
> Author: Jamie Gritton <[email protected]>
> AuthorDate: 2025-09-04 20:27:47 +0000
> Commit: Jamie Gritton <[email protected]>
> CommitDate: 2025-09-04 20:27:47 +0000
>
> jail: add jail descriptors
>
> Similar to process descriptors, jail desriptors are allow jail
> administration using the file descriptor interface instead of JIDs.
> They come from and can be used by jail_set(2) and jail_get(2),
> and there are two new system calls, jail_attach_jd(2) and
> jail_remove_jd(2).
>
> Reviewed by: bz, brooks
The code is from jaildesc_alloc():
jd = malloc(sizeof(*jd), M_JAILDESC, M_WAITOK | M_ZERO);
error = falloc_caps(td, &fp, fdp, 0, NULL);
finit(fp, priv_check_cred(fp->f_cred, PRIV_JAIL_SET) == 0
? FREAD | FWRITE : FREAD, DTYPE_JAILDESC, jd, &jaildesc_ops);
^^^^^^^^^^^ '?' should be placed on the previous line
if (error != 0) {
free(jd, M_JAILDESC);
return (error);
}
If falloc_caps() returned error, fp does not point to a valid file.
Then finit() operates on random memory.
Generated files should have been committed as a follow-up, not in the
same commit as written code.
jaildesc_find() returns EBADF when passed file type is not DTYPE_JAIL.
Normally EBADF means that the object underlying the file is invalidated,
like vnode is reclaimed, tty is revoked, etc. For the wrong type, EINVAL
should be returned.
jaildesc_close() does
finit(fp, 0, DTYPE_NONE, NULL, &badfileops);
that is not needed, same as cleaning f_data.
There are fo_chown/fo_chmod methods that are semantically applied to the
jail files, instead of the underlying object. This is quite strange, files
do not have concept of owner.
