jaildesc: remove file-mode-based access controls

Jail descriptors were given a file-like mode, user, and group, for the
purpose of controlling how the descriptor may be used.  This is too far
removed from the file paradigm to make sense.  Remove it in favor of a
better access control method to be added, such as Capsicum.

Also add missing code in jaildesc_fill_kinfo.

Reported by:	crest at rlwinm.de, kib
MFC after:	3 days
This commit is contained in:
Jamie Gritton
2025-09-10 16:21:11 -07:00
parent c8fb5a4d03
commit d81b337d69
4 changed files with 37 additions and 218 deletions
-67
View File
@@ -340,31 +340,6 @@ work the same as
and
.Fn jail_remove ,
except that they operate on the jail referred to by the passed descriptor.
.Pp
Jail operations via descriptors can be done by processes that do not
normally have permission to see or affect the jail,
as long as they are allowed by the file permissions of the jail
descriptor itself.
These permissions can be changed by the descriptor owner via
.Xr fchmod 2
and
.Xr fchown 2 .
.Fn jail_get
requires read permission,
.Fn jail_set
and
.Fn jail_remove
require write permission,
and
.Fn jail_attach
requires execute permission.
Also, use of a descriptor with the
.Dv JAIL_AT_DESC
flag requires execute permission.
An owning descriptor is identified by the
.Em sticky bit ,
which may also be changed via
.Xr fchmod 2 .
.Sh RETURN VALUES
If successful,
.Fn jail ,
@@ -402,22 +377,6 @@ The
system call
will fail if:
.Bl -tag -width Er
.It Bq Er EACCES
Write permission is denied on the jail descriptor in the
.Va desc
parameter,
and the
.Dv JAIL_USE_DESC
flag was set.
.It Bq Er EACCES
Execute permission is denied on the jail descriptor in the
.Va desc
parameter,
and either the
.Dv JAIL_AT_DESC
or
.Dv JAIL_ATTACH
flag was set.
.It Bq Er EPERM
This process is not allowed to create a jail, either because it is not
the super-user, or because it would exceed the jail's
@@ -505,24 +464,6 @@ The
system call
will fail if:
.Bl -tag -width Er
.It Bq Er EACCES
Read permission is denied on the jail descriptor in the
.Va desc
parameter,
and the
.Dv JAIL_USE_DESC
flag was set.
.It Bq Er EACCES
Execute permission is denied on the jail descriptor in the
.Va desc
parameter,
and the
.Dv JAIL_AT_DESC
flag was set.
.It Bq Er EFAULT
.Fa Iov ,
or one of the addresses contained within it,
points to an address outside the allocated address space of the process.
.It Bq Er ENOENT
The jail referred to by a
.Va jid
@@ -597,14 +538,6 @@ will fail if:
The
.Fa fd
argument is not a valid jail descriptor.
.It Bq Er EACCES
Permission is denied on the jail descriptor
.Po
execute permission for
.Fn jail_attach_fd ,
or write permission for
.Fn jail_remove_fd
.Pc .
.It Bq Er EPERM
The jail descriptor was created by a user other than the super-user.
.It Bq Er EINVAL