# HG changeset patch
# User Franz Glasner <fzglas.hg@dom66.de>
# Date 1700406448 -3600
# Node ID 91b275a3facf75ad93bbd58c3f958ce39356b403
# Parent  d46315901037388d4aacc07fb67988a58fb646d4
Also check for any open files and memory mapping within the jail by using "procstat"

diff -r d46315901037 -r 91b275a3facf sbin/ftjail
--- a/sbin/ftjail	Sat Nov 18 08:37:14 2023 +0100
+++ b/sbin/ftjail	Sun Nov 19 16:07:28 2023 +0100
@@ -1045,7 +1045,24 @@
             return 1
         fi
     done
-
+    #
+    # Check whether there are any open files within the jail.
+    #
+    # "procstat file" also lists fifo, socket, message queue, kgueue et al.
+    # file types.
+    #
+    # Note that procstat places extra whitespace at the end of lines sometimes.
+    #
+    #
+    if procstat -a file | egrep '['$'\t '']+'"${_directory}"'(/|(['$'\t '']*)$)' ; then
+        echo "ERROR: There are open files within the jail" >&2
+        return 1
+    fi
+    # The same for memory mappings
+    if procstat -a vm | egrep '['$'\t '']+'"${_directory}"'(/|(['$'\t '']*)$)' ; then
+        echo "ERROR: There are open memory mappings within the jail" >&2
+        return 1
+    fi
 
     _dir_mounts="$(_get_mounts_at_directory "${_directory}")"