Bug 177821 - sysctl: Some security.jail nodes are funky, duplicate entries, ending in dots (.)
Summary: sysctl: Some security.jail nodes are funky, duplicate entries, ending in dots...
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs (Nobody)
URL:
Keywords: needs-patch, needs-qa
Depends on:
Blocks:
 
Reported: 2013-04-13 03:00 UTC by Enji Cooper
Modified: 2021-07-25 01:08 UTC (History)
1 user (show)

See Also:
koobs: mfc-stable13?
koobs: mfc-stable12?
koobs: mfc-stable11?


Attachments
nsysctl -OFIHtN -s ', ' security (9.32 KB, text/plain)
2021-07-25 01:06 UTC, Alfonso S. Siciliano
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Enji Cooper freebsd_committer 2013-04-13 03:00:00 UTC
Noticed this when doing sysctl -Na | grep jail... in particular the sysctl MIBs
that have a trailing '.' are odd:

security.jail.param.allow.mount.zfs
security.jail.param.allow.mount.procfs
security.jail.param.allow.mount.nullfs
security.jail.param.allow.mount.devfs
security.jail.param.allow.mount.
security.jail.param.allow.socket_af
security.jail.param.allow.quotas
security.jail.param.allow.chflags
security.jail.param.allow.raw_sockets
security.jail.param.allow.sysvipc
security.jail.param.allow.set_hostname
security.jail.param.ip6.saddrsel
security.jail.param.ip6.addr
security.jail.param.ip6.
security.jail.param.ip4.saddrsel
security.jail.param.ip4.addr
security.jail.param.ip4.
security.jail.param.cpuset.id
security.jail.param.host.hostid
security.jail.param.host.hostuuid
security.jail.param.host.domainname
security.jail.param.host.hostname
security.jail.param.host.
security.jail.param.children.max
security.jail.param.children.cur
security.jail.param.dying
security.jail.param.persist
security.jail.param.devfs_ruleset
security.jail.param.enforce_statfs
security.jail.param.securelevel
security.jail.param.path
security.jail.param.name
security.jail.param.parent
security.jail.param.jid
security.jail.param.linux.
security.jail.param.linux.osname
security.jail.param.linux.osrelease
security.jail.param.linux.oss_version
security.jail.devfs_ruleset
security.jail.enforce_statfs
security.jail.mount_zfs_allowed
security.jail.mount_procfs_allowed
security.jail.mount_nullfs_allowed
security.jail.mount_devfs_allowed
security.jail.mount_allowed
security.jail.chflags_allowed
security.jail.allow_raw_sockets
security.jail.sysvipc_allowed
security.jail.socket_unixiproute_only
security.jail.set_hostname_allowed
security.jail.jail_max_af_ips
security.jail.jailed
security.jail.list
Comment 1 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 07:59:06 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2021-07-19 03:19:21 UTC
Still reproduces  14.0-CURRENT #14 main-n245176-8742817ba62

[koobs@140-CURRENT-amd64-564d:/usr/home/koobs] sysctl -aN | grep jail |grep -E '.*\.$'
security.jail.param.sysvshm.
security.jail.param.sysvsem.
security.jail.param.sysvmsg.
security.jail.param.allow.mount.
security.jail.param.ip6.
security.jail.param.ip4.
security.jail.param.host.

They "appear" to be duplicates, most with identical descriptions, except "security.jail.param.allow.mount":

[koobs@140-CURRENT-amd64-564d:/usr/home/koobs] sysctl -ad | grep jail

security.jail.param.sysvshm: SYSV shared memory
security.jail.param.sysvshm.: SYSV shared memory
security.jail.param.sysvsem: SYSV semaphores
security.jail.param.sysvsem.: SYSV semaphores
security.jail.param.sysvmsg: SYSV message queues
security.jail.param.sysvmsg.: SYSV message queues

security.jail.param.allow.mount: Jail mount/unmount permission flags
security.jail.param.allow.mount.: Jail may mount/unmount jail-friendly file systems in general

security.jail.param.ip6: Jail IPv6 address virtualization
security.jail.param.ip6.: Jail IPv6 address virtualization

security.jail.param.ip4: Jail IPv4 address virtualization
security.jail.param.ip4.: Jail IPv4 address virtualization

security.jail.param.host: Jail host info
security.jail.param.host.: Jail host info
Comment 3 Alfonso S. Siciliano 2021-07-25 01:06:46 UTC
Created attachment 226665 [details]
nsysctl -OFIHtN -s ', ' security
Comment 4 Alfonso S. Siciliano 2021-07-25 01:08:03 UTC
The sysctl name that have a trailing '.' are normal: they are normal sysctl objects with a `struct sysctl_oid` in the MIB but their name `sysctl_oid.oid_name` is just "\0".

I mentioned them at the BSDCan 2020 and in some quarterly status report to describe sysutils/sysctlinfo-kmod, sysutils/sysctlbyname-improved-kmod and devel/sysctlmibinfo2.

We can use sysutils/nsysctl to know their properties:

% nsysctl -OFIHtN -s ', ' security
2147482851, security, node, N, Undefined
...
2147482851.2147482945, security.jail, node, N, Undefined
...
2147482851.2147482945.2147482932, security.jail.param, node, N, Undefined
2147482851.2147482945.2147482932.2147482549, security.jail.param.sysvshm, node, N, Undefined
2147482851.2147482945.2147482932.2147482549.2147482548, security.jail.param.sysvshm., integer, E,jailsys, Defined
2147482851.2147482945.2147482932.2147482560, security.jail.param.sysvsem, node, N, Undefined
2147482851.2147482945.2147482932.2147482560.2147482559, security.jail.param.sysvsem., integer, E,jailsys, Defined
2147482851.2147482945.2147482932.2147482573, security.jail.param.sysvmsg, node, N, Undefined
2147482851.2147482945.2147482932.2147482573.2147482572, security.jail.param.sysvmsg., integer, E,jailsys, Defined
2147482851.2147482945.2147482932.2147482900, security.jail.param.allow, node, N, Undefined
2147482851.2147482945.2147482932.2147482900.2147482888, security.jail.param.allow.mount, node, N, Undefined
2147482851.2147482945.2147482932.2147482900.2147482888.2147471913, security.jail.param.allow.mount.debugfs, integer, B, Defined
2147482851.2147482945.2147482932.2147482900.2147482888.2147471916, security.jail.param.allow.mount.anon_inodefs, integer, B, Defined
2147482851.2147482945.2147482932.2147482900.2147482888.2147473599, security.jail.param.allow.mount.devfs, integer, B, Defined
2147482851.2147482945.2147482932.2147482900.2147482888.2147473671, security.jail.param.allow.mount.tmpfs, integer, B, Defined
2147482851.2147482945.2147482932.2147482900.2147482888.2147473673, security.jail.param.allow.mount.procfs, integer, B, Defined
2147482851.2147482945.2147482932.2147482900.2147482888.2147482887, security.jail.param.allow.mount., integer, B, Defined
...
2147482851.2147482945.2147482932.2147482904, security.jail.param.ip6, node, N, Undefined
2147482851.2147482945.2147482932.2147482904.2147482901, security.jail.param.ip6.saddrsel, integer, B, Defined
2147482851.2147482945.2147482932.2147482904.2147482902, security.jail.param.ip6.addr, opaque, S,in6_addr,a, Defined
2147482851.2147482945.2147482932.2147482904.2147482903, security.jail.param.ip6., integer, E,jailsys, Defined
2147482851.2147482945.2147482932.2147482908, security.jail.param.ip4, node, N, Undefined
2147482851.2147482945.2147482932.2147482908.2147482905, security.jail.param.ip4.saddrsel, integer, B, Defined
2147482851.2147482945.2147482932.2147482908.2147482906, security.jail.param.ip4.addr, opaque, S,in_addr,a, Defined
2147482851.2147482945.2147482932.2147482908.2147482907, security.jail.param.ip4., integer, E,jailsys, Defined
2147482851.2147482945.2147482932.2147482910, security.jail.param.cpuset, node, N, Undefined
2147482851.2147482945.2147482932.2147482910.2147482909, security.jail.param.cpuset.id, integer, I, Defined
2147482851.2147482945.2147482932.2147482916, security.jail.param.host, node, N, Undefined
2147482851.2147482945.2147482932.2147482916.2147482911, security.jail.param.host.hostid, unsigned long, LU, Defined
2147482851.2147482945.2147482932.2147482916.2147482912, security.jail.param.host.hostuuid, string, A, Defined
2147482851.2147482945.2147482932.2147482916.2147482913, security.jail.param.host.domainname, string, A, Defined
2147482851.2147482945.2147482932.2147482916.2147482914, security.jail.param.host.hostname, string, A, Defined
2147482851.2147482945.2147482932.2147482916.2147482915, security.jail.param.host., integer, E,jailsys, Defined
2147482851.2147482945.2147482932.2147482919, security.jail.param.children, node, N, Undefined
2147482851.2147482945.2147482932.2147482919.2147482917, security.jail.param.children.max, integer, I, Defined
2147482851.2147482945.2147482932.2147482919.2147482918, security.jail.param.children.cur, integer, I, Defined
...


The complete output is attached, it prints: OID, name, type, format and handler status, for example 

2147482851.2147482945.2147482932.2147482908, security.jail.param.ip4, node, N, Undefined
2147482851.2147482945.2147482932.2147482908.2147482905, security.jail.param.ip4.saddrsel, integer, B, Defined
2147482851.2147482945.2147482932.2147482908.2147482906, security.jail.param.ip4.addr, opaque, S,in_addr,a, Defined
2147482851.2147482945.2147482932.2147482908.2147482907, security.jail.param.ip4., integer, E,jailsys, Defined

Obviously "security.jail.param.ip4" is the (internal node) father and "security.jail.param.ip4." is a (leaf) child, they are not dublicates but distinct objects.

We can use deskutils/sysctlview for a real GUI representation, in asciiart:

2147482851 "security"
      |
2147482945 "jail"
      |
2147482932 "param"
      |
2147482908 "ip4"
   ___|_____________________________________
   |                      |                |
2147482905 "saddrsel" 2147482906 "addr" 2147482907 "\0" (<-"security.jail.param.ip4.\0")


Conclusion, the output of sysctl is correct, of course a jail expert could update the descriptions to avoid confusion.