Minor jail bug in fork1()/kern_execve()
Paul Herman
pherman at frenchfries.net
Sat Mar 20 20:19:36 PST 2004
Hi,
While playing around with some jail() stuff, I've found that the
prison refcount gets bumped twice when a jailed process fork()s and
exec()s instead of just once like it should. The reason is that
fork1() increments the refcount itself and it also gets incremented
a second time when kern_execve() calls cratom(). The result is
that when jails with forked processes finally exit, their prisons
don't get freed.
It makes sense to me that the refcount should be bumped in fork()
and less sense to me in kern_execve().
I think we might rethink the idea that cratom() should be touching
the prison refcount. And if cratom() should, then kern_execve()
shouldn't. Any thoughts?
-Paul.
More information about the Bugs
mailing list