Subject: Re: PR 36963
To: Jan Danielsson <>
From: Bill Stouder-Studenmund <>
List: tech-kern
Date: 09/22/2007 19:39:13
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Sep 23, 2007 at 01:39:31AM +0200, Jan Danielsson wrote:
> Hash: SHA512
> Bill Stouder-Studenmund wrote:
> [---]
> >>> Hm.  Here's a thought: if he's logging in on the console, init might =
> >>> using a a file descriptor bound to the device node _outside_ the chro=
> >>> I can think of a few ways chaos could then ensue, given subtle bugs in
> >>> the session-handling or device alias detection code...
> >>    By "chaos", do you mean "what you are currently seeing", or do you
> >> mean "everything will be fubar Any Time Now"?
> >=20
> > I'm not Thor (nor do I play one on TV), but I suspect something more ak=
> > to "what you are currently seeing".
>   That's what I thought; but I tend to get a little pessimistic when my
> system isn't working as I want it to. :)


> [---]
> > Since it seems to be the statvfs path munging code that's at issue, try=
> > putting printf()s in it indicating what's going on.
>    I will. On that note; do printf()'s end up in dmesg?


> > As a total aside, I think that code is questionable in this case. The i=
> > behind it is (I think) to hide mount points that aren't in the chroot, =
> > to not leak info about the chroot path.
> >=20
> > As I understand this case, though, your chroot is the mount point.  :-)
>    Hmm.. In this thread, I've detected a hint of the opinion that the
> init.root sysctl is a bad idea to begin with. I guess I should have
> asked first; but OTOH, it was a documented feature, so I didn't expect
> it to blow up in my face this bad. :(

I think it's more experimental than we expected.

=46rom thinking about things, I think that the problem is that we really=20
need something more akin to the pivot system call. The issue is that while=
the root you end up with isn't the root that the kernel booted with, it=20
really should be considered the root node of the system. Not the root node=
of some chroot environment the admin cooked up to keep your programs=20
contained. :-)

Take care,


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.4.7 (NetBSD)