svn commit: r210974 - head/sys/kern

[Bjoern A. Zeeb]

On Fri, 6 Aug 2010, Jamie Gritton wrote:

> Author: jamie
> Date: Fri Aug  6 22:04:18 2010
> New Revision: 210974
> URL: http://svn.freebsd.org/changeset/base/210974
>
> Log:
>  Implicitly make a new jail persistent if it's set not to attach.

I am not sure this is a good idea, especially to implement it in the
kernel.  This just means that if you accidentally mess up your command
line you are creating jails, possibly eating further resources most
likely without noticing.  Lot's of foot shooting potential.

What is the reason you need that?



>  MFC after:	3 days
>
> Modified:
>  head/sys/kern/kern_jail.c
>
> Modified: head/sys/kern/kern_jail.c
> ==============================================================================
> --- head/sys/kern/kern_jail.c	Fri Aug  6 21:58:53 2010	(r210973)
> +++ head/sys/kern/kern_jail.c	Fri Aug  6 22:04:18 2010	(r210974)
> @@ -599,6 +599,8 @@ kern_jail_set(struct thread *td, struct
> 		vfs_flagopt(opts, pr_flag_names[fi], &pr_flags, 1 << fi);
> 		vfs_flagopt(opts, pr_flag_nonames[fi], &ch_flags, 1 << fi);
> 	}
> +	if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE)
> +	    pr_flags |= PR_PERSIST;
> 	ch_flags |= pr_flags;
> 	for (fi = 0; fi < sizeof(pr_flag_jailsys) / sizeof(pr_flag_jailsys[0]);
> 	    fi++) {
> @@ -628,12 +630,6 @@ kern_jail_set(struct thread *td, struct
> 		ch_flags |=
> 		    pr_flag_jailsys[fi].new | pr_flag_jailsys[fi].disable;
> 	}
> -	if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE
> -	    && !(pr_flags & PR_PERSIST)) {
> -		error = EINVAL;
> -		vfs_opterror(opts, "new jail must persist or attach");
> -		goto done_errmsg;
> -	}
> #ifdef VIMAGE
> 	if ((flags & JAIL_UPDATE) && (ch_flags & PR_VNET)) {
> 		error = EINVAL;
>

-- 
Bjoern A. Zeeb                       This signature is about you not me.