Page MenuHomeFreeBSD

jamie (James Gritton)
User

Projects (2)

User Details

User Since
Aug 3 2014, 10:29 PM (621 w, 6 d)

Recent Activity

Today

jamie committed rG5ba2b4f773c2: jail: prevent a race between jail_attach in different threads.
Sun, Jul 5, 5:14 AM
jamie committed rG530ee2980c50: jail: clean up locking around do_jail_attach.
Sun, Jul 5, 5:14 AM
jamie committed rG334c8ba7dd9c: jail: call PR_METHOD_ATTACH again (with old jail) if the first call fails.
Sun, Jul 5, 5:14 AM
jamie committed rGa4df9e3efa30: jail: prevent a race between jail_attach in different threads.
Sun, Jul 5, 2:55 AM
jamie committed rGcb0b277f71b6: jail: prevent a null derefence on array parameter assignment.
Sun, Jul 5, 2:51 AM
jamie committed rGaca9811160f4: jail: prevent a null derefence on array parameter assignment.
Sun, Jul 5, 2:51 AM

Wed, Jul 1

jamie committed rG6d9bc46cd7fc: jail: prevent a null derefence on array parameter assignment.
Wed, Jul 1, 6:38 PM

Sun, Jun 28

jamie committed rG8f14ea499fc6: jail: clean up locking around do_jail_attach.
Sun, Jun 28, 4:08 PM

Wed, Jun 24

jamie committed rG315238df5323: jail: call PR_METHOD_ATTACH again (with old jail) if the first call fails.
Wed, Jun 24, 5:48 PM

Fri, Jun 19

jamie committed rGe91e8ebefadc: jail: call PR_METHOD_ATTACH again (with old jail) if the first call fails.
Fri, Jun 19, 7:46 PM

Fri, Jun 12

jamie committed rG4938fd9361b4: jail: Don't double-free the current prison in kern_jail_set/get.
Fri, Jun 12, 6:00 PM

Tue, Jun 9

jamie committed rGb52dc2067618: jail: Don't double-free the current prison in kern_jail_set/get.
Tue, Jun 9, 10:33 PM

Jan 16 2026

jamie accepted D54737: RELNOTES: document the MAC/jail integration.
Jan 16 2026, 1:10 AM

Jan 15 2026

jamie accepted D54660: jexec: Add -e parameter to customize the environment.
Jan 15 2026, 12:18 AM · Jails

Jan 14 2026

jamie added inline comments to D54660: jexec: Add -e parameter to customize the environment.
Jan 14 2026, 6:45 PM · Jails
jamie added a comment to D54660: jexec: Add -e parameter to customize the environment.

Why does it matter that putenv(3) doesn't create a copy?

Jan 14 2026, 12:50 AM · Jails

Jan 6 2026

jamie accepted D53954: [RFC] kern: mac: add various jail MAC hooks.
Jan 6 2026, 5:46 PM

Dec 21 2025

jamie added inline comments to D53958: kern: add a mac.label jail parameter.
Dec 21 2025, 6:00 PM

Dec 17 2025

jamie accepted D54271: jail: Don't define malloc type M_PRISON_RACCT on !RACCT.
Dec 17 2025, 5:46 PM

Dec 3 2025

jamie added inline comments to D53958: kern: add a mac.label jail parameter.
Dec 3 2025, 8:57 PM

Dec 2 2025

jamie added inline comments to D53954: [RFC] kern: mac: add various jail MAC hooks.
Dec 2 2025, 5:07 PM
jamie added inline comments to D53953: kern: mac: add a MAC label to struct prison.
Dec 2 2025, 4:59 PM
jamie accepted D53960: libjail: extend struct handlers to included MAC labels.
Dec 2 2025, 4:29 AM
jamie accepted D53959: libjail: start refactoring struct ioctl support.

The original author should have done this in the first place ;-)

Dec 2 2025, 4:25 AM
jamie added inline comments to D53958: kern: add a mac.label jail parameter.
Dec 2 2025, 4:24 AM
jamie accepted D53956: mac_set_fd(3): add support for jail descriptors.
Dec 2 2025, 4:17 AM
jamie accepted D53955: jaildesc: add an accessor for the struct prison in a jaildesc.
Dec 2 2025, 4:16 AM
jamie added inline comments to D53954: [RFC] kern: mac: add various jail MAC hooks.
Dec 2 2025, 4:16 AM
jamie added inline comments to D53953: kern: mac: add a MAC label to struct prison.
Dec 2 2025, 4:15 AM

Nov 30 2025

jamie committed R9:d255e1a4d565: releases/15.0R/relnotes: note jail descriptors and kevent filters.
Nov 30 2025, 6:39 PM

Nov 7 2025

jamie accepted D53631: jail.8: Add creating a jail from distribution set.
Nov 7 2025, 5:38 PM

Nov 6 2025

jamie accepted D53612: kern_jail_set(): do not double-free opts.

While I prefer the version I mentioned in the inline notes (it's a little less branchy), I'm also fine with the patch as originally given.

Nov 6 2025, 5:20 PM

Oct 24 2025

jamie committed rGc6bf733736b5: jail: fix an error condition that was returned without setting errno..
Oct 24 2025, 1:12 AM

Oct 23 2025

jamie committed rG2d3c6a06edc3: jail: fix a regression that creates zombies when removing dying jails.
Oct 23 2025, 4:37 AM

Oct 22 2025

jamie accepted D53177: bsdinstall: jail: Fix DISTMENU items.

It only touches peripherally on jails, but sure, looks good. One could ask why we decided to have a separate and subtlely different "dist" and "distname" but I suppose that's water long since under the bridge.

Oct 22 2025, 6:03 PM

Oct 21 2025

jamie committed rG5f7d5709e0c2: jail: fix an error condition that was returned without setting errno..
Oct 21 2025, 12:10 AM

Oct 20 2025

jamie committed rG78f70d4ff9dd: jail: fix a regression that creates zombies when removing dying jails.
Oct 20 2025, 4:55 PM
jamie closed D53200: Fix a regression that creates zombies when removing already-dying jails.
Oct 20 2025, 4:54 PM

Oct 19 2025

jamie requested review of D53200: Fix a regression that creates zombies when removing already-dying jails.
Oct 19 2025, 5:55 PM

Sep 15 2025

jamie committed rGdeaa609d065d: jaildesc: remove desc from the sysctl parameter list.
Sep 15 2025, 4:05 AM
jamie committed rG9d7f89ef2607: jaildesc: add kevent support.
Sep 15 2025, 4:05 AM
jamie committed rG1a849ff1e9a9: jail: simplify EVFILT_JAIL events.
Sep 15 2025, 4:04 AM

Sep 13 2025

jamie committed rG5df0b57b74e2: MFC jaildesc: remove file-mode-based access controls.
Sep 13 2025, 11:45 PM
jamie committed rG0c23ee96c6e5: MFC jaildesc: fix typo and style(9) violations..
Sep 13 2025, 11:45 PM
jamie committed rG595a705062de: MFC jaildesc: replace EBADF with EINVAL.
Sep 13 2025, 11:45 PM
jamie committed rG4ecbb3f19b44: MFC jaildesc: fix a misplaced error check and a spurious finit call.
Sep 13 2025, 11:45 PM
jamie committed rGe75dda31c1ee: jaildesc: remove desc from the sysctl parameter list.
Sep 13 2025, 10:32 PM
jamie requested review of D52516: Add capsicum support to jail descriptors.
Sep 13 2025, 9:20 PM
jamie abandoned D52462: Jail descriptor kevents, Plan B.

Commit 66d8ffe30 has simpler kevent handling for jaildesc, without any recursion. Jail kevents have also have recussion removed. Its lack of guarantees and incomplete problem-solving meant that applications would need a way to handle when notifications weren't 100% collected. As long as that's the case, might as well get rid of the complexity.

Sep 13 2025, 3:52 AM
jamie abandoned D52461: Jail descriptor kevents, Plan A.

Commit 66d8ffe30 has simpler kevent handling for jaildesc, without any recursion. Jail kevents have also have recussion removed. Its lack of guarantees and incomplete problem-solving meant that applications would need a way to handle when notifications weren't 100% collected. As long as that's the case, might as well get rid of the complexity.

Sep 13 2025, 3:52 AM

Sep 12 2025

jamie committed rG66d8ffe3046d: jaildesc: add kevent support.
Sep 12 2025, 6:35 PM
jamie committed rGdbcaac13e49c: jail: simplify EVFILT_JAIL events.
Sep 12 2025, 5:29 AM

Sep 10 2025

jamie committed rGd81b337d690c: jaildesc: remove file-mode-based access controls.
Sep 10 2025, 11:27 PM
jamie accepted D52319: jail.2: Mention EPERM is returned on open directories.

Very well. I suppose it doesn't hurt.

Sep 10 2025, 5:35 PM

Sep 9 2025

jamie committed rGd8d5324ef533: jaildesc: fix typo and style(9) violations..
Sep 9 2025, 6:53 PM
jamie committed rG16f600dc30b7: jaildesc: replace EBADF with EINVAL.
Sep 9 2025, 6:18 PM
jamie added a comment to D52461: Jail descriptor kevents, Plan A.

Plan B is in D52462.

Sep 9 2025, 4:57 PM
jamie added a comment to D52462: Jail descriptor kevents, Plan B.

Plan A is in D52461.

Sep 9 2025, 4:57 PM
jamie requested review of D52462: Jail descriptor kevents, Plan B.
Sep 9 2025, 4:37 PM
jamie requested review of D52461: Jail descriptor kevents, Plan A.
Sep 9 2025, 4:30 PM
jamie added a comment to D52319: jail.2: Mention EPERM is returned on open directories.

Yes, EPERM on open directories may be unexpected, but I don't see that is enough cause to change the long-standing tradition of referring to other manual pages when a function may return the set of errors produced by another function.

Sep 9 2025, 3:50 PM

Sep 5 2025

jamie committed rG8ec7a830f10b: jaildesc: fix a misplaced error check and a spurious finit call.
Sep 5 2025, 4:51 AM
jamie closed D43696: Jail descriptors.
Sep 5 2025, 3:51 AM

Sep 4 2025

jamie committed rG851dc7f859c2: jail: add jail descriptors.
Sep 4 2025, 8:32 PM
jamie committed rG1bd74d201a53: jail: add kqueue(2) support for jails.
Sep 4 2025, 7:00 PM
jamie closed D51940: kqueue(2) support for jails.
Sep 4 2025, 7:00 PM

Sep 3 2025

jamie added inline comments to D43696: Jail descriptors.
Sep 3 2025, 4:55 PM

Sep 1 2025

jamie updated the diff for D43696: Jail descriptors.

I've added a "Jail Descriptors" section to jail(2), and added the jail_attach_fd and jail_remove_jd system calls, and the new jail_get/jail_set flags.

Sep 1 2025, 11:59 PM

Aug 29 2025

jamie closed D50241: Teach ngctl to attach and run itself in a jail..
Aug 29 2025, 11:08 PM
jamie committed rG72d01e62b082: netgraph: teach ngctl to attach and run itself in a jail.
Aug 29 2025, 11:08 PM

Aug 26 2025

jamie requested changes to D46284: Add the ability have executable jail.conf.
Aug 26 2025, 8:14 PM · Jails

Aug 21 2025

jamie accepted D52039: kern: remove the need to allocate in prison_add_vfs().

The unrelated prison_add_allow talk deserves its own revision, so I made D52105 for that.

Aug 21 2025, 10:01 PM
jamie requested review of D52105: Remove asprintf from prison_add_allow.
Aug 21 2025, 9:59 PM
jamie added a comment to D52039: kern: remove the need to allocate in prison_add_vfs().

I wonder why asprintf() uses M_NOWAIT when strdup() uses M_WAITOK. Looking at the relatively few callers, I suspect we can perhaps just switch to M_WAITOK...

Aug 21 2025, 4:58 PM

Aug 20 2025

jamie added a comment to D52039: kern: remove the need to allocate in prison_add_vfs().

prison_add_vfs then goes on to call prison_add_allow, which has its own asprintf call. So unless you fix that as well, you've bought very little. And prison_add_allow really ought to be fixed. It's just a matter of not relying on asprintf with its M_NOWAIT allocation. The context it's called in (and presumably would ever be called in) can handle waiting for allocation.

Aug 20 2025, 9:15 PM

Aug 17 2025

jamie added a comment to D43696: Jail descriptors.

I've added D51940, which adds kqueue support to jails by JID, so it's separate from the descriptor work, except it contains fixes for the problems I've identified with the current kqueue code in this revision. In particular, it uses the NOTE_TRACK convention that processes use, and adds a flag that notes if attached processes were missed.

Aug 17 2025, 12:31 AM
jamie requested review of D51940: kqueue(2) support for jails.
Aug 17 2025, 12:28 AM

Aug 14 2025

jamie accepted D51831: jail: fix backfilling the "name" for jid-named jails.

Yep, tried it out and it looks good now.

Aug 14 2025, 7:18 PM
jamie added a comment to D43696: Jail descriptors.

As I learn more about kqueue, I see I am trying to make it do things it's not suited for. In particular, the data field can't contain the kind of information I'm putting it in (process ID, jail ID). The non-queuing nature of kqueue (!) means that one event can be obliterated by the next event, leading to unreliable notification. There's not a lot of advantage of being notified that at least one child jail has been created, and here's the JID of the most recent one.

Aug 14 2025, 5:01 AM

Aug 12 2025

jamie accepted D46284: Add the ability have executable jail.conf.
Aug 12 2025, 5:06 PM · Jails

Aug 7 2025

jamie accepted D51645: kern: disallow user scheduling/debugging/signalling of jailed procs.

True, there's no real need for the PR_ALLOW_PRISON0 change, but since you went to the effort to make that macro anyway, it's a good place to showcase it.

Aug 7 2025, 5:19 AM
jamie added inline comments to D51645: kern: disallow user scheduling/debugging/signalling of jailed procs.
Aug 7 2025, 1:02 AM
jamie accepted D51719: jail: Optionally allow audit session state to be configured in a jail.

It looks fine from the jail side of things.

Aug 7 2025, 12:55 AM

Jul 31 2025

jamie added inline comments to D51645: kern: disallow user scheduling/debugging/signalling of jailed procs.
Jul 31 2025, 11:05 PM
jamie accepted D51656: jail: separate "statically valid allow flags" from "prison0 allow flags".
Jul 31 2025, 10:27 PM
jamie requested changes to D51645: kern: disallow user scheduling/debugging/signalling of jailed procs.

In the meantime (and long-term), a knob makes sense.

Jul 31 2025, 4:38 PM
jamie added a comment to D51645: kern: disallow user scheduling/debugging/signalling of jailed procs.
In D51645#1179733, @kib wrote:

Would privileges actually work, I have no objections. But right now this change makes the very useful feature (at least for me), only available to root. I do often use 'jail -u <me> / something 127.0.0.1 /bin/sh', and have the jailed processes only bound to localhost, otherwise they are normal (can be debugged etc).

It would be pity to loose the ability. Can we have at least a knob to re-enable the current behavior?

Jul 31 2025, 4:36 PM
jamie accepted D51645: kern: disallow user scheduling/debugging/signalling of jailed procs.

I like this. Given that a non-root user isn't allowed to mess with a jail, it makes that it wouldn't be allowed to mess with processes in that jail, even if they happen to have the same uid. That sounds like preferable default behavior, even if it's a switch from current practice. The closer we get to namespaces like uid being conceptually a (jail, id) tuple, the better off we are.

Jul 31 2025, 4:31 PM
jamie added a comment to D43696: Jail descriptors.

This sounds deeply confused about what a file descriptor is (supposed to be). It is the capability to use the referenced resource. The permissions in the file description should govern what's allowed through the descriptor not the current process credentials. The check against the current process credential has to happen as the description the descriptor references is created.

Jul 31 2025, 12:52 AM
jamie added a comment to D43696: Jail descriptors.
In D43696#996669, @dvl wrote:

I read the description, but I'm still not sure how a jail descriptor would be used. How about some pseudo-code, to illustrate the concept please?

Jul 31 2025, 12:34 AM

Jul 30 2025

jamie updated the diff for D43696: Jail descriptors.

The big addition is kevent support. A jail descriptor can pass four notes:

Jul 30 2025, 9:54 PM

Jul 26 2025

jamie accepted D51502: jail: consistently populate the KP_JID and KP_NAME parameters.
Jul 26 2025, 2:38 AM

Jul 25 2025

jamie accepted D51541: jls: add a -c mode to check for a jail's existence.
Jul 25 2025, 10:55 PM
jamie accepted D51540: jls: minor simplification to arg handling.
Jul 25 2025, 10:54 PM
jamie added inline comments to D51502: jail: consistently populate the KP_JID and KP_NAME parameters.
Jul 25 2025, 10:54 PM
jamie accepted D51524: jail: Make prison_owns_vnet() operate on a prison instead of a ucred.

I could instead add an alternative function or even just an inline "is PR_VNET set" check.

Jul 25 2025, 5:46 PM
jamie added a comment to D51524: jail: Make prison_owns_vnet() operate on a prison instead of a ucred.

There's a general trend in the "prison can do this thing" functions that they all take a ucred. One the one hand it seems reasonable that they would all take a struct prison instead, but is there a particular reason to break the trend for this case?

Jul 25 2025, 5:22 PM
jamie added inline comments to D51502: jail: consistently populate the KP_JID and KP_NAME parameters.
Jul 25 2025, 5:18 PM
jamie accepted D51501: jail: tests: cleanup the commands test a bit.
Jul 25 2025, 4:32 PM

Jul 17 2025

jamie accepted D46284: Add the ability have executable jail.conf.

I had considered that the -l (exec clean) flag should be considered, but decided it really only makes sense for keeping the jail environment clean.

Jul 17 2025, 3:50 PM · Jails