More clear version of previous namei/pledge/chroot solution. namei flag

KERNELPATH indicates this operation is being done on behalf of the kernel,
not a process, so ignore chroot of the current process context, start at /,
and skip unveil and pledge checks.  Discussed with beck and semarie

2 files changed, 12 insertions, 6 deletions

diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c
index 5a93a8bf48c..eaac8a09935 100644
--- a/sys/kern/vfs_lookup.c
+++ b/sys/kern/vfs_lookup.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vfs_lookup.c,v 1.73 2018/08/02 04:41:47 beck Exp $	*/
+/*	$OpenBSD: vfs_lookup.c,v 1.74 2018/08/13 23:11:44 deraadt Exp $	*/
 /*	$NetBSD: vfs_lookup.c,v 1.17 1996/02/09 19:00:59 christos Exp $	*/
 
 /*
@@ -171,12 +171,17 @@ fail:
 	/*
 	 * Get starting point for the translation.
 	 */
-	if ((ndp->ni_rootdir = fdp->fd_rdir) == NULL)
+	if ((ndp->ni_rootdir = fdp->fd_rdir) == NULL ||
+	    (ndp->ni_cnd.cn_flags & KERNELPATH))
 		ndp->ni_rootdir = rootvnode;
 
-	error = pledge_namei(p, ndp, cnp->cn_pnbuf);
-	if (error)
-		goto fail;
+	if (ndp->ni_cnd.cn_flags & KERNELPATH) {
+		ndp->ni_cnd.cn_flags |= BYPASSUNVEIL;
+	} else {
+		error = pledge_namei(p, ndp, cnp->cn_pnbuf);
+		if (error)
+			goto fail;
+	}
 
 	/*
 	 * Check if starting from root directory or current directory.
diff --git a/sys/sys/namei.h b/sys/sys/namei.h
index 6a25840319e..c57dcb8a3c5 100644
--- a/sys/sys/namei.h
+++ b/sys/sys/namei.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: namei.h,v 1.37 2018/08/11 16:16:07 beck Exp $	*/
+/*	$OpenBSD: namei.h,v 1.38 2018/08/13 23:11:44 deraadt Exp $	*/
 /*	$NetBSD: namei.h,v 1.11 1996/02/09 18:25:20 christos Exp $	*/
 
 /*
@@ -146,6 +146,7 @@ struct nameidata {
 #define STRIPSLASHES    0x100000      /* strip trailing slashes */
 #define PDIRUNLOCK	0x200000      /* vfs_lookup() unlocked parent dir */
 #define BYPASSUNVEIL	0x400000      /* bypass pledgepath check */
+#define KERNELPATH	0x800000      /* access file as kernel, not process */
 
 /*
  * Initialization of an nameidata structure.