On 2018-06-16 11:31, Fabian Freyer wrote:
On 05/18/2018 18:49, James Gritton wrote:
I would recommend skipping out on jail_getv(), which is really only
good for getting a few well-known parameters, and instead use the more
complete but more complex jailparam_init/get/export/free.
Thanks! I ended up writing wrappers around the jail_get(2) and
jail_set(2) interfaces and constructing the iovectors myself, which
ended up quite a bit cleaner. The jailparam_{init,get,export,free}
APIs are unnecessarily complex and don't seem to be a good fit
(writing wrappers around wrappers around wrappers etc...).
They're an attempt to make generic handlers in C, which isn't exactly a
language geared toward such things. If you're working only with a few
specific known fields, your way is just as well.
It gets more complicated with array parameters, those that can hold an
arbitrary number of values. The IP addresses are the best example of
that.
I've now hit that snag. I see that the security.jail.param.ip4.addr
and security.jail.param.ip6.addr sysctls contain the sizes of an
in_addr_t and an in6_addr_t, respectively. How would I now determine
the number of IPv4 and IPv6 addresses, or should I just allocate
security.jail.jail_max_af_ips per family? I've tried to go through how
libjail does it, but don't quite understand it, nor the implied race
conditions (?) it attempts to mitigate by reading the vector multiple
times:
lib/libjail/jail.c:
/*
* Get the prison. If there are array elements, retry a few times
* in case their sizes changed from under us.
*/
for (sanity = 0;; sanity++) {
[...]
If you read a parameters with the value's iov_base set to NULL, it will
return the parameter's length into your iov_len. So the way to read any
variable-length parameter is to call jail_get(2) once with a NULL value,
allocate a buffer according to the returned length, and then call it
again
with the allocated iov_base.
The race condition I look for is the jail changing between the time I
get
the length and the time I read the value - like most races, very
unlikely.
Once again, this is for the generic case. If you have a value with a
known
(and reasonably sized) maximum, such as MAXHOSTNAMELEN or max_af_ips,
it's
easier to just use that.
- James
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[email protected]"
