80 MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
83 /* Keep struct prison prison0 and some code in kern_jail_set() readable. */
99 struct prison prison0 = {
126 static int do_jail_attach(struct thread *td, struct prison *pr);
128 static void prison_deref(struct prison *pr, int flags);
129 static char *prison_path(struct prison *pr1, struct prison *pr2);
130 static void prison_remove_one(struct prison *pr);
132 static void prison_racct_attach(struct prison *pr);
133 static void prison_racct_modify(struct prison *pr);
134 static void prison_racct_detach(struct prison *pr);
137 static int _prison_check_ip4(struct prison *pr, struct in_addr *ia);
138 static int prison_restrict_ip4(struct prison *pr, struct in_addr *newip4);
141 static int _prison_check_ip6(struct prison *pr, struct in6_addr *ia6);
142 static int prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6);
554 	struct prison *pr, *deadpr, *mypr, *ppr, *tpr;
559 	struct prison *tppr;
1227 	/* If there's no prison to update, create a new one and link it in. */
1232 				vfs_opterror(opts, "prison limit exceeded");
1377 		 * want other to see the incomplete prison once the
1606 		 * Make sure the name isn't too long for the prison or its
1628 	/* Set the parameters of the prison. */
1741 		/* Set this prison, and any descendants without PR_HOST. */
1868 	/* Attach this process to the prison if requested. */
1895 	 * (which was not done earlier so that the prison would not be publicly
1987 	struct prison *pr, *mypr;
2004 	 * Find the prison specified by one of: lastjid, jid, name.
2075 	/* Get the parameters of the prison. */
2277 	struct prison *pr, *cpr, *lpr, *tpr;
2291 	/* Remove all descendants of this prison, then remove this prison. */
2327 prison_remove_one(struct prison *pr)
2332 	/* If the prison was persistent, it is not anymore. */
2342 	 * the prison now.
2345 	    ("prison_remove_one removing a dead prison (jid=%d)", pr->pr_id));
2355 	 * Kill all processes unfortunate enough to be attached to this prison.
2379 	struct prison *pr;
2394 	 * Do not allow a process to attach to a prison that is not
2407 do_jail_attach(struct thread *td, struct prison *pr)
2409 	struct prison *ppr;
2419 	 * a process root from one prison, but attached to the jail
2479  * Returns a locked prison instance, or NULL on failure.
2481 struct prison *
2484 	struct prison *pr;
2499  * Find a prison that is a descendant of mypr.  Returns a locked prison or NULL.
2501 struct prison *
2502 prison_find_child(struct prison *mypr, int prid)
2504 	struct prison *pr;
2520  * Look for the name relative to mypr.  Returns a locked prison or NULL.
2522 struct prison *
2523 prison_find_name(struct prison *mypr, const char *name)
2525 	struct prison *pr, *deadpr;
2544 	/* There was no valid prison - perhaps there was a dying one. */
2556  * See if a prison has the specific flag set.
2575  * Remove a prison reference.  If that was the last reference, remove the
2576  * prison itself - but not in this context in case there are locks held.
2579 prison_free_locked(struct prison *pr)
2594 prison_free(struct prison *pr)
2605 	prison_deref((struct prison *)context, 0);
2609  * Remove a prison reference (usually).  This internal version assumes no
2610  * mutexes are held, except perhaps the prison itself.  If there are no more
2611  * references, release and delist the prison.  On completion, the prison lock
2615 prison_deref(struct prison *pr, int flags)
2617 	struct prison *ppr, *tpr;
2628 		/* If the prison still has references, nothing else to do. */
2676 		/* Removing a prison frees a reference on its parent. */
2684 prison_hold_locked(struct prison *pr)
2689 	    ("Trying to hold dead prison (jid=%d).", pr->pr_id));
2694 prison_hold(struct prison *pr)
2703 prison_proc_hold(struct prison *pr)
2708 	    ("Cannot add a process to a non-alive prison (jid=%d)", pr->pr_id));
2714 prison_proc_free(struct prison *pr)
2719 	    ("Trying to kill a process in a dead prison (jid=%d)", pr->pr_id));
2726  * Restrict a prison's IP address list with its parent's, possibly replacing
2730 prison_restrict_ip4(struct prison *pr, struct in_addr *newip4)
2733 	struct prison *ppr;
2822 	struct prison *pr;
2855 	struct prison *pr;
2884 prison_equal_ip4(struct prison *pr1, struct prison *pr2)
2920 	struct prison *pr;
2971 	struct prison *pr;
3003  * Check if given address belongs to the jail referenced by cred/prison.
3010 _prison_check_ip4(struct prison *pr, struct in_addr *ia)
3042 	struct prison *pr;
3069 prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6)
3072 	struct prison *ppr;
3162 	struct prison *pr;
3195 	struct prison *pr;
3224 prison_equal_ip6(struct prison *pr1, struct prison *pr2)
3258 	struct prison *pr;
3307 	struct prison *pr;
3339  * Check if given address belongs to the jail referenced by cred/prison.
3346 _prison_check_ip6(struct prison *pr, struct in6_addr *ia6)
3378 	struct prison *pr;
3412 	struct prison *pr;
3523 prison_ischild(struct prison *pr1, struct prison *pr2)
3566 	struct prison *pr;
3607  * Determine whether the prison represented by cred owns
3610  * Returns 1 in case the prison owns the vnet, 0 otherwise.
3634 	struct prison *pr;
3670 	struct prison *pr;
4052 prison_name(struct prison *pr1, struct prison *pr2)
4077 prison_path(struct prison *pr1, struct prison *pr2)
4107 	struct prison *pr, *cpr;
4256 	struct prison *pr;
4342 	struct prison *pr;
4356     &jail_default_enforce_statfs, offsetof(struct prison, pr_enforce_statfs),
4362     &jail_default_devfs_rsnum, offsetof(struct prison, pr_devfs_rsnum),
4605 prison_racct_attach(struct prison *pr)
4623 prison_racct_modify(struct prison *pr)
4667 prison_racct_detach(struct prison *pr)
4683 db_show_prison(struct prison *pr)
4694 	db_printf("prison %p:\n", pr);
4755 DB_SHOW_COMMAND(prison, db_show_prison_command)
4757 	struct prison *pr;
4778 		/* Look for a prison with the ID and with references. */
4788 			/* Assume address points to a valid prison. */
4789 			pr = (struct prison *)addr;

Indexes created Wed Jul 03 21:38:27 MDT 2024