| kern_mib.c (87072) | kern_mib.c (87275) |
|---|---|
| 1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Mike Karels at Berkeley Software Design, Inc. 7 * 8 * Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD --- 23 unchanged lines hidden (view full) --- 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 | 1/*- 2 * Copyright (c) 1982, 1986, 1989, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * This code is derived from software contributed to Berkeley by 6 * Mike Karels at Berkeley Software Design, Inc. 7 * 8 * Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD --- 23 unchanged lines hidden (view full) --- 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94 |
| 40 * $FreeBSD: head/sys/kern/kern_mib.c 87072 2001-11-28 21:22:05Z rwatson $ | 40 * $FreeBSD: head/sys/kern/kern_mib.c 87275 2001-12-03 16:12:27Z rwatson $ |
| 41 */ 42 43#include "opt_global.h" 44#include "opt_posix.h" 45 46#include <sys/param.h> 47#include <sys/kernel.h> 48#include <sys/systm.h> 49#include <sys/sysctl.h> 50#include <sys/proc.h> | 41 */ 42 43#include "opt_global.h" 44#include "opt_posix.h" 45 46#include <sys/param.h> 47#include <sys/kernel.h> 48#include <sys/systm.h> 49#include <sys/sysctl.h> 50#include <sys/proc.h> |
| 51#include <sys/lock.h> 52#include <sys/mutex.h> |
|
| 51#include <sys/jail.h> 52#include <sys/smp.h> 53 54SYSCTL_NODE(, 0, sysctl, CTLFLAG_RW, 0, 55 "Sysctl internal magic"); 56SYSCTL_NODE(, CTL_KERN, kern, CTLFLAG_RW, 0, 57 "High kernel, proc, limits &c"); 58SYSCTL_NODE(, CTL_VM, vm, CTLFLAG_RW, 0, --- 91 unchanged lines hidden (view full) --- 150 machine_arch, 0, "System architecture"); 151 152char hostname[MAXHOSTNAMELEN]; 153 154static int 155sysctl_hostname(SYSCTL_HANDLER_ARGS) 156{ 157 struct prison *pr; | 53#include <sys/jail.h> 54#include <sys/smp.h> 55 56SYSCTL_NODE(, 0, sysctl, CTLFLAG_RW, 0, 57 "Sysctl internal magic"); 58SYSCTL_NODE(, CTL_KERN, kern, CTLFLAG_RW, 0, 59 "High kernel, proc, limits &c"); 60SYSCTL_NODE(, CTL_VM, vm, CTLFLAG_RW, 0, --- 91 unchanged lines hidden (view full) --- 152 machine_arch, 0, "System architecture"); 153 154char hostname[MAXHOSTNAMELEN]; 155 156static int 157sysctl_hostname(SYSCTL_HANDLER_ARGS) 158{ 159 struct prison *pr; |
| 160 char tmphostname[MAXHOSTNAMELEN]; |
|
| 158 int error; 159 160 pr = req->td->td_proc->p_ucred->cr_prison; 161 if (pr != NULL) { 162 if (!jail_set_hostname_allowed && req->newptr) 163 return (EPERM); | 161 int error; 162 163 pr = req->td->td_proc->p_ucred->cr_prison; 164 if (pr != NULL) { 165 if (!jail_set_hostname_allowed && req->newptr) 166 return (EPERM); |
| 164 error = sysctl_handle_string(oidp, pr->pr_host, | 167 /* 168 * Process is in jail, so make a local copy of jail 169 * hostname to get/set so we don't have to hold the jail 170 * mutex during the sysctl copyin/copyout activities. 171 */ 172 mtx_lock(&pr->pr_mtx); 173 bcopy(pr->pr_host, tmphostname, MAXHOSTNAMELEN); 174 mtx_unlock(&pr->pr_mtx); 175 176 error = sysctl_handle_string(oidp, tmphostname, |
| 165 sizeof pr->pr_host, req); | 177 sizeof pr->pr_host, req); |
| 178 179 if (req->newptr != NULL && error == 0) { 180 /* 181 * Copy the locally set hostname to the jail, if 182 * appropriate. 183 */ 184 mtx_lock(&pr->pr_mtx); 185 bcopy(tmphostname, pr->pr_host, MAXHOSTNAMELEN); 186 mtx_unlock(&pr->pr_mtx); 187 } |
|
| 166 } else 167 error = sysctl_handle_string(oidp, 168 hostname, sizeof hostname, req); 169 return (error); 170} 171 172SYSCTL_PROC(_kern, KERN_HOSTNAME, hostname, 173 CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON, --- 15 unchanged lines hidden (view full) --- 189 int error, level; 190 191 pr = req->td->td_proc->p_ucred->cr_prison; 192 193 /* 194 * If the process is in jail, return the maximum of the global and 195 * local levels; otherwise, return the global level. 196 */ | 188 } else 189 error = sysctl_handle_string(oidp, 190 hostname, sizeof hostname, req); 191 return (error); 192} 193 194SYSCTL_PROC(_kern, KERN_HOSTNAME, hostname, 195 CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON, --- 15 unchanged lines hidden (view full) --- 211 int error, level; 212 213 pr = req->td->td_proc->p_ucred->cr_prison; 214 215 /* 216 * If the process is in jail, return the maximum of the global and 217 * local levels; otherwise, return the global level. 218 */ |
| 197 if (pr != NULL) | 219 if (pr != NULL) { 220 mtx_lock(&pr->pr_mtx); |
| 198 level = imax(securelevel, pr->pr_securelevel); | 221 level = imax(securelevel, pr->pr_securelevel); |
| 199 else | 222 mtx_unlock(&pr->pr_mtx); 223 } else |
| 200 level = securelevel; 201 error = sysctl_handle_int(oidp, &level, 0, req); 202 if (error || !req->newptr) 203 return (error); 204 /* 205 * Permit update only if the new securelevel exceeds the 206 * global level, and local level if any. 207 */ 208 if (pr != NULL) { | 224 level = securelevel; 225 error = sysctl_handle_int(oidp, &level, 0, req); 226 if (error || !req->newptr) 227 return (error); 228 /* 229 * Permit update only if the new securelevel exceeds the 230 * global level, and local level if any. 231 */ 232 if (pr != NULL) { |
| 233 mtx_lock(&pr->pr_mtx); |
|
| 209 if (!regression_securelevel_nonmonotonic && | 234 if (!regression_securelevel_nonmonotonic && |
| 210 (level < imax(securelevel, pr->pr_securelevel))) | 235 (level < imax(securelevel, pr->pr_securelevel))) { 236 mtx_unlock(&pr->pr_mtx); |
| 211 return (EPERM); | 237 return (EPERM); |
| 238 } |
|
| 212 pr->pr_securelevel = level; | 239 pr->pr_securelevel = level; |
| 240 mtx_unlock(&pr->pr_mtx); |
|
| 213 } else { 214 if (!regression_securelevel_nonmonotonic && 215 (level < securelevel)) 216 return (EPERM); 217 securelevel = level; 218 } 219 return (error); 220} --- 79 unchanged lines hidden --- | 241 } else { 242 if (!regression_securelevel_nonmonotonic && 243 (level < securelevel)) 244 return (EPERM); 245 securelevel = level; 246 } 247 return (error); 248} --- 79 unchanged lines hidden --- |