jail.h revision 179881
1/*- 2 * ---------------------------------------------------------------------------- 3 * "THE BEER-WARE LICENSE" (Revision 42): 4 * <phk@FreeBSD.org> wrote this file. As long as you retain this notice you 5 * can do whatever you want with this stuff. If we meet some day, and you think 6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7 * ---------------------------------------------------------------------------- 8 * 9 * $FreeBSD: head/sys/sys/jail.h 179881 2008-06-19 21:41:57Z delphij $ 10 * 11 */ 12 13#ifndef _SYS_JAIL_H_ 14#define _SYS_JAIL_H_ 15 16struct jail { 17 u_int32_t version; 18 char *path; 19 char *hostname; 20 u_int32_t ip_number; 21}; 22 23struct xprison { 24 int pr_version; 25 int pr_id; 26 char pr_path[MAXPATHLEN]; 27 char pr_host[MAXHOSTNAMELEN]; 28 u_int32_t pr_ip; 29}; 30#define XPRISON_VERSION 1 31 32#ifndef _KERNEL 33 34int jail(struct jail *); 35int jail_attach(int); 36 37#else /* _KERNEL */ 38 39#include <sys/queue.h> 40#include <sys/_lock.h> 41#include <sys/_mutex.h> 42#include <sys/_task.h> 43 44#define JAIL_MAX 999999 45 46#ifdef MALLOC_DECLARE 47MALLOC_DECLARE(M_PRISON); 48#endif 49#endif /* _KERNEL */ 50 51/* 52 * This structure describes a prison. It is pointed to by all struct 53 * ucreds's of the inmates. pr_ref keeps track of them and is used to 54 * delete the struture when the last inmate is dead. 55 * 56 * Lock key: 57 * (a) allprison_lock 58 * (p) locked by pr_mtx 59 * (c) set only during creation before the structure is shared, no mutex 60 * required to read 61 * (d) set only during destruction of jail, no mutex needed 62 */ 63#if defined(_KERNEL) || defined(_WANT_PRISON) 64struct prison { 65 LIST_ENTRY(prison) pr_list; /* (a) all prisons */ 66 int pr_id; /* (c) prison id */ 67 int pr_ref; /* (p) refcount */ 68 char pr_path[MAXPATHLEN]; /* (c) chroot path */ 69 struct vnode *pr_root; /* (c) vnode to rdir */ 70 char pr_host[MAXHOSTNAMELEN]; /* (p) jail hostname */ 71 u_int32_t pr_ip; /* (c) ip addr host */ 72 void *pr_linux; /* (p) linux abi */ 73 int pr_securelevel; /* (p) securelevel */ 74 struct task pr_task; /* (d) destroy task */ 75 struct mtx pr_mtx; 76 void **pr_slots; /* (p) additional data */ 77}; 78#endif /* _KERNEL || _WANT_PRISON */ 79 80#ifdef _KERNEL 81/* 82 * Sysctl-set variables that determine global jail policy 83 * 84 * XXX MIB entries will need to be protected by a mutex. 85 */ 86extern int jail_set_hostname_allowed; 87extern int jail_socket_unixiproute_only; 88extern int jail_sysvipc_allowed; 89extern int jail_getfsstat_jailrootonly; 90extern int jail_allow_raw_sockets; 91extern int jail_chflags_allowed; 92 93LIST_HEAD(prisonlist, prison); 94extern struct prisonlist allprison; 95extern struct sx allprison_lock; 96 97/* 98 * Kernel support functions for jail(). 99 */ 100struct ucred; 101struct mount; 102struct sockaddr; 103struct statfs; 104int jailed(struct ucred *cred); 105void getcredhostname(struct ucred *cred, char *, size_t); 106int prison_check(struct ucred *cred1, struct ucred *cred2); 107int prison_canseemount(struct ucred *cred, struct mount *mp); 108void prison_enforce_statfs(struct ucred *cred, struct mount *mp, 109 struct statfs *sp); 110struct prison *prison_find(int prid); 111void prison_free(struct prison *pr); 112u_int32_t prison_getip(struct ucred *cred); 113void prison_hold(struct prison *pr); 114int prison_if(struct ucred *cred, struct sockaddr *sa); 115int prison_ip(struct ucred *cred, int flag, u_int32_t *ip); 116int prison_priv_check(struct ucred *cred, int priv); 117void prison_remote_ip(struct ucred *cred, int flags, u_int32_t *ip); 118 119/* 120 * Kernel jail services. 121 */ 122struct prison_service; 123typedef int (*prison_create_t)(struct prison_service *psrv, struct prison *pr); 124typedef int (*prison_destroy_t)(struct prison_service *psrv, struct prison *pr); 125 126struct prison_service *prison_service_register(const char *name, 127 prison_create_t create, prison_destroy_t destroy); 128void prison_service_deregister(struct prison_service *psrv); 129 130void prison_service_data_set(struct prison_service *psrv, struct prison *pr, 131 void *data); 132void *prison_service_data_get(struct prison_service *psrv, struct prison *pr); 133void *prison_service_data_del(struct prison_service *psrv, struct prison *pr); 134 135#endif /* _KERNEL */ 136#endif /* !_SYS_JAIL_H_ */ 137