Hello, This is something that imho could be done by GSoC student.
It is possible to allow jailed root to mount various filesystems. But once all processes are dead, mounts done by jailed root that he didn't clean up are still hanging around. As time passes and more stuff gets jailable we should expect problems like this in different subsystems. So I propose that someone(tm) implements a solution which cleans this stuff during jail destruction. One idea how to do it: implement a list with clean up operations. Using mount example: you add a filesystem to be cleaned up after it is mounted, you delete it after it is unmounted. When the jail is going to die you just traverse the list backwareds and call cleaning functions, in this case unmounting filesystems. Maybe this is is a bad idea in the first place and it is better to take a look at mount tree and traverse that, I don't know, you should investigate. :) Note that the code has to be robust in case of errors (e.g. given fs may not be unmountable because someone from prison0 is inside). Again, the goal is to have jails clean up automatically after anything jailed root was permitted to do. Thoughts? -- Mateusz Guzik <mjguzik gmail.com> _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "[email protected]"
