jail.h (185029) | jail.h (185435) |
---|---|
1/*- 2 * ---------------------------------------------------------------------------- 3 * "THE BEER-WARE LICENSE" (Revision 42): 4 * <phk@FreeBSD.org> wrote this file. As long as you retain this notice you 5 * can do whatever you want with this stuff. If we meet some day, and you think 6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7 * ---------------------------------------------------------------------------- 8 * | 1/*- 2 * ---------------------------------------------------------------------------- 3 * "THE BEER-WARE LICENSE" (Revision 42): 4 * <phk@FreeBSD.org> wrote this file. As long as you retain this notice you 5 * can do whatever you want with this stuff. If we meet some day, and you think 6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7 * ---------------------------------------------------------------------------- 8 * |
9 * $FreeBSD: head/sys/sys/jail.h 185029 2008-11-17 20:49:29Z pjd $ | 9 * $FreeBSD: head/sys/sys/jail.h 185435 2008-11-29 14:32:14Z bz $ |
10 * 11 */ 12 13#ifndef _SYS_JAIL_H_ 14#define _SYS_JAIL_H_ 15 | 10 * 11 */ 12 13#ifndef _SYS_JAIL_H_ 14#define _SYS_JAIL_H_ 15 |
16struct jail { | 16#ifdef _KERNEL 17struct jail_v0 { |
17 u_int32_t version; 18 char *path; 19 char *hostname; 20 u_int32_t ip_number; 21}; | 18 u_int32_t version; 19 char *path; 20 char *hostname; 21 u_int32_t ip_number; 22}; |
23#endif |
|
22 | 24 |
25struct jail { 26 uint32_t version; 27 char *path; 28 char *hostname; 29 char *jailname; 30 uint32_t ip4s; 31 uint32_t ip6s; 32 struct in_addr *ip4; 33 struct in6_addr *ip6; 34}; 35#define JAIL_API_VERSION 2 36 37/* 38 * For all xprison structs, always keep the pr_version an int and 39 * the first variable so userspace can easily distinguish them. 40 */ 41#ifndef _KERNEL 42struct xprison_v1 { 43 int pr_version; 44 int pr_id; 45 char pr_path[MAXPATHLEN]; 46 char pr_host[MAXHOSTNAMELEN]; 47 u_int32_t pr_ip; 48}; 49#endif 50 |
|
23struct xprison { 24 int pr_version; 25 int pr_id; | 51struct xprison { 52 int pr_version; 53 int pr_id; |
54 int pr_state; 55 cpusetid_t pr_cpusetid; |
|
26 char pr_path[MAXPATHLEN]; 27 char pr_host[MAXHOSTNAMELEN]; | 56 char pr_path[MAXPATHLEN]; 57 char pr_host[MAXHOSTNAMELEN]; |
28 u_int32_t pr_ip; | 58 char pr_name[MAXHOSTNAMELEN]; 59 uint32_t pr_ip4s; 60 uint32_t pr_ip6s; 61#if 0 62 /* 63 * sizeof(xprison) will be malloced + size needed for all 64 * IPv4 and IPv6 addesses. Offsets are based numbers of addresses. 65 */ 66 struct in_addr pr_ip4[]; 67 struct in6_addr pr_ip6[]; 68#endif |
29}; | 69}; |
30#define XPRISON_VERSION 1 | 70#define XPRISON_VERSION 3 |
31 | 71 |
72static const struct prison_state { 73 int pr_state; 74 const char * state_name; 75} prison_states[] = { 76#define PRISON_STATE_INVALID 0 77 { PRISON_STATE_INVALID, "INVALID" }, 78#define PRISON_STATE_ALIVE 1 79 { PRISON_STATE_ALIVE, "ALIVE" }, 80#define PRISON_STATE_DYING 2 81 { PRISON_STATE_DYING, "DYING" }, 82}; 83 84 |
|
32#ifndef _KERNEL 33 34int jail(struct jail *); 35int jail_attach(int); 36 37#else /* _KERNEL */ 38 39#include <sys/queue.h> --- 7 unchanged lines hidden (view full) --- 47MALLOC_DECLARE(M_PRISON); 48#endif 49#endif /* _KERNEL */ 50 51#if defined(_KERNEL) || defined(_WANT_PRISON) 52 53#include <sys/osd.h> 54 | 85#ifndef _KERNEL 86 87int jail(struct jail *); 88int jail_attach(int); 89 90#else /* _KERNEL */ 91 92#include <sys/queue.h> --- 7 unchanged lines hidden (view full) --- 100MALLOC_DECLARE(M_PRISON); 101#endif 102#endif /* _KERNEL */ 103 104#if defined(_KERNEL) || defined(_WANT_PRISON) 105 106#include <sys/osd.h> 107 |
108struct cpuset; 109 |
|
55/* 56 * This structure describes a prison. It is pointed to by all struct 57 * ucreds's of the inmates. pr_ref keeps track of them and is used to 58 * delete the struture when the last inmate is dead. 59 * 60 * Lock key: 61 * (a) allprison_lock 62 * (p) locked by pr_mtx 63 * (c) set only during creation before the structure is shared, no mutex 64 * required to read 65 * (d) set only during destruction of jail, no mutex needed 66 */ 67struct prison { 68 LIST_ENTRY(prison) pr_list; /* (a) all prisons */ 69 int pr_id; /* (c) prison id */ 70 int pr_ref; /* (p) refcount */ | 110/* 111 * This structure describes a prison. It is pointed to by all struct 112 * ucreds's of the inmates. pr_ref keeps track of them and is used to 113 * delete the struture when the last inmate is dead. 114 * 115 * Lock key: 116 * (a) allprison_lock 117 * (p) locked by pr_mtx 118 * (c) set only during creation before the structure is shared, no mutex 119 * required to read 120 * (d) set only during destruction of jail, no mutex needed 121 */ 122struct prison { 123 LIST_ENTRY(prison) pr_list; /* (a) all prisons */ 124 int pr_id; /* (c) prison id */ 125 int pr_ref; /* (p) refcount */ |
126 int pr_state; /* (p) prison state */ 127 int pr_nprocs; /* (p) process count */ |
|
71 char pr_path[MAXPATHLEN]; /* (c) chroot path */ | 128 char pr_path[MAXPATHLEN]; /* (c) chroot path */ |
129 struct cpuset *pr_cpuset; /* (p) cpuset */ |
|
72 struct vnode *pr_root; /* (c) vnode to rdir */ 73 char pr_host[MAXHOSTNAMELEN]; /* (p) jail hostname */ | 130 struct vnode *pr_root; /* (c) vnode to rdir */ 131 char pr_host[MAXHOSTNAMELEN]; /* (p) jail hostname */ |
74 u_int32_t pr_ip; /* (c) ip addr host */ | 132 char pr_name[MAXHOSTNAMELEN]; /* (c) admin jail name */ |
75 void *pr_linux; /* (p) linux abi */ 76 int pr_securelevel; /* (p) securelevel */ 77 struct task pr_task; /* (d) destroy task */ 78 struct mtx pr_mtx; 79 struct osd pr_osd; /* (p) additional data */ | 133 void *pr_linux; /* (p) linux abi */ 134 int pr_securelevel; /* (p) securelevel */ 135 struct task pr_task; /* (d) destroy task */ 136 struct mtx pr_mtx; 137 struct osd pr_osd; /* (p) additional data */ |
138 int pr_ip4s; /* (c) number of v4 IPs */ 139 struct in_addr *pr_ip4; /* (c) v4 IPs of jail */ 140 int pr_ip6s; /* (c) number of v6 IPs */ 141 struct in6_addr *pr_ip6; /* (c) v6 IPs of jail */ |
|
80}; 81#endif /* _KERNEL || _WANT_PRISON */ 82 83#ifdef _KERNEL 84/* 85 * Sysctl-set variables that determine global jail policy 86 * 87 * XXX MIB entries will need to be protected by a mutex. --- 11 unchanged lines hidden (view full) --- 99 100/* 101 * Kernel support functions for jail(). 102 */ 103struct ucred; 104struct mount; 105struct sockaddr; 106struct statfs; | 142}; 143#endif /* _KERNEL || _WANT_PRISON */ 144 145#ifdef _KERNEL 146/* 147 * Sysctl-set variables that determine global jail policy 148 * 149 * XXX MIB entries will need to be protected by a mutex. --- 11 unchanged lines hidden (view full) --- 161 162/* 163 * Kernel support functions for jail(). 164 */ 165struct ucred; 166struct mount; 167struct sockaddr; 168struct statfs; |
169struct thread; 170int kern_jail(struct thread *, struct jail *); |
|
107int jailed(struct ucred *cred); 108void getcredhostname(struct ucred *cred, char *, size_t); 109int prison_check(struct ucred *cred1, struct ucred *cred2); 110int prison_canseemount(struct ucred *cred, struct mount *mp); 111void prison_enforce_statfs(struct ucred *cred, struct mount *mp, 112 struct statfs *sp); 113struct prison *prison_find(int prid); 114void prison_free(struct prison *pr); 115void prison_free_locked(struct prison *pr); | 171int jailed(struct ucred *cred); 172void getcredhostname(struct ucred *cred, char *, size_t); 173int prison_check(struct ucred *cred1, struct ucred *cred2); 174int prison_canseemount(struct ucred *cred, struct mount *mp); 175void prison_enforce_statfs(struct ucred *cred, struct mount *mp, 176 struct statfs *sp); 177struct prison *prison_find(int prid); 178void prison_free(struct prison *pr); 179void prison_free_locked(struct prison *pr); |
116u_int32_t prison_getip(struct ucred *cred); | |
117void prison_hold(struct prison *pr); 118void prison_hold_locked(struct prison *pr); | 180void prison_hold(struct prison *pr); 181void prison_hold_locked(struct prison *pr); |
182void prison_proc_hold(struct prison *); 183void prison_proc_free(struct prison *); 184int prison_getip4(struct ucred *cred, struct in_addr *ia); 185int prison_local_ip4(struct ucred *cred, struct in_addr *ia); 186int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); 187int prison_check_ip4(struct ucred *cred, struct in_addr *ia); 188#ifdef INET6 189int prison_getip6(struct ucred *, struct in6_addr *); 190int prison_local_ip6(struct ucred *, struct in6_addr *, int); 191int prison_remote_ip6(struct ucred *, struct in6_addr *); 192int prison_check_ip6(struct ucred *, struct in6_addr *); 193#endif |
|
119int prison_if(struct ucred *cred, struct sockaddr *sa); | 194int prison_if(struct ucred *cred, struct sockaddr *sa); |
120int prison_ip(struct ucred *cred, int flag, u_int32_t *ip); | |
121int prison_priv_check(struct ucred *cred, int priv); | 195int prison_priv_check(struct ucred *cred, int priv); |
122void prison_remote_ip(struct ucred *cred, int flags, u_int32_t *ip); | |
123 124/* 125 * Kernel jail services. 126 */ 127struct prison_service; 128typedef int (*prison_create_t)(struct prison_service *psrv, struct prison *pr); 129typedef int (*prison_destroy_t)(struct prison_service *psrv, struct prison *pr); 130 131struct prison_service *prison_service_register(const char *name, 132 prison_create_t create, prison_destroy_t destroy); 133void prison_service_deregister(struct prison_service *psrv); 134 135void prison_service_data_set(struct prison_service *psrv, struct prison *pr, 136 void *data); 137void *prison_service_data_get(struct prison_service *psrv, struct prison *pr); 138void *prison_service_data_del(struct prison_service *psrv, struct prison *pr); 139 140#endif /* _KERNEL */ 141#endif /* !_SYS_JAIL_H_ */ | 196 197/* 198 * Kernel jail services. 199 */ 200struct prison_service; 201typedef int (*prison_create_t)(struct prison_service *psrv, struct prison *pr); 202typedef int (*prison_destroy_t)(struct prison_service *psrv, struct prison *pr); 203 204struct prison_service *prison_service_register(const char *name, 205 prison_create_t create, prison_destroy_t destroy); 206void prison_service_deregister(struct prison_service *psrv); 207 208void prison_service_data_set(struct prison_service *psrv, struct prison *pr, 209 void *data); 210void *prison_service_data_get(struct prison_service *psrv, struct prison *pr); 211void *prison_service_data_del(struct prison_service *psrv, struct prison *pr); 212 213#endif /* _KERNEL */ 214#endif /* !_SYS_JAIL_H_ */ |