jail: simplify EVFILT_JAIL events

Instead of using the EVFILT_PROC model of attempting to automatically
register new events when a child jail is created, just give a single
event when a child jail is created.  As was already done with jail
attach events, make a best-effort report of the added jail's id in
kn_data.  If the are multiple NOTE_JAIL_CHILD and/or NOTE_JAIL_ATTACH
events, set the NOTE_JAIL_MULTI flag, and don't report anything in
data, indicating that the caller will need to query the system state
on their own.

MFC after:	3 days
This commit is contained in:
Jamie Gritton
2025-09-11 22:22:45 -07:00
parent 64dca4eb4d
commit dbcaac13e4
4 changed files with 41 additions and 96 deletions
+15 -26
View File
@@ -22,7 +22,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd September 4, 2025
.Dd September 11, 2025
.Dt KQUEUE 2
.Os
.Sh NAME
@@ -614,41 +614,30 @@ The process ID will be stored in
If more than one process has attached since the last call to
.Fn kevent ,
.Va data
will contain the most recently attached process ID,
with
.Dv NOTE_JAIL_ATTACH_MULTI
set in
.Va fflags .
will be zero.
.It Dv NOTE_JAIL_REMOVE
The jail has been removed.
.It Dv NOTE_JAIL_CHILD
A child of the watched jail has been created.
.It Dv NOTE_TRACK
Follow child jails created under this jail.
Register a new kevent to monitor the child jail using the same
.Va fflags
as the original event.
The child jail will signal an event with
.Dv NOTE_CHILD
set in
.Va fflags
and the parent JID in
Its jail ID will be stored in
.Va data .
.Pp
If registering a new kevent fails
.Pq usually due to resource limitations ,
it will signal an event with
.Dv NOTE_TRACKERR
set in
.Va fflags ,
and the child jail will not signal a
.Dv NOTE_CHILD
event.
If more than one jail has been created since the last call to
.Fn kevent ,
.Va data
will be zero.
.El
.Pp
On return,
.Va fflags
contains the events which triggered the filter.
It will also contain
.Dv NOTE_JAIL_MULTI
if more than one
.Dv NOTE_JAIL_ATTACH
or
.Dv NOTE_JAIL_CHILD
event has been received since the last call to
.Fn kevent .
.It Dv EVFILT_TIMER
Establishes an arbitrary timer identified by
.Va ident .