jail.h revision 168401 
1178173Simp/*-
2178173Simp * ----------------------------------------------------------------------------
3178173Simp * "THE BEER-WARE LICENSE" (Revision 42):
4178173Simp * <phk@FreeBSD.org> wrote this file.  As long as you retain this notice you
5178173Simp * can do whatever you want with this stuff. If we meet some day, and you think
6178173Simp * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
7178173Simp * ----------------------------------------------------------------------------
8178173Simp *
9178173Simp * $FreeBSD: head/sys/sys/jail.h 168401 2007-04-05 23:19:13Z pjd $
10178173Simp *
11178173Simp */
12178173Simp
13178173Simp#ifndef _SYS_JAIL_H_
14178173Simp#define _SYS_JAIL_H_
15178173Simp
16178173Simpstruct jail {
17178173Simp	u_int32_t	version;
18178173Simp	char		*path;
19178173Simp	char		*hostname;
20178173Simp	u_int32_t	ip_number;
21178173Simp};
22178173Simp
23178173Simpstruct xprison {
24178173Simp	int		 pr_version;
25178173Simp	int		 pr_id;
26178173Simp	char		 pr_path[MAXPATHLEN];
27178173Simp	char 		 pr_host[MAXHOSTNAMELEN];
28178173Simp	u_int32_t	 pr_ip;
29178173Simp};
30178173Simp#define	XPRISON_VERSION	1
31178173Simp
32178173Simp#ifndef _KERNEL
33178173Simp
34178173Simpint jail(struct jail *);
35178173Simpint jail_attach(int);
36178173Simp
37178173Simp#else /* _KERNEL */
38178173Simp
39178173Simp#include <sys/queue.h>
40178173Simp#include <sys/_lock.h>
41178173Simp#include <sys/_mutex.h>
42178173Simp#include <sys/_task.h>
43178173Simp
44178173Simp#define JAIL_MAX	999999
45178173Simp
46178173Simp#ifdef MALLOC_DECLARE
47178173SimpMALLOC_DECLARE(M_PRISON);
48178173Simp#endif
49178173Simp#endif /* _KERNEL */
50178173Simp
51178173Simp/*
52178173Simp * This structure describes a prison.  It is pointed to by all struct
53178173Simp * ucreds's of the inmates.  pr_ref keeps track of them and is used to
54178173Simp * delete the struture when the last inmate is dead.
55178173Simp *
56178173Simp * Lock key:
57178173Simp *   (a) allprison_lock
58178173Simp *   (p) locked by pr_mtx
59178173Simp *   (c) set only during creation before the structure is shared, no mutex
60178173Simp *       required to read
61178173Simp *   (d) set only during destruction of jail, no mutex needed
62178173Simp */
63178173Simp#if defined(_KERNEL) || defined(_WANT_PRISON)
64178173Simpstruct prison {
65178173Simp	LIST_ENTRY(prison) pr_list;			/* (a) all prisons */
66178173Simp	int		 pr_id;				/* (c) prison id */
67178173Simp	int		 pr_ref;			/* (p) refcount */
68178173Simp	char		 pr_path[MAXPATHLEN];		/* (c) chroot path */
69178173Simp	struct vnode	*pr_root;			/* (c) vnode to rdir */
70178173Simp	char 		 pr_host[MAXHOSTNAMELEN];	/* (p) jail hostname */
71178173Simp	u_int32_t	 pr_ip;				/* (c) ip addr host */
72178173Simp	void		*pr_linux;			/* (p) linux abi */
73178173Simp	int		 pr_securelevel;		/* (p) securelevel */
74178173Simp	struct task	 pr_task;			/* (d) destroy task */
75178173Simp	struct mtx	 pr_mtx;
76178173Simp	void		**pr_slots;			/* (p) additional data */
77178173Simp};
78178173Simp#endif /* _KERNEL || _WANT_PRISON */
79178173Simp
80178173Simp#ifdef _KERNEL
81178173Simp/*
82178173Simp * Sysctl-set variables that determine global jail policy
83178173Simp *
84178173Simp * XXX MIB entries will need to be protected by a mutex.
85178173Simp */
86178173Simpextern int	jail_set_hostname_allowed;
87178173Simpextern int	jail_socket_unixiproute_only;
88178173Simpextern int	jail_sysvipc_allowed;
89178173Simpextern int	jail_getfsstat_jailrootonly;
90178173Simpextern int	jail_allow_raw_sockets;
91178173Simpextern int	jail_chflags_allowed;
92178173Simp
93178173SimpLIST_HEAD(prisonlist, prison);
94178173Simpextern struct	prisonlist allprison;
95178173Simpextern struct	sx allprison_lock;
96178173Simp
97178173Simp/*
98178173Simp * Kernel support functions for jail().
99178173Simp */
100178173Simpstruct ucred;
101178173Simpstruct mount;
102178173Simpstruct sockaddr;
103178173Simpstruct statfs;
104178173Simpint jailed(struct ucred *cred);
105178173Simpvoid getcredhostname(struct ucred *cred, char *, size_t);
106178173Simpint prison_check(struct ucred *cred1, struct ucred *cred2);
107178173Simpint prison_canseemount(struct ucred *cred, struct mount *mp);
108178173Simpvoid prison_enforce_statfs(struct ucred *cred, struct mount *mp,
109178173Simp    struct statfs *sp);
110178173Simpstruct prison *prison_find(int prid);
111178173Simpvoid prison_free(struct prison *pr);
112178173Simpu_int32_t prison_getip(struct ucred *cred);
113178173Simpvoid prison_hold(struct prison *pr);
114178173Simpint prison_if(struct ucred *cred, struct sockaddr *sa);
115178173Simpint prison_ip(struct ucred *cred, int flag, u_int32_t *ip);
116178173Simpint prison_priv_check(struct ucred *cred, int priv);
117178173Simpvoid prison_remote_ip(struct ucred *cred, int flags, u_int32_t *ip);
118178173Simp
119178173Simp/*
120178173Simp * Kernel jail services.
121178173Simp */
122178173Simpstruct prison_service;
123178173Simptypedef int (*prison_create_t)(struct prison_service *psrv, struct prison *pr);
124178173Simptypedef int (*prison_destroy_t)(struct prison_service *psrv, struct prison *pr);
125178173Simp
126178173Simpstruct prison_service *prison_service_register(const char *name,
127178173Simp    prison_create_t create, prison_destroy_t destroy);
128178173Simpvoid prison_service_deregister(struct prison_service *psrv);
129178173Simp
130178173Simpvoid prison_service_data_set(struct prison_service *psrv, struct prison *pr,
131178173Simp    void *data);
132178173Simpvoid *prison_service_data_get(struct prison_service *psrv, struct prison *pr);
133178173Simpvoid *prison_service_data_del(struct prison_service *psrv, struct prison *pr);
134178173Simp
135178173Simp#endif /* _KERNEL */
136178173Simp#endif /* !_SYS_JAIL_H_ */
137178173Simp