2004-01-13 15:20:30

by john moser

[permalink] [raw]
Subject: initializing a task

I'm having severe severe issues with my jail. Inside do_fork() I have code for
forking with jails:

#ifdef CONFIG_LINUX_JAIL
/*
* I want a NULL jail if there's no parent.
*
* Also, init seems to just get a jail for no apparent reason,
* and its parent seems to be 1. init itself should never be
* jailed, so for a quick fix, anything having parent as 1 gets
* away without a jail. PLEASE FIX THIS BAD HACK ASAP.
*/
p->pjail = NULL; /*has to be null or else we'll try to free up
the jail*/
if (p->parent && p->parent->pid == 1 && p->parent->pjail) {
printk("pid: %l parent pid: %l parent jail: %08lx\n",p->pid,p->parent->pid,p->parent->pjail);
panic("Holy shit. How did the init process get jailed?\n");
}
if (p->parent && p->parent->pid > 1)
linux_jail_attatch(p->parent->pjail, p);
#endif


Now, without the if() { panic(); } condition, init forks with a strange jail that
it magically gets from somewhere. The STRANGE part is that it gets to printing
out "init 2.87 booting", but then dies on the next fork.

It seems that this random, uninitialized jail has FL_JAIL_MKNOD set (unitit'd data
is weird :/) and so init can't create /dev/inittab (so, I can't shut down).

I've tried a lot of bad hacks, from going into sched.c and setting current->pjail =
NULL before wake_up_forked_process(current) in sched_init, and just setting
current->pjail = null at the top of start_kernel() in init/main.c, but I can't
figure this out. In theory, the following should replace the above block of code
from do_fork():

p->pjail = NULL; /*has to be null or else we'll try to free up
the jail*/
linux_jail_attatch(p->parent->pjail, p);

And work properly. So, where's this magical task get created, and where can I
change it? Any ideas?

_____________________________________________________________
Linux.Net -->Open Source to everyone
Powered by Linare Corporation
http://www.linare.com/


2004-01-14 00:32:30

by Chris Wright

[permalink] [raw]
Subject: Re: initializing a task

* john moser ([email protected]) wrote:
> I'm having severe severe issues with my jail. Inside do_fork() I have
> code for

Did you look at the INIT_TASK() macro for initialization. Also, you may
take a look at another jail implementation (done to emulate BSD jails)
done as a security module.
http://mail.immunix.com/pipermail/linux-security-module/2003-December/4990.html

thanks
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net