| 337880 |
15-Aug-2018 |
jamie |
Load filesystem modules associated with allow.mount permissions.
PR: 192092 |
| 337876 |
15-Aug-2018 |
jamie |
MFC r331332:
If a jail parameter isn't found, try loading a related kernel module.
PR: 192092 |
| 256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation
|
| 241197 |
04-Oct-2012 |
jamie |
Fix some memory allocation errors:
* jail_setv will leak a parameter name if jailparam_import fails.
* jailparam_all loses the jailparam pointer on realloc error
(a clear freshman mistake).
* If jailparam_init fails, the caller doesn't need to jailparam_free
the buffer. That's not really clear, so set things to NULL allowing
jailparam_free to work without error (though it's still not required).
|
| 235799 |
22-May-2012 |
jamie |
The fix in r235291 re-broke the "allow.nomount" case. Re-fix it
by testing for the right parameter name.
|
| 235291 |
11-May-2012 |
jamie |
The linker isn't consistent in the ordering of dynamic sysctls, so don't
assume that the unnamed final component of "security.jail.param.foo." is
one less than the "foo" component. It might be one greater instead.
|
| 232342 |
01-Mar-2012 |
jamie |
Handle the case where a boolean parameter is also a node.
PR: bin/165515
MFC after: 2 weeks
|
| 217616 |
19-Jan-2011 |
mdf |
Introduce signed and unsigned version of CTLTYPE_QUAD, renaming
existing uses. Rename sysctl_handle_quad() to sysctl_handle_64().
|
| 214434 |
27-Oct-2010 |
jamie |
Find a jail's type as part of jailparam_init rather than waiting until
it's absolutely necessary.
MFC after: 1 week
|
| 213572 |
08-Oct-2010 |
uqs |
mdoc: fix manlint warnings by unbreaking mdoc syntax
|
| 212074 |
31-Aug-2010 |
jamie |
Whitespace and comment fixes.
MFC after: 3 days
|
| 212073 |
31-Aug-2010 |
jamie |
Don't over-allocate array values in jailparam_export.
Fix a little comment typo.
MFC after: 3 days
|
| 212072 |
31-Aug-2010 |
jamie |
Make it clear in the example that jailparam_export's return value
should be freed.
MFC after: 3 days
|
| 210134 |
15-Jul-2010 |
jamie |
Don't copy and return a potentially unset buffer when jail_get fails.
|
| 210133 |
15-Jul-2010 |
jamie |
Don't import parameter values in jail_getv, except for the search key.
Remove the internal jailparam_vlist, in favor of using variants of its
logic separately in jail_setv and jail_getv.
Free the temporary parameter list and exported values in jail_setv
and jail_getv.
Noted by: Stanislav Uzunchev
MFC after: 3 days
|
| 204008 |
17-Feb-2010 |
ru |
realloc() with a proper amount of memory.
MFC after: 3 days
|
| 201381 |
02-Jan-2010 |
ed |
Build lib/ with WARNS=6 by default.
Similar to libexec/, do the same with lib/. Make WARNS=6 the norm and
lower it when needed.
I'm setting WARNS?=0 for secure/. It seems secure/ includes the
Makefile.inc provided by lib/. I'm not going to touch that directory.
Most of the code there is contributed anyway.
|
| 200623 |
17-Dec-2009 |
jamie |
Add a null pointer check so "name" can be used as a key parameter in
jailparam_get.
PR: bin/141692
Submitted by: delphij
MFC after: 3 days
|
| 197385 |
21-Sep-2009 |
ru |
Fixed markup (mostly) errors.
|
| 195870 |
25-Jul-2009 |
jamie |
Some jail parameters (in particular, "ip4" and "ip6" for IP address
restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.
Approved by: re (kib), bz (mentor)
Discussed with: rwatson
|
| 195011 |
25-Jun-2009 |
jamie |
Fix dynamic (re)allocation logic in jailparam_set and jailparam_get.
Touch up jailparam_import a bit while I'm at it.
Approved by: bz (mentor)
|
| 194869 |
24-Jun-2009 |
jamie |
Add libjail, a (somewhat) simpler interface to the jail_set and jail_get
system calls and the security.jail.param sysctls.
Approved by: bz (mentor)
|