kern_jail.c (219819) | kern_jail.c (220137) |
---|---|
1/*- 2 * Copyright (c) 1999 Poul-Henning Kamp. 3 * Copyright (c) 2008 Bjoern A. Zeeb. 4 * Copyright (c) 2009 James Gritton. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 13 unchanged lines hidden (view full) --- 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999 Poul-Henning Kamp. 3 * Copyright (c) 2008 Bjoern A. Zeeb. 4 * Copyright (c) 2009 James Gritton. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions --- 13 unchanged lines hidden (view full) --- 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <sys/cdefs.h> |
30__FBSDID("$FreeBSD: head/sys/kern/kern_jail.c 219819 2011-03-21 09:40:01Z jeff $"); | 30__FBSDID("$FreeBSD: head/sys/kern/kern_jail.c 220137 2011-03-29 17:47:25Z trasz $"); |
31 32#include "opt_compat.h" 33#include "opt_ddb.h" 34#include "opt_inet.h" 35#include "opt_inet6.h" 36 37#include <sys/param.h> 38#include <sys/types.h> --- 5 unchanged lines hidden (view full) --- 44#include <sys/osd.h> 45#include <sys/priv.h> 46#include <sys/proc.h> 47#include <sys/taskqueue.h> 48#include <sys/fcntl.h> 49#include <sys/jail.h> 50#include <sys/lock.h> 51#include <sys/mutex.h> | 31 32#include "opt_compat.h" 33#include "opt_ddb.h" 34#include "opt_inet.h" 35#include "opt_inet6.h" 36 37#include <sys/param.h> 38#include <sys/types.h> --- 5 unchanged lines hidden (view full) --- 44#include <sys/osd.h> 45#include <sys/priv.h> 46#include <sys/proc.h> 47#include <sys/taskqueue.h> 48#include <sys/fcntl.h> 49#include <sys/jail.h> 50#include <sys/lock.h> 51#include <sys/mutex.h> |
52#include <sys/racct.h> |
|
52#include <sys/sx.h> 53#include <sys/sysent.h> 54#include <sys/namei.h> 55#include <sys/mount.h> 56#include <sys/queue.h> 57#include <sys/socket.h> 58#include <sys/syscallsubr.h> 59#include <sys/sysctl.h> --- 1130 unchanged lines hidden (view full) --- 1190 /* Set some default values, and inherit some from the parent. */ 1191 if (name == NULL) 1192 name = ""; 1193 if (path == NULL) { 1194 path = "/"; 1195 root = mypr->pr_root; 1196 vref(root); 1197 } | 53#include <sys/sx.h> 54#include <sys/sysent.h> 55#include <sys/namei.h> 56#include <sys/mount.h> 57#include <sys/queue.h> 58#include <sys/socket.h> 59#include <sys/syscallsubr.h> 60#include <sys/sysctl.h> --- 1130 unchanged lines hidden (view full) --- 1191 /* Set some default values, and inherit some from the parent. */ 1192 if (name == NULL) 1193 name = ""; 1194 if (path == NULL) { 1195 path = "/"; 1196 root = mypr->pr_root; 1197 vref(root); 1198 } |
1199 racct_create(&pr->pr_racct); |
|
1198 strlcpy(pr->pr_hostuuid, DEFAULT_HOSTUUID, HOSTUUIDLEN); 1199 pr->pr_flags |= PR_HOST; 1200#if defined(INET) || defined(INET6) 1201#ifdef VIMAGE 1202 if (!(pr_flags & PR_VNET)) 1203#endif 1204 { 1205#ifdef INET --- 1084 unchanged lines hidden (view full) --- 2290 newcred = crget(); 2291 PROC_LOCK(p); 2292 oldcred = p->p_ucred; 2293 setsugid(p); 2294 crcopy(newcred, oldcred); 2295 newcred->cr_prison = pr; 2296 p->p_ucred = newcred; 2297 PROC_UNLOCK(p); | 1200 strlcpy(pr->pr_hostuuid, DEFAULT_HOSTUUID, HOSTUUIDLEN); 1201 pr->pr_flags |= PR_HOST; 1202#if defined(INET) || defined(INET6) 1203#ifdef VIMAGE 1204 if (!(pr_flags & PR_VNET)) 1205#endif 1206 { 1207#ifdef INET --- 1084 unchanged lines hidden (view full) --- 2292 newcred = crget(); 2293 PROC_LOCK(p); 2294 oldcred = p->p_ucred; 2295 setsugid(p); 2296 crcopy(newcred, oldcred); 2297 newcred->cr_prison = pr; 2298 p->p_ucred = newcred; 2299 PROC_UNLOCK(p); |
2300#ifdef RACCT 2301 racct_proc_ucred_changed(p, oldcred, newcred); 2302#endif |
|
2298 crfree(oldcred); 2299 prison_deref(ppr, PD_DEREF | PD_DEUREF); 2300 return (0); 2301 e_unlock: 2302 VOP_UNLOCK(pr->pr_root, 0); 2303 e_unlock_giant: 2304 VFS_UNLOCK_GIANT(vfslocked); 2305 e_revert_osd: --- 216 unchanged lines hidden (view full) --- 2522 free(pr->pr_ip4, M_PRISON); 2523#endif 2524#ifdef INET6 2525 free(pr->pr_ip6, M_PRISON); 2526#endif 2527 if (pr->pr_cpuset != NULL) 2528 cpuset_rel(pr->pr_cpuset); 2529 osd_jail_exit(pr); | 2303 crfree(oldcred); 2304 prison_deref(ppr, PD_DEREF | PD_DEUREF); 2305 return (0); 2306 e_unlock: 2307 VOP_UNLOCK(pr->pr_root, 0); 2308 e_unlock_giant: 2309 VFS_UNLOCK_GIANT(vfslocked); 2310 e_revert_osd: --- 216 unchanged lines hidden (view full) --- 2527 free(pr->pr_ip4, M_PRISON); 2528#endif 2529#ifdef INET6 2530 free(pr->pr_ip6, M_PRISON); 2531#endif 2532 if (pr->pr_cpuset != NULL) 2533 cpuset_rel(pr->pr_cpuset); 2534 osd_jail_exit(pr); |
2535 racct_destroy(&pr->pr_racct); |
|
2530 free(pr, M_PRISON); 2531 2532 /* Removing a prison frees a reference on its parent. */ 2533 pr = ppr; 2534 mtx_lock(&pr->pr_mtx); 2535 flags = PD_DEREF; 2536 } 2537} --- 1720 unchanged lines hidden (view full) --- 4258 "B", "Jail may alter system file flags"); 4259SYSCTL_JAIL_PARAM(_allow, mount, CTLTYPE_INT | CTLFLAG_RW, 4260 "B", "Jail may mount/unmount jail-friendly file systems"); 4261SYSCTL_JAIL_PARAM(_allow, quotas, CTLTYPE_INT | CTLFLAG_RW, 4262 "B", "Jail may set file quotas"); 4263SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW, 4264 "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route"); 4265 | 2536 free(pr, M_PRISON); 2537 2538 /* Removing a prison frees a reference on its parent. */ 2539 pr = ppr; 2540 mtx_lock(&pr->pr_mtx); 2541 flags = PD_DEREF; 2542 } 2543} --- 1720 unchanged lines hidden (view full) --- 4264 "B", "Jail may alter system file flags"); 4265SYSCTL_JAIL_PARAM(_allow, mount, CTLTYPE_INT | CTLFLAG_RW, 4266 "B", "Jail may mount/unmount jail-friendly file systems"); 4267SYSCTL_JAIL_PARAM(_allow, quotas, CTLTYPE_INT | CTLFLAG_RW, 4268 "B", "Jail may set file quotas"); 4269SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW, 4270 "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route"); 4271 |
4272void 4273prison_racct_foreach(void (*callback)(struct racct *racct, 4274 void *arg2, void *arg3), void *arg2, void *arg3) 4275{ 4276 struct prison *pr; |
|
4266 | 4277 |
4278 sx_slock(&allprison_lock); 4279 TAILQ_FOREACH(pr, &allprison, pr_list) 4280 (callback)(pr->pr_racct, arg2, arg3); 4281 sx_sunlock(&allprison_lock); 4282} 4283 |
|
4267#ifdef DDB 4268 4269static void 4270db_show_prison(struct prison *pr) 4271{ 4272 int fi; 4273#if defined(INET) || defined(INET6) 4274 int ii; --- 106 unchanged lines hidden --- | 4284#ifdef DDB 4285 4286static void 4287db_show_prison(struct prison *pr) 4288{ 4289 int fi; 4290#if defined(INET) || defined(INET6) 4291 int ii; --- 106 unchanged lines hidden --- |