From 543b064bf2ec5d959291c12fdc20249ee730beec Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sun, 7 Nov 2021 17:35:51 +0100
Subject: [PATCH 280/325] Add sysctl to control whether or not
 pwd_chroot_chdir() calls chroot_refuse_vdir_fds()

Obtained from: ElectroBSD
---
 sys/kern/kern_descrip.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/sys/kern/kern_descrip.c b/sys/kern/kern_descrip.c
index 5c4eb530bd50..c2a64a45b61f 100644
--- a/sys/kern/kern_descrip.c
+++ b/sys/kern/kern_descrip.c
@@ -3290,6 +3290,12 @@ pwd_chdir(struct thread *td, struct vnode *vp)
 	vrele(oldvp);
 }
 
+static int pwd_chroot_chdir_check_open_directories = 1;
+
+SYSCTL_INT(_kern, OID_AUTO, pwd_chroot_chdir_check_open_directories, CTLFLAG_RW,
+    &pwd_chroot_chdir_check_open_directories, 0,
+    "Let pwd_chroot_chdir() check for open directories and fail if there are any");
+
 /*
  * jail_attach(2) changes both root and working directories.
  */
@@ -3302,10 +3308,12 @@ pwd_chroot_chdir(struct thread *td, struct vnode *vp)
 
 	fdp = td->td_proc->p_fd;
 	FILEDESC_XLOCK(fdp);
-	error = chroot_refuse_vdir_fds(fdp);
-	if (error != 0) {
-		FILEDESC_XUNLOCK(fdp);
-		return (error);
+	if (pwd_chroot_chdir_check_open_directories != 0) {
+		error = chroot_refuse_vdir_fds(fdp);
+		if (error != 0) {
+			FILEDESC_XUNLOCK(fdp);
+			return (error);
+		}
 	}
 	oldvrp = fdp->fd_rdir;
 	vrefact(vp);
-- 
2.32.0