Back out r210974. Any convenience of not typing "persist" is outweighed

by the possibility of unintended partially-formed jails.

1 files changed, 6 insertions, 2 deletions

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 92e1439..ded2379 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -599,8 +599,6 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
 		vfs_flagopt(opts, pr_flag_names[fi], &pr_flags, 1 << fi);
 		vfs_flagopt(opts, pr_flag_nonames[fi], &ch_flags, 1 << fi);
 	}
-	if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE)
-	    pr_flags |= PR_PERSIST;
 	ch_flags |= pr_flags;
 	for (fi = 0; fi < sizeof(pr_flag_jailsys) / sizeof(pr_flag_jailsys[0]);
 	    fi++) {
@@ -630,6 +628,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
 		ch_flags |=
 		    pr_flag_jailsys[fi].new | pr_flag_jailsys[fi].disable;
 	}
+	if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE
+	    && !(pr_flags & PR_PERSIST)) {
+		error = EINVAL;
+		vfs_opterror(opts, "new jail must persist or attach");
+		goto done_errmsg;
+	}
 #ifdef VIMAGE
 	if ((flags & JAIL_UPDATE) && (ch_flags & PR_VNET)) {
 		error = EINVAL;