[Bug 280809] jail_attach(2) fails to document reason for EPERM

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=280809

--- Comment #4 from Karlo Miličević <karlo98.m@gmail.com> ---
(In reply to Olivier Certner from comment #1)

Ah! I totally missed that paragraph. I guess I should read more carefully.

(In reply to crest from comment #3)

Could you add "root vnode pointer" to every directory FD to limit their scope?
That way, when you reference ".." you would check whether the directory FD
equals that pointer and if so, not go above.
Also, O_RESOLVE_BENEATH would then just mean that when you open that directory
FD you would make the directory itself be the "root vnode pointer" instead of
its jail/chroot root directory.
Opening directories with openat copies the "root vnode pointer" unless
overriden by something like O_RESOLVE_BENEATH.

((I have no experience with VFS code, so take this idea with a grain of salt!))

This reminds me slightly of how sockets have vnet pointers.


Should I close this issue or does someone else do that?
The reason is documented already, as stated by Olivier Cartner.

-- 
You are receiving this mail because:
You are the assignee for the bug.