In the interest of not leaving main broken, I'm going to push this since it's functional both with a jail policy and without- noting that I fully expect to perhaps need another round to cleanup some remaining issue(s) pertaining to the expedited timeline.

Extra fixes, also for bd55cbb50c58876

In D54786#1252172, @jlduran wrote:

I think this is not sufficient (just to avoid a missing mac.conf entry):
I will test it thoroughly later, but for now:

# jail -c path=/ name=D54786 persist
# jls -s

(Scales a little better in the sense that one can have an image that can do any number of multiple fs, and they can only disable autoloading of specific rootfs)

My preference would be that we add in a config.isModuleDisabled():

I'm not sure I'm convinced that dir is actually always set, but I haven't spent that much time reading the above logic. An assertion on that here might be good to try and do something useful instead of infinitely looping, but I don't insist

+des for recent stdio work, jhb for having worked on something like this specifically that hadn't landed

Address review comments

In D54168#1244291, @knz_thaumogen.net wrote:

Ahh, sorry, I got confused with the missing context- can you reupload this with either git-arc or -U99999, please?

Done. But IMHO I find this workflow tremendously impractical. With github I can do 1) fine-grained commits, with separate commit per logical change and 2) git push -f to update the PR.

Here all this gets mashed up together and I need to copy-paste the diff manually in a HTML form... 😭

Ahh, sorry, I got confused with the missing context- can you reupload this with either git-arc or -U99999, please? It's immensely useful to be able to scroll back up and confirm where different hunks are applying

I am quite confused about what happened here. Can you explain the connection between my previous note and the changes made?

I don't think this is actually sufficient, but I don't think fixing it will be all that hard. sprkopen currently uses the fact that it's locked by Giant, so you'll probably want one spkr mutex to be taken in spkropen() and spkrclose() to be sure it's only opened by a single thread (and not leaking an allocation if spkr_inbuf gets clobbered`).

In D53958#1241512, @olce wrote:

I'd put all new functions of sys/security/mac/mac_syscalls.c into sys/security/mac/mac_prison.c instead, as these are not really system calls, and export mac_label_copyin_string() from the former.

Highlights:

• Remove vfs_opterror() for those entry points that take the opts already
• Move one case of mac_prison_check_get back as a special-case to avoid breaking jail enumeration.
• Unbreak the build of this patch: prison_copy_label comes in a later change
• Drop redundant JAIL_ATTACH check