https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262180
Mark Johnston <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected], | |[email protected] --- Comment #7 from Mark Johnston <[email protected]> --- This is a consequence of the way nullfs handles dotdot lookups. Here, a proc's cwd is a nullfs vnode, and behind the scenes the corresponding lower vnode is moved out of the exported directory. Then, successive dotdot lookups instantiate nullfs vnodes outside of the nullfs mountpoint. These get returned and effectively "cover" the jail's root dir, so the pointer equality check in vfs_lookup() against ni_rootdir doesn't work because it's comparing the returned nullfs vnode with a lower vnode. There is a hack in null_lookup() to handle this kind of situation, and this is enough to prevent the problem if the process root is also a mountpoint. To fix this, I think vfs_lookup() either has to compare ni_topdir/ni_rootdir with "dp" and its aliases, using a VOP implemented by nullfs. Or, we can start passing the ndp to VOP_LOOKUP somehow and modify nullfs to perform this check internally. -- You are receiving this mail because: You are the assignee for the bug.
