Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

syscall: add Jail int32 to SysProcAttr on FreeBSD #46259

Open
gizahNL opened this issue May 19, 2021 · 9 comments
Open

syscall: add Jail int32 to SysProcAttr on FreeBSD #46259

gizahNL opened this issue May 19, 2021 · 9 comments

Comments

@gizahNL
Copy link

@gizahNL gizahNL commented May 19, 2021

Adding an int32 jail param to SysProcAttr on FreeBSD and calling the JAIL_ATTACH syscall inside the forked child would allow cleanly running a command inside a FreeBSD jail.

@ianlancetaylor ianlancetaylor changed the title syscall/exec FreeBSD add Jail param to SysprocAttr to allow running Command in jail proposal: syscall: add Jail param to SysprocAttr for FreeBSD to allow running Command in jail May 19, 2021
@ianlancetaylor ianlancetaylor added this to Incoming in Proposals May 19, 2021
@gopherbot gopherbot added this to the Proposal milestone May 19, 2021
@ianlancetaylor ianlancetaylor changed the title proposal: syscall: add Jail param to SysprocAttr for FreeBSD to allow running Command in jail proposal: syscall: add Jail param to SysProcAttr for FreeBSD to allow running Command in jail May 19, 2021
@rsc rsc moved this from Incoming to Active in Proposals May 19, 2021
@rsc
Copy link
Contributor

@rsc rsc commented May 19, 2021

This proposal has been added to the active column of the proposals project
and will now be reviewed at the weekly proposal review meetings.
— rsc for the proposal review group

@rsc
Copy link
Contributor

@rsc rsc commented May 26, 2021

Does anyone object to this?

@gizahNL
Copy link
Author

@gizahNL gizahNL commented May 27, 2021

An implementation detail I did not think about before:
jail attach chroots into the jail, and changes the working directory of the program to the root of the jail.
If it's feasible to change the working directory in the forked child it must be done after calling the attach syscall, if it's unfeasible I guess an error could be returned when both Cmd.Dir and SysProcAttr.Jail is set as to indicate that such a combination of options is unsupported.

@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented May 27, 2021

@gizahNL That doesn't seem like a problem. The relevant code is in syscall/exec_bsd.go.

@rsc rsc changed the title proposal: syscall: add Jail param to SysProcAttr for FreeBSD to allow running Command in jail proposal: syscall: add Jail int32 to SysProcAttr on FreeBSD Jun 2, 2021
@rsc
Copy link
Contributor

@rsc rsc commented Jun 2, 2021

/cc @samuelkarp to see if this would have helped https://github.com/samuelkarp/runj.

@rsc rsc moved this from Active to Likely Accept in Proposals Jun 2, 2021
@rsc
Copy link
Contributor

@rsc rsc commented Jun 2, 2021

Based on the discussion above, this proposal seems like a likely accept.
— rsc for the proposal review group

@samuelkarp
Copy link

@samuelkarp samuelkarp commented Jun 2, 2021

/cc @samuelkarp to see if this would have helped samuelkarp/runj.

Yes, this will likely help runj in some scenarios, while runj will likely invoke JAIL_ATTACH directly in others.

@rsc rsc moved this from Likely Accept to Accepted in Proposals Jun 9, 2021
@rsc
Copy link
Contributor

@rsc rsc commented Jun 9, 2021

No change in consensus, so accepted. 🎉
This issue now tracks the work of implementing the proposal.
— rsc for the proposal review group

@rsc rsc changed the title proposal: syscall: add Jail int32 to SysProcAttr on FreeBSD syscall: add Jail int32 to SysProcAttr on FreeBSD Jun 9, 2021
@rsc rsc removed this from the Proposal milestone Jun 9, 2021
@rsc rsc added this to the Backlog milestone Jun 9, 2021
tklauser added a commit to tklauser/go that referenced this issue Oct 12, 2021
To allow adding fields to ProcSysAttr which are supported on FreeBSD but
not on other BSDs.

For now exec_freebsd.go is an exact copy of exec_bsd.go with adjusted
build tags and copyright year.

For golang#46258
For golang#46259

Change-Id: I7667a0cdf1ca86ef64a147b77c06db70c5f8eb90
@gopherbot
Copy link

@gopherbot gopherbot commented Oct 13, 2021

Change https://golang.org/cl/355569 mentions this issue: syscall: separate ProcSysAttr and forkAndExecInChild for FreeBSD

gopherbot pushed a commit that referenced this issue Oct 14, 2021
To allow adding fields to ProcSysAttr which are supported on FreeBSD but
not on other BSDs.

For now exec_freebsd.go is an exact copy of exec_bsd.go with adjusted
build tags and copyright year.

For #46258
For #46259

Change-Id: I7667a0cdf1ca86ef64a147b77c06db70c5f8eb90
Reviewed-on: https://go-review.googlesource.com/c/go/+/355569
Trust: Tobias Klauser <tobias.klauser@gmail.com>
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Proposals
Accepted
Development

No branches or pull requests

6 participants