kern_jail.c (195741) | kern_jail.c (195870) |
---|---|
1/*- 2 * Copyright (c) 1999 Poul-Henning Kamp. 3 * Copyright (c) 2008 Bjoern A. Zeeb. 4 * Copyright (c) 2009 James Gritton. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 13 unchanged lines hidden (view full) --- 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999 Poul-Henning Kamp. 3 * Copyright (c) 2008 Bjoern A. Zeeb. 4 * Copyright (c) 2009 James Gritton. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 13 unchanged lines hidden (view full) --- 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <sys/cdefs.h> |
30__FBSDID("$FreeBSD: head/sys/kern/kern_jail.c 195741 2009-07-17 14:48:21Z jamie $"); | 30__FBSDID("$FreeBSD: head/sys/kern/kern_jail.c 195870 2009-07-25 14:48:57Z jamie $"); |
31 32#include "opt_compat.h" 33#include "opt_ddb.h" 34#include "opt_inet.h" 35#include "opt_inet6.h" 36 37#include <sys/param.h> 38#include <sys/types.h> --- 76 unchanged lines hidden (view full) --- 115#define PD_LIST_SLOCKED 0x08 116#define PD_LIST_XLOCKED 0x10 117 118/* 119 * Parameter names corresponding to PR_* flag values 120 */ 121static char *pr_flag_names[] = { 122 [0] = "persist", | 31 32#include "opt_compat.h" 33#include "opt_ddb.h" 34#include "opt_inet.h" 35#include "opt_inet6.h" 36 37#include <sys/param.h> 38#include <sys/types.h> --- 76 unchanged lines hidden (view full) --- 115#define PD_LIST_SLOCKED 0x08 116#define PD_LIST_XLOCKED 0x10 117 118/* 119 * Parameter names corresponding to PR_* flag values 120 */ 121static char *pr_flag_names[] = { 122 [0] = "persist", |
123 "host", 124#ifdef INET 125 "ip4", 126#endif 127#ifdef INET6 128 [3] = "ip6", 129#endif 130#ifdef VIMAGE 131 [4] = "vnet", 132#endif | |
133}; 134 135static char *pr_flag_nonames[] = { 136 [0] = "nopersist", | 123}; 124 125static char *pr_flag_nonames[] = { 126 [0] = "nopersist", |
137 "nohost", | 127}; 128 129struct jailsys_flags { 130 const char *name; 131 unsigned disable; 132 unsigned new; 133} pr_flag_jailsys[] = { 134 { "host", 0, PR_HOST }, 135#ifdef VIMAGE 136 { "vnet", 0, PR_VNET }, 137#endif |
138#ifdef INET | 138#ifdef INET |
139 "noip4", | 139 { "ip4", PR_IP4_USER | PR_IP4_DISABLE, PR_IP4_USER }, |
140#endif 141#ifdef INET6 | 140#endif 141#ifdef INET6 |
142 [3] = "noip6", | 142 { "ip6", PR_IP6_USER | PR_IP6_DISABLE, PR_IP6_USER }, |
143#endif | 143#endif |
144#ifdef VIMAGE 145 [4] = "novnet", 146#endif | |
147}; 148 149static char *pr_allow_names[] = { 150 "allow.set_hostname", 151 "allow.sysvipc", 152 "allow.raw_sockets", 153 "allow.chflags", 154 "allow.mount", --- 318 unchanged lines hidden (view full) --- 473 struct vnode *root; 474 char *domain, *errmsg, *host, *name, *p, *path, *uuid; 475#if defined(INET) || defined(INET6) 476 void *op; 477#endif 478 unsigned long hid; 479 size_t namelen, onamelen; 480 int created, cuflags, descend, enforce, error, errmsg_len, errmsg_pos; | 144}; 145 146static char *pr_allow_names[] = { 147 "allow.set_hostname", 148 "allow.sysvipc", 149 "allow.raw_sockets", 150 "allow.chflags", 151 "allow.mount", --- 318 unchanged lines hidden (view full) --- 470 struct vnode *root; 471 char *domain, *errmsg, *host, *name, *p, *path, *uuid; 472#if defined(INET) || defined(INET6) 473 void *op; 474#endif 475 unsigned long hid; 476 size_t namelen, onamelen; 477 int created, cuflags, descend, enforce, error, errmsg_len, errmsg_pos; |
481 int gotchildmax, gotenforce, gothid, gotslevel, fi, jid, len, level; | 478 int gotchildmax, gotenforce, gothid, gotslevel; 479 int fi, jid, jsys, len, level; |
482 int childmax, slevel, vfslocked; 483#if defined(INET) || defined(INET6) 484 int ii, ij; 485#endif 486#ifdef INET 487 int ip4s, ip4a, redo_ip4; 488#endif 489#ifdef INET6 --- 74 unchanged lines hidden (view full) --- 564 for (fi = 0; fi < sizeof(pr_flag_names) / sizeof(pr_flag_names[0]); 565 fi++) { 566 if (pr_flag_names[fi] == NULL) 567 continue; 568 vfs_flagopt(opts, pr_flag_names[fi], &pr_flags, 1 << fi); 569 vfs_flagopt(opts, pr_flag_nonames[fi], &ch_flags, 1 << fi); 570 } 571 ch_flags |= pr_flags; | 480 int childmax, slevel, vfslocked; 481#if defined(INET) || defined(INET6) 482 int ii, ij; 483#endif 484#ifdef INET 485 int ip4s, ip4a, redo_ip4; 486#endif 487#ifdef INET6 --- 74 unchanged lines hidden (view full) --- 562 for (fi = 0; fi < sizeof(pr_flag_names) / sizeof(pr_flag_names[0]); 563 fi++) { 564 if (pr_flag_names[fi] == NULL) 565 continue; 566 vfs_flagopt(opts, pr_flag_names[fi], &pr_flags, 1 << fi); 567 vfs_flagopt(opts, pr_flag_nonames[fi], &ch_flags, 1 << fi); 568 } 569 ch_flags |= pr_flags; |
570 for (fi = 0; fi < sizeof(pr_flag_jailsys) / sizeof(pr_flag_jailsys[0]); 571 fi++) { 572 error = vfs_copyopt(opts, pr_flag_jailsys[fi].name, &jsys, 573 sizeof(jsys)); 574 if (error == ENOENT) 575 continue; 576 if (error != 0) 577 goto done_free; 578 switch (jsys) { 579 case JAIL_SYS_DISABLE: 580 if (!pr_flag_jailsys[fi].disable) { 581 error = EINVAL; 582 goto done_free; 583 } 584 pr_flags |= pr_flag_jailsys[fi].disable; 585 break; 586 case JAIL_SYS_NEW: 587 pr_flags |= pr_flag_jailsys[fi].new; 588 break; 589 case JAIL_SYS_INHERIT: 590 break; 591 default: 592 error = EINVAL; 593 goto done_free; 594 } 595 ch_flags |= 596 pr_flag_jailsys[fi].new | pr_flag_jailsys[fi].disable; 597 } |
|
572 if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE 573 && !(pr_flags & PR_PERSIST)) { 574 error = EINVAL; 575 vfs_opterror(opts, "new jail must persist or attach"); 576 goto done_errmsg; 577 } 578#ifdef VIMAGE 579 if ((flags & JAIL_UPDATE) && (ch_flags & PR_VNET)) { --- 99 unchanged lines hidden (view full) --- 679 ch_flags |= PR_HOST; 680 pr_flags |= PR_HOST; 681 } 682 683 /* This might be the second time around for this option. */ 684#ifdef INET 685 error = vfs_getopt(opts, "ip4.addr", &op, &ip4s); 686 if (error == ENOENT) | 598 if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE 599 && !(pr_flags & PR_PERSIST)) { 600 error = EINVAL; 601 vfs_opterror(opts, "new jail must persist or attach"); 602 goto done_errmsg; 603 } 604#ifdef VIMAGE 605 if ((flags & JAIL_UPDATE) && (ch_flags & PR_VNET)) { --- 99 unchanged lines hidden (view full) --- 705 ch_flags |= PR_HOST; 706 pr_flags |= PR_HOST; 707 } 708 709 /* This might be the second time around for this option. */ 710#ifdef INET 711 error = vfs_getopt(opts, "ip4.addr", &op, &ip4s); 712 if (error == ENOENT) |
687 ip4s = -1; | 713 ip4s = (pr_flags & PR_IP4_DISABLE) ? 0 : -1; |
688 else if (error != 0) 689 goto done_free; 690 else if (ip4s & (sizeof(*ip4) - 1)) { 691 error = EINVAL; 692 goto done_free; 693 } else { | 714 else if (error != 0) 715 goto done_free; 716 else if (ip4s & (sizeof(*ip4) - 1)) { 717 error = EINVAL; 718 goto done_free; 719 } else { |
694 ch_flags |= PR_IP4_USER; 695 pr_flags |= PR_IP4_USER; 696 if (ip4s > 0) { | 720 ch_flags |= PR_IP4_USER | PR_IP4_DISABLE; 721 if (ip4s == 0) 722 pr_flags |= PR_IP4_USER | PR_IP4_DISABLE; 723 else { 724 pr_flags = (pr_flags & ~PR_IP4_DISABLE) | PR_IP4_USER; |
697 ip4s /= sizeof(*ip4); 698 if (ip4s > jail_max_af_ips) { 699 error = EINVAL; 700 vfs_opterror(opts, "too many IPv4 addresses"); 701 goto done_errmsg; 702 } 703 if (ip4a < ip4s) { 704 ip4a = ip4s; --- 35 unchanged lines hidden (view full) --- 740 } 741 } 742 } 743#endif 744 745#ifdef INET6 746 error = vfs_getopt(opts, "ip6.addr", &op, &ip6s); 747 if (error == ENOENT) | 725 ip4s /= sizeof(*ip4); 726 if (ip4s > jail_max_af_ips) { 727 error = EINVAL; 728 vfs_opterror(opts, "too many IPv4 addresses"); 729 goto done_errmsg; 730 } 731 if (ip4a < ip4s) { 732 ip4a = ip4s; --- 35 unchanged lines hidden (view full) --- 768 } 769 } 770 } 771#endif 772 773#ifdef INET6 774 error = vfs_getopt(opts, "ip6.addr", &op, &ip6s); 775 if (error == ENOENT) |
748 ip6s = -1; | 776 ip6s = (pr_flags & PR_IP6_DISABLE) ? 0 : -1; |
749 else if (error != 0) 750 goto done_free; 751 else if (ip6s & (sizeof(*ip6) - 1)) { 752 error = EINVAL; 753 goto done_free; 754 } else { | 777 else if (error != 0) 778 goto done_free; 779 else if (ip6s & (sizeof(*ip6) - 1)) { 780 error = EINVAL; 781 goto done_free; 782 } else { |
755 ch_flags |= PR_IP6_USER; 756 pr_flags |= PR_IP6_USER; 757 if (ip6s > 0) { | 783 ch_flags |= PR_IP6_USER | PR_IP6_DISABLE; 784 if (ip6s == 0) 785 pr_flags |= PR_IP6_USER | PR_IP6_DISABLE; 786 else { 787 pr_flags = (pr_flags & ~PR_IP6_DISABLE) | PR_IP6_USER; |
758 ip6s /= sizeof(*ip6); 759 if (ip6s > jail_max_af_ips) { 760 error = EINVAL; 761 vfs_opterror(opts, "too many IPv6 addresses"); 762 goto done_errmsg; 763 } 764 if (ip6a < ip6s) { 765 ip6a = ip6s; --- 1197 unchanged lines hidden (view full) --- 1963 error = vfs_setopt(opts, pr_flag_names[fi], &i, sizeof(i)); 1964 if (error != 0 && error != ENOENT) 1965 goto done_deref; 1966 i = !i; 1967 error = vfs_setopt(opts, pr_flag_nonames[fi], &i, sizeof(i)); 1968 if (error != 0 && error != ENOENT) 1969 goto done_deref; 1970 } | 788 ip6s /= sizeof(*ip6); 789 if (ip6s > jail_max_af_ips) { 790 error = EINVAL; 791 vfs_opterror(opts, "too many IPv6 addresses"); 792 goto done_errmsg; 793 } 794 if (ip6a < ip6s) { 795 ip6a = ip6s; --- 1197 unchanged lines hidden (view full) --- 1993 error = vfs_setopt(opts, pr_flag_names[fi], &i, sizeof(i)); 1994 if (error != 0 && error != ENOENT) 1995 goto done_deref; 1996 i = !i; 1997 error = vfs_setopt(opts, pr_flag_nonames[fi], &i, sizeof(i)); 1998 if (error != 0 && error != ENOENT) 1999 goto done_deref; 2000 } |
2001 for (fi = 0; fi < sizeof(pr_flag_jailsys) / sizeof(pr_flag_jailsys[0]); 2002 fi++) { 2003 i = pr->pr_flags & 2004 (pr_flag_jailsys[fi].disable | pr_flag_jailsys[fi].new); 2005 i = pr_flag_jailsys[fi].disable && 2006 (i == pr_flag_jailsys[fi].disable) ? JAIL_SYS_DISABLE 2007 : (i == pr_flag_jailsys[fi].new) ? JAIL_SYS_NEW 2008 : JAIL_SYS_INHERIT; 2009 error = 2010 vfs_setopt(opts, pr_flag_jailsys[fi].name, &i, sizeof(i)); 2011 if (error != 0 && error != ENOENT) 2012 goto done_deref; 2013 } |
|
1971 for (fi = 0; fi < sizeof(pr_allow_names) / sizeof(pr_allow_names[0]); 1972 fi++) { 1973 if (pr_allow_names[fi] == NULL) 1974 continue; 1975 i = (pr->pr_allow & (1 << fi)) ? 1 : 0; 1976 error = vfs_setopt(opts, pr_allow_names[fi], &i, sizeof(i)); 1977 if (error != 0 && error != ENOENT) 1978 goto done_deref; --- 630 unchanged lines hidden (view full) --- 2609 ij++; 2610 break; 2611 case 1: 2612 ij++; 2613 break; 2614 } 2615 } 2616 if (pr->pr_ip4s == 0) { | 2014 for (fi = 0; fi < sizeof(pr_allow_names) / sizeof(pr_allow_names[0]); 2015 fi++) { 2016 if (pr_allow_names[fi] == NULL) 2017 continue; 2018 i = (pr->pr_allow & (1 << fi)) ? 1 : 0; 2019 error = vfs_setopt(opts, pr_allow_names[fi], &i, sizeof(i)); 2020 if (error != 0 && error != ENOENT) 2021 goto done_deref; --- 630 unchanged lines hidden (view full) --- 2652 ij++; 2653 break; 2654 case 1: 2655 ij++; 2656 break; 2657 } 2658 } 2659 if (pr->pr_ip4s == 0) { |
2660 pr->pr_flags |= PR_IP4_DISABLE; |
|
2617 free(pr->pr_ip4, M_PRISON); 2618 pr->pr_ip4 = NULL; 2619 } 2620 } 2621 return (0); 2622} 2623 2624/* --- 288 unchanged lines hidden (view full) --- 2913 ij++; 2914 break; 2915 case 1: 2916 ij++; 2917 break; 2918 } 2919 } 2920 if (pr->pr_ip6s == 0) { | 2661 free(pr->pr_ip4, M_PRISON); 2662 pr->pr_ip4 = NULL; 2663 } 2664 } 2665 return (0); 2666} 2667 2668/* --- 288 unchanged lines hidden (view full) --- 2957 ij++; 2958 break; 2959 case 1: 2960 ij++; 2961 break; 2962 } 2963 } 2964 if (pr->pr_ip6s == 0) { |
2965 pr->pr_flags |= PR_IP6_DISABLE; |
|
2921 free(pr->pr_ip6, M_PRISON); 2922 pr->pr_ip6 = NULL; 2923 } 2924 } 2925 return 0; 2926} 2927 2928/* --- 1101 unchanged lines hidden (view full) --- 4030SYSCTL_JAIL_PARAM(, securelevel, CTLTYPE_INT | CTLFLAG_RW, 4031 "I", "Jail secure level"); 4032SYSCTL_JAIL_PARAM(, enforce_statfs, CTLTYPE_INT | CTLFLAG_RW, 4033 "I", "Jail cannot see all mounted file systems"); 4034SYSCTL_JAIL_PARAM(, persist, CTLTYPE_INT | CTLFLAG_RW, 4035 "B", "Jail persistence"); 4036#ifdef VIMAGE 4037SYSCTL_JAIL_PARAM(, vnet, CTLTYPE_INT | CTLFLAG_RDTUN, | 2966 free(pr->pr_ip6, M_PRISON); 2967 pr->pr_ip6 = NULL; 2968 } 2969 } 2970 return 0; 2971} 2972 2973/* --- 1101 unchanged lines hidden (view full) --- 4075SYSCTL_JAIL_PARAM(, securelevel, CTLTYPE_INT | CTLFLAG_RW, 4076 "I", "Jail secure level"); 4077SYSCTL_JAIL_PARAM(, enforce_statfs, CTLTYPE_INT | CTLFLAG_RW, 4078 "I", "Jail cannot see all mounted file systems"); 4079SYSCTL_JAIL_PARAM(, persist, CTLTYPE_INT | CTLFLAG_RW, 4080 "B", "Jail persistence"); 4081#ifdef VIMAGE 4082SYSCTL_JAIL_PARAM(, vnet, CTLTYPE_INT | CTLFLAG_RDTUN, |
4038 "B", "Virtual network stack"); | 4083 "E,jailsys", "Virtual network stack"); |
4039#endif 4040SYSCTL_JAIL_PARAM(, dying, CTLTYPE_INT | CTLFLAG_RD, 4041 "B", "Jail is in the process of shutting down"); 4042 4043SYSCTL_JAIL_PARAM_NODE(children, "Number of child jails"); 4044SYSCTL_JAIL_PARAM(_children, cur, CTLTYPE_INT | CTLFLAG_RD, 4045 "I", "Current number of child jails"); 4046SYSCTL_JAIL_PARAM(_children, max, CTLTYPE_INT | CTLFLAG_RW, 4047 "I", "Maximum number of child jails"); 4048 | 4084#endif 4085SYSCTL_JAIL_PARAM(, dying, CTLTYPE_INT | CTLFLAG_RD, 4086 "B", "Jail is in the process of shutting down"); 4087 4088SYSCTL_JAIL_PARAM_NODE(children, "Number of child jails"); 4089SYSCTL_JAIL_PARAM(_children, cur, CTLTYPE_INT | CTLFLAG_RD, 4090 "I", "Current number of child jails"); 4091SYSCTL_JAIL_PARAM(_children, max, CTLTYPE_INT | CTLFLAG_RW, 4092 "I", "Maximum number of child jails"); 4093 |
4049SYSCTL_JAIL_PARAM_NODE(host, "Jail host info"); 4050SYSCTL_JAIL_PARAM(, nohost, CTLTYPE_INT | CTLFLAG_RW, 4051 "BN", "Jail w/ no host info"); | 4094SYSCTL_JAIL_PARAM_SYS_NODE(host, CTLFLAG_RW, "Jail host info"); |
4052SYSCTL_JAIL_PARAM_STRING(_host, hostname, CTLFLAG_RW, MAXHOSTNAMELEN, 4053 "Jail hostname"); 4054SYSCTL_JAIL_PARAM_STRING(_host, domainname, CTLFLAG_RW, MAXHOSTNAMELEN, 4055 "Jail NIS domainname"); 4056SYSCTL_JAIL_PARAM_STRING(_host, hostuuid, CTLFLAG_RW, HOSTUUIDLEN, 4057 "Jail host UUID"); 4058SYSCTL_JAIL_PARAM(_host, hostid, CTLTYPE_ULONG | CTLFLAG_RW, 4059 "LU", "Jail host ID"); 4060 4061SYSCTL_JAIL_PARAM_NODE(cpuset, "Jail cpuset"); 4062SYSCTL_JAIL_PARAM(_cpuset, id, CTLTYPE_INT | CTLFLAG_RD, "I", "Jail cpuset ID"); 4063 4064#ifdef INET | 4095SYSCTL_JAIL_PARAM_STRING(_host, hostname, CTLFLAG_RW, MAXHOSTNAMELEN, 4096 "Jail hostname"); 4097SYSCTL_JAIL_PARAM_STRING(_host, domainname, CTLFLAG_RW, MAXHOSTNAMELEN, 4098 "Jail NIS domainname"); 4099SYSCTL_JAIL_PARAM_STRING(_host, hostuuid, CTLFLAG_RW, HOSTUUIDLEN, 4100 "Jail host UUID"); 4101SYSCTL_JAIL_PARAM(_host, hostid, CTLTYPE_ULONG | CTLFLAG_RW, 4102 "LU", "Jail host ID"); 4103 4104SYSCTL_JAIL_PARAM_NODE(cpuset, "Jail cpuset"); 4105SYSCTL_JAIL_PARAM(_cpuset, id, CTLTYPE_INT | CTLFLAG_RD, "I", "Jail cpuset ID"); 4106 4107#ifdef INET |
4065SYSCTL_JAIL_PARAM_NODE(ip4, "Jail IPv4 address virtualization"); 4066SYSCTL_JAIL_PARAM(, noip4, CTLTYPE_INT | CTLFLAG_RW, 4067 "BN", "Jail w/ no IP address virtualization"); | 4108SYSCTL_JAIL_PARAM_SYS_NODE(ip4, CTLFLAG_RW, "Jail IPv4 address virtualization"); |
4068SYSCTL_JAIL_PARAM_STRUCT(_ip4, addr, CTLFLAG_RW, sizeof(struct in_addr), 4069 "S,in_addr,a", "Jail IPv4 addresses"); 4070#endif 4071#ifdef INET6 | 4109SYSCTL_JAIL_PARAM_STRUCT(_ip4, addr, CTLFLAG_RW, sizeof(struct in_addr), 4110 "S,in_addr,a", "Jail IPv4 addresses"); 4111#endif 4112#ifdef INET6 |
4072SYSCTL_JAIL_PARAM_NODE(ip6, "Jail IPv6 address virtualization"); 4073SYSCTL_JAIL_PARAM(, noip6, CTLTYPE_INT | CTLFLAG_RW, 4074 "BN", "Jail w/ no IP address virtualization"); | 4113SYSCTL_JAIL_PARAM_SYS_NODE(ip6, CTLFLAG_RW, "Jail IPv6 address virtualization"); |
4075SYSCTL_JAIL_PARAM_STRUCT(_ip6, addr, CTLFLAG_RW, sizeof(struct in6_addr), 4076 "S,in6_addr,a", "Jail IPv6 addresses"); 4077#endif 4078 4079SYSCTL_JAIL_PARAM_NODE(allow, "Jail permission flags"); 4080SYSCTL_JAIL_PARAM(_allow, set_hostname, CTLTYPE_INT | CTLFLAG_RW, 4081 "B", "Jail may set hostname"); 4082SYSCTL_JAIL_PARAM(_allow, sysvipc, CTLTYPE_INT | CTLFLAG_RW, --- 14 unchanged lines hidden (view full) --- 4097 4098static void 4099db_show_prison(struct prison *pr) 4100{ 4101 int fi; 4102#if defined(INET) || defined(INET6) 4103 int ii; 4104#endif | 4114SYSCTL_JAIL_PARAM_STRUCT(_ip6, addr, CTLFLAG_RW, sizeof(struct in6_addr), 4115 "S,in6_addr,a", "Jail IPv6 addresses"); 4116#endif 4117 4118SYSCTL_JAIL_PARAM_NODE(allow, "Jail permission flags"); 4119SYSCTL_JAIL_PARAM(_allow, set_hostname, CTLTYPE_INT | CTLFLAG_RW, 4120 "B", "Jail may set hostname"); 4121SYSCTL_JAIL_PARAM(_allow, sysvipc, CTLTYPE_INT | CTLFLAG_RW, --- 14 unchanged lines hidden (view full) --- 4136 4137static void 4138db_show_prison(struct prison *pr) 4139{ 4140 int fi; 4141#if defined(INET) || defined(INET6) 4142 int ii; 4143#endif |
4144 unsigned jsf; |
|
4105#ifdef INET6 4106 char ip6buf[INET6_ADDRSTRLEN]; 4107#endif 4108 4109 db_printf("prison %p:\n", pr); 4110 db_printf(" jid = %d\n", pr->pr_id); 4111 db_printf(" name = %s\n", pr->pr_name); 4112 db_printf(" parent = %p\n", pr->pr_parent); --- 10 unchanged lines hidden (view full) --- 4123 db_printf(" childcount = %d\n", pr->pr_childcount); 4124 db_printf(" child = %p\n", LIST_FIRST(&pr->pr_children)); 4125 db_printf(" sibling = %p\n", LIST_NEXT(pr, pr_sibling)); 4126 db_printf(" flags = %x", pr->pr_flags); 4127 for (fi = 0; fi < sizeof(pr_flag_names) / sizeof(pr_flag_names[0]); 4128 fi++) 4129 if (pr_flag_names[fi] != NULL && (pr->pr_flags & (1 << fi))) 4130 db_printf(" %s", pr_flag_names[fi]); | 4145#ifdef INET6 4146 char ip6buf[INET6_ADDRSTRLEN]; 4147#endif 4148 4149 db_printf("prison %p:\n", pr); 4150 db_printf(" jid = %d\n", pr->pr_id); 4151 db_printf(" name = %s\n", pr->pr_name); 4152 db_printf(" parent = %p\n", pr->pr_parent); --- 10 unchanged lines hidden (view full) --- 4163 db_printf(" childcount = %d\n", pr->pr_childcount); 4164 db_printf(" child = %p\n", LIST_FIRST(&pr->pr_children)); 4165 db_printf(" sibling = %p\n", LIST_NEXT(pr, pr_sibling)); 4166 db_printf(" flags = %x", pr->pr_flags); 4167 for (fi = 0; fi < sizeof(pr_flag_names) / sizeof(pr_flag_names[0]); 4168 fi++) 4169 if (pr_flag_names[fi] != NULL && (pr->pr_flags & (1 << fi))) 4170 db_printf(" %s", pr_flag_names[fi]); |
4171 for (fi = 0; fi < sizeof(pr_flag_jailsys) / sizeof(pr_flag_jailsys[0]); 4172 fi++) { 4173 jsf = pr->pr_flags & 4174 (pr_flag_jailsys[fi].disable | pr_flag_jailsys[fi].new); 4175 db_printf(" %-16s= %s\n", pr_flag_jailsys[fi].name, 4176 pr_flag_jailsys[fi].disable && 4177 (jsf == pr_flag_jailsys[fi].disable) ? "disable" 4178 : (jsf == pr_flag_jailsys[fi].new) ? "new" 4179 : "inherit"); 4180 } |
|
4131 db_printf(" allow = %x", pr->pr_allow); 4132 for (fi = 0; fi < sizeof(pr_allow_names) / sizeof(pr_allow_names[0]); 4133 fi++) 4134 if (pr_allow_names[fi] != NULL && (pr->pr_allow & (1 << fi))) 4135 db_printf(" %s", pr_allow_names[fi]); 4136 db_printf("\n"); 4137 db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs); 4138 db_printf(" host.hostname = %s\n", pr->pr_hostname); --- 59 unchanged lines hidden --- | 4181 db_printf(" allow = %x", pr->pr_allow); 4182 for (fi = 0; fi < sizeof(pr_allow_names) / sizeof(pr_allow_names[0]); 4183 fi++) 4184 if (pr_allow_names[fi] != NULL && (pr->pr_allow & (1 << fi))) 4185 db_printf(" %s", pr_allow_names[fi]); 4186 db_printf("\n"); 4187 db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs); 4188 db_printf(" host.hostname = %s\n", pr->pr_hostname); --- 59 unchanged lines hidden --- |