Index: cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c =================================================================== --- cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c +++ cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c @@ -1640,9 +1640,6 @@ osname = spn.pn_path; #else /* !illumos */ - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_ZFS)) - return (SET_ERROR(EPERM)); - if (vfs_getopt(vfsp->mnt_optnew, "from", (void **)&osname, NULL)) return (SET_ERROR(EINVAL)); Index: compat/linprocfs/linprocfs.c =================================================================== --- compat/linprocfs/linprocfs.c +++ compat/linprocfs/linprocfs.c @@ -1652,7 +1652,7 @@ return (0); } -PSEUDOFS(linprocfs, 1, PR_ALLOW_MOUNT_LINPROCFS); +PSEUDOFS(linprocfs, 1, VFCF_JAIL); #if defined(__amd64__) MODULE_DEPEND(linprocfs, linux_common, 1, 1, 1); #else Index: compat/linsysfs/linsysfs.c =================================================================== --- compat/linsysfs/linsysfs.c +++ compat/linsysfs/linsysfs.c @@ -556,7 +556,7 @@ return (0); } -PSEUDOFS(linsysfs, 1, PR_ALLOW_MOUNT_LINSYSFS); +PSEUDOFS(linsysfs, 1, VFCF_JAIL); #if defined(__amd64__) MODULE_DEPEND(linsysfs, linux_common, 1, 1, 1); #else Index: fs/devfs/devfs_vfsops.c =================================================================== --- fs/devfs/devfs_vfsops.c +++ fs/devfs/devfs_vfsops.c @@ -83,9 +83,6 @@ if (mp->mnt_flag & MNT_ROOTFS) return (EOPNOTSUPP); - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_DEVFS)) - return (EPERM); - rsnum = 0; injail = jailed(td->td_ucred); Index: fs/fdescfs/fdesc_vfsops.c =================================================================== --- fs/fdescfs/fdesc_vfsops.c +++ fs/fdescfs/fdesc_vfsops.c @@ -81,13 +81,9 @@ fdesc_mount(struct mount *mp) { struct fdescmount *fmp; - struct thread *td = curthread; struct vnode *rvp; int error; - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_FDESCFS)) - return (EPERM); - /* * Update is a no-op */ Index: fs/nullfs/null_vfsops.c =================================================================== --- fs/nullfs/null_vfsops.c +++ fs/nullfs/null_vfsops.c @@ -78,7 +78,6 @@ struct vnode *lowerrootvp, *vp; struct vnode *nullm_rootvp; struct null_mount *xmp; - struct thread *td = curthread; char *target; int isvnunlocked = 0, len; struct nameidata nd, *ndp = &nd; @@ -85,8 +84,6 @@ NULLFSDEBUG("nullfs_mount(mp = %p)\n", (void *)mp); - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_NULLFS)) - return (EPERM); if (mp->mnt_flag & MNT_ROOTFS) return (EOPNOTSUPP); Index: fs/procfs/procfs.c =================================================================== --- fs/procfs/procfs.c +++ fs/procfs/procfs.c @@ -208,4 +208,4 @@ return (0); } -PSEUDOFS(procfs, 1, PR_ALLOW_MOUNT_PROCFS); +PSEUDOFS(procfs, 1, VFCF_JAIL); Index: fs/pseudofs/pseudofs.h =================================================================== --- fs/pseudofs/pseudofs.h +++ fs/pseudofs/pseudofs.h @@ -272,7 +272,7 @@ /* * Now for some initialization magic... */ -#define PSEUDOFS(name, version, jflag) \ +#define PSEUDOFS(name, version, flags) \ \ static struct pfs_info name##_info = { \ #name, \ @@ -282,8 +282,6 @@ \ static int \ _##name##_mount(struct mount *mp) { \ - if (jflag && !prison_allow(curthread->td_ucred, jflag)) \ - return (EPERM); \ return (pfs_mount(&name##_info, mp)); \ } \ \ @@ -306,7 +304,7 @@ .vfs_uninit = _##name##_uninit, \ .vfs_unmount = pfs_unmount, \ }; \ -VFS_SET(name##_vfsops, name, VFCF_SYNTHETIC | (jflag ? VFCF_JAIL : 0)); \ +VFS_SET(name##_vfsops, name, VFCF_SYNTHETIC | flags); \ MODULE_VERSION(name, version); \ MODULE_DEPEND(name, pseudofs, 1, 1, 1); Index: fs/tmpfs/tmpfs_vfsops.c =================================================================== --- fs/tmpfs/tmpfs_vfsops.c +++ fs/tmpfs/tmpfs_vfsops.c @@ -141,7 +141,6 @@ sizeof(struct tmpfs_dirent) + sizeof(struct tmpfs_node)); struct tmpfs_mount *tmp; struct tmpfs_node *root; - struct thread *td = curthread; int error; bool nonc; /* Size counters. */ @@ -155,9 +154,6 @@ struct vattr va; - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_TMPFS)) - return (EPERM); - if (vfs_filteropt(mp->mnt_optnew, tmpfs_opts)) return (EINVAL); Index: kern/kern_jail.c =================================================================== --- kern/kern_jail.c +++ kern/kern_jail.c @@ -112,6 +112,7 @@ .pr_flags = PR_HOST|_PR_IP_SADDRSEL, #endif .pr_allow = PR_ALLOW_ALL, + .pr_allow_mount = 0, }; MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); @@ -193,15 +194,7 @@ "allow.mount", "allow.quotas", "allow.socket_af", - "allow.mount.devfs", - "allow.mount.nullfs", - "allow.mount.zfs", - "allow.mount.procfs", - "allow.mount.tmpfs", - "allow.mount.fdescfs", - "allow.mount.linprocfs", - "allow.mount.linsysfs", - "allow.reserved_ports", + [15] = "allow.reserved_ports", }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -213,22 +206,19 @@ "allow.nomount", "allow.noquotas", "allow.nosocket_af", - "allow.mount.nodevfs", - "allow.mount.nonullfs", - "allow.mount.nozfs", - "allow.mount.noprocfs", - "allow.mount.notmpfs", - "allow.mount.nofdescfs", - "allow.mount.nolinprocfs", - "allow.mount.nolinsysfs", - "allow.noreserved_ports", + [15] = "allow.noreserved_ports", }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); +static char *pr_allow_mount_names[NBBY * NBPW]; +static char *pr_allow_mount_nonames[NBBY * NBPW]; +static const struct vfsconf *pr_allow_mount_vfc[NBBY * NBPW]; + #define JAIL_DEFAULT_ALLOW (PR_ALLOW_SET_HOSTNAME | PR_ALLOW_RESERVED_PORTS) #define JAIL_DEFAULT_ENFORCE_STATFS 2 #define JAIL_DEFAULT_DEVFS_RSNUM 0 static unsigned jail_default_allow = JAIL_DEFAULT_ALLOW; +static unsigned jail_default_allow_mount = 0; static int jail_default_enforce_statfs = JAIL_DEFAULT_ENFORCE_STATFS; static int jail_default_devfs_rsnum = JAIL_DEFAULT_DEVFS_RSNUM; #if defined(INET) || defined(INET6) @@ -305,7 +295,8 @@ int kern_jail(struct thread *td, struct jail *j) { - struct iovec optiov[2 * (4 + nitems(pr_allow_names) + struct iovec optiov[2 * (4 + nitems(pr_allow_names) + + nitems(pr_allow_mount_names) #ifdef INET + 1 #endif @@ -337,6 +328,8 @@ /* Set permissions for top-level jails from sysctls. */ if (!jailed(td->td_ucred)) { for (fi = 0; fi < nitems(pr_allow_names); fi++) { + if (pr_allow_names[fi] == NULL) + continue; optiov[opt.uio_iovcnt].iov_base = (jail_default_allow & (1 << fi)) ? pr_allow_names[fi] : pr_allow_nonames[fi]; @@ -344,6 +337,17 @@ strlen(optiov[opt.uio_iovcnt].iov_base) + 1; opt.uio_iovcnt += 2; } + for (fi = 0; fi < nitems(pr_allow_mount_names); fi++) { + if (pr_allow_mount_names[fi] == NULL) + continue; + optiov[opt.uio_iovcnt].iov_base = + (jail_default_allow_mount & (1 << fi)) + ? pr_allow_mount_names[fi] + : pr_allow_mount_nonames[fi]; + optiov[opt.uio_iovcnt].iov_len = + strlen(optiov[opt.uio_iovcnt].iov_base) + 1; + opt.uio_iovcnt += 2; + } optiov[opt.uio_iovcnt].iov_base = "enforce_statfs"; optiov[opt.uio_iovcnt].iov_len = sizeof("enforce_statfs"); opt.uio_iovcnt++; @@ -519,7 +523,8 @@ #ifdef INET6 int ip6s, redo_ip6; #endif - uint64_t pr_allow, ch_allow, pr_flags, ch_flags; + uint64_t pr_allow, ch_allow, pr_allow_mount, ch_allow_mount; + uint64_t pr_flags, ch_flags; unsigned tallow; char numbuf[12]; @@ -669,10 +674,22 @@ pr_allow = ch_allow = 0; for (fi = 0; fi < nitems(pr_allow_names); fi++) { + if (pr_allow_names[fi] == NULL) + continue; vfs_flagopt(opts, pr_allow_names[fi], &pr_allow, 1 << fi); vfs_flagopt(opts, pr_allow_nonames[fi], &ch_allow, 1 << fi); } ch_allow |= pr_allow; + pr_allow_mount = ch_allow_mount = 0; + for (fi = 0; fi < nitems(pr_allow_mount_names); fi++) { + if (pr_allow_mount_names[fi] == NULL) + continue; + vfs_flagopt(opts, pr_allow_mount_names[fi], &pr_allow_mount, + 1 << fi); + vfs_flagopt(opts, pr_allow_mount_nonames[fi], &ch_allow_mount, + 1 << fi); + } + ch_allow_mount |= pr_allow_mount; error = vfs_getopt(opts, "name", (void **)&name, &len); if (error == ENOENT) @@ -1548,7 +1565,8 @@ } } } - if (pr_allow & ~ppr->pr_allow) { + if ((pr_allow & ~ppr->pr_allow) || + (pr_allow_mount & ~ppr->pr_allow_mount)) { error = EPERM; goto done_deref_locked; } @@ -1727,6 +1745,12 @@ tpr->pr_allow &= ~tallow; } pr->pr_allow = (pr->pr_allow & ~ch_allow) | pr_allow; + if ((tallow = ch_allow_mount & ~pr_allow_mount)) { + FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) + tpr->pr_allow_mount &= ~tallow; + } + pr->pr_allow_mount = + (pr->pr_allow_mount & ~ch_allow_mount) | pr_allow_mount; /* * Persistent prisons get an extra reference, and prisons losing their * persist flag lose that reference. Only do this for existing prisons @@ -2137,6 +2161,20 @@ if (error != 0 && error != ENOENT) goto done_deref; } + for (fi = 0; fi < nitems(pr_allow_mount_names); fi++) { + if (pr_allow_mount_names[fi] == NULL) + continue; + i = (pr->pr_allow_mount & (1 << fi)) ? 1 : 0; + error = + vfs_setopt(opts, pr_allow_mount_names[fi], &i, sizeof(i)); + if (error != 0 && error != ENOENT) + goto done_deref; + i = !i; + error = + vfs_setopt(opts, pr_allow_mount_nonames[fi], &i, sizeof(i)); + if (error != 0 && error != ENOENT) + goto done_deref; + } i = (pr->pr_uref == 0); error = vfs_setopt(opts, "dying", &i, sizeof(i)); if (error != 0 && error != ENOENT) @@ -3621,40 +3659,34 @@ CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I", "Processes in jail can mount/unmount jail-friendly file systems (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_devfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_DEVFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the devfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_fdescfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_FDESCFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the fdescfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_nullfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_NULLFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the nullfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_procfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the procfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_linprocfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_LINPROCFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the linprocfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_linsysfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_LINSYSFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the linsysfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the tmpfs file system (deprecated)"); -SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed, - CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, - NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I", - "Processes in jail can mount the zfs file system (deprecated)"); static int +sysctl_jail_default_allow_mount(SYSCTL_HANDLER_ARGS) +{ + struct prison *pr; + int allow, error, i; + + pr = req->td->td_ucred->cr_prison; + allow = (pr == &prison0) + ? jail_default_allow_mount : pr->pr_allow_mount; + + /* Get the current flag value, and convert it to a boolean. */ + i = (allow & arg2) ? 1 : 0; + error = sysctl_handle_int(oidp, &i, 0, req); + if (error || !req->newptr) + return (error); + i = i ? arg2 : 0; + /* + * The sysctls don't have CTLFLAGS_PRISON, so assume prison0 + * for writing. + */ + mtx_lock(&prison0.pr_mtx); + jail_default_allow_mount = (jail_default_allow_mount & ~arg2) | i; + mtx_unlock(&prison0.pr_mtx); + return (0); +} + +static int sysctl_jail_default_level(SYSCTL_HANDLER_ARGS) { struct prison *pr; @@ -3805,23 +3837,105 @@ SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags"); SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may mount/unmount jail-friendly file systems in general"); -SYSCTL_JAIL_PARAM(_allow_mount, devfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the devfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, fdescfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the fdescfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, nullfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the nullfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the procfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, linprocfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the linprocfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, linsysfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the linsysfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the tmpfs file system"); -SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, - "B", "Jail may mount the zfs file system"); +/* + * The VFS system will register jail-aware filesystems here. They each get + * a parameter allow.mount.xxxfs that is checked when a jailed user attempts + * to mount. + */ +void +prison_add_vfs_param(const struct vfsconf *vfsp) +{ + char *allow_name, *allow_noname; + int fi; + unsigned flag; + char allowstr[MFSNAMELEN + 32], global_allowstr[MFSNAMELEN + 58]; + + snprintf(allowstr, sizeof(allowstr), "allow.mount.%s", vfsp->vfc_name); + allow_name = strdup(allowstr, M_PRISON); + snprintf(allowstr, sizeof(allowstr), "allow.mount.no%s", + vfsp->vfc_name); + allow_noname = strdup(allowstr, M_PRISON); + + /* + * See if this parameter has already beed added, i.e. if the filesystem + * was previously loaded/unloaded. + */ + mtx_lock(&prison0.pr_mtx); + for (fi = 0; fi < nitems(pr_allow_mount_names); fi++) { + if (pr_allow_mount_names[fi] != NULL && + strcmp(pr_allow_mount_names[fi], allow_name) == 0) { + pr_allow_mount_vfc[fi] = vfsp; + goto no_add; + } + } + + /* + * Find a free bit in prison0's pr_allow_mount, failing if there are + * none (which shouldn't happen as long as we keep track of how many + * filesystems are jail-aware). + */ + for (fi = 0, flag = 1;; fi++, flag <<= 1) { + if (flag == 0) + goto no_add; + if ((prison0.pr_allow_mount & flag) == 0) + break; + } + prison0.pr_allow_mount |= flag; + pr_allow_mount_nonames[fi] = allow_noname; + pr_allow_mount_names[fi] = allow_name; + pr_allow_mount_vfc[fi] = vfsp; + mtx_unlock(&prison0.pr_mtx); + + /* + * Create sysctls for the paramter, and the back-compat global + * permission. + */ + snprintf(allowstr, sizeof(allowstr), + "Jail may mount the %s file system", vfsp->vfc_name); + (void)SYSCTL_ADD_PROC(NULL, + SYSCTL_CHILDREN(&sysctl___security_jail_param_allow_mount), + OID_AUTO, vfsp->vfc_name, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + NULL, 0, sysctl_jail_param, "B", allowstr); + snprintf(allowstr, sizeof(allowstr), "mount_%s_allowed", + vfsp->vfc_name); + snprintf(global_allowstr, sizeof(global_allowstr), + "Processes in jail can mount the %s file system (deprecated)", + vfsp->vfc_name); + (void)SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(&sysctl___security_jail), + OID_AUTO, allowstr, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, + flag, sysctl_jail_default_allow_mount, "I", global_allowstr); + return; + + no_add: + mtx_unlock(&prison0.pr_mtx); + free(allow_name, M_PRISON); + free(allow_noname, M_PRISON); +} + +/* + * See if a process has permission to mount a jail-aware filesystem. + */ +int +prison_check_vfs(struct ucred *cred, const struct vfsconf *vfsp) +{ + int fi; + unsigned flag; + + /* Find the flag bit corresponding to this filesystem. */ + flag = 0; + for (fi = 0; fi < nitems(pr_allow_mount_vfc); fi++) { + if (pr_allow_mount_vfc[fi] == vfsp) { + flag = 1 << fi; + break; + } + } + + if (cred->cr_prison->pr_allow_mount & flag) + return (0); + return (EPERM); +} + #ifdef RACCT void prison_racct_foreach(void (*callback)(struct racct *racct, Index: kern/vfs_init.c =================================================================== --- kern/vfs_init.c +++ kern/vfs_init.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -276,7 +277,10 @@ vfsops->vfs_extattrctl = vfs_stdextattrctl; if (vfsops->vfs_sysctl == NULL) vfsops->vfs_sysctl = vfs_stdsysctl; - + + if (vfc->vfc_flags & VFCF_JAIL) + prison_add_vfs_param(vfc); + /* * Call init function for this VFS... */ Index: kern/vfs_mount.c =================================================================== --- kern/vfs_mount.c +++ kern/vfs_mount.c @@ -788,6 +788,16 @@ KASSERT((fsflags & MNT_UPDATE) == 0, ("MNT_UPDATE shouldn't be here")); /* + * If the thread is jailed, make sure the jail has permission to mount + * this type of file system. + */ + if (jailed(td->td_ucred) && + (error = prison_check_vfs(td->td_ucred, vfsp)) != 0) { + vput(vp); + return (error); + } + + /* * If the user is not root, ensure that they own the directory * onto which we are attempting to mount. */ @@ -1094,8 +1104,6 @@ vfsp = vfs_byname_kld(fstype, td, &error); if (vfsp == NULL) return (ENODEV); - if (jailed(td->td_ucred) && !(vfsp->vfc_flags & VFCF_JAIL)) - return (EPERM); } /* Index: kern/vfs_subr.c =================================================================== --- kern/vfs_subr.c +++ kern/vfs_subr.c @@ -684,19 +684,21 @@ { int error; - /* - * If the thread is jailed, but this is not a jail-friendly file - * system, deny immediately. - */ - if (!(mp->mnt_vfc->vfc_flags & VFCF_JAIL) && jailed(td->td_ucred)) - return (EPERM); + if (jailed(td->td_ucred)) { + /* + * If the jail of the calling thread lacks permission for + * this type of file system, deny immediately. + */ + if ((error = prison_check_vfs(td->td_ucred, mp->mnt_vfc)) != 0) + return (error); - /* - * If the file system was mounted outside the jail of the calling - * thread, deny immediately. - */ - if (prison_check(td->td_ucred, mp->mnt_cred) != 0) - return (EPERM); + /* + * If the file system was mounted outside the jail of the + * calling thread, deny immediately. + */ + if (prison_check(td->td_ucred, mp->mnt_cred) != 0) + return (EPERM); + } /* * If file system supports delegated administration, we don't check Index: sys/jail.h =================================================================== --- sys/jail.h +++ sys/jail.h @@ -179,7 +179,8 @@ int pr_securelevel; /* (p) securelevel */ int pr_enforce_statfs; /* (p) statfs permission */ int pr_devfs_rsnum; /* (p) devfs ruleset */ - int pr_spare[3]; + unsigned pr_allow_mount; /* (p) per-VFS permissions */ + int pr_spare[2]; int pr_osreldate; /* (c) kern.osreldate value */ unsigned long pr_hostid; /* (p) jail hostid */ char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ @@ -224,17 +225,9 @@ #define PR_ALLOW_MOUNT 0x00000010 #define PR_ALLOW_QUOTAS 0x00000020 #define PR_ALLOW_SOCKET_AF 0x00000040 -#define PR_ALLOW_MOUNT_DEVFS 0x00000080 -#define PR_ALLOW_MOUNT_NULLFS 0x00000100 -#define PR_ALLOW_MOUNT_ZFS 0x00000200 -#define PR_ALLOW_MOUNT_PROCFS 0x00000400 -#define PR_ALLOW_MOUNT_TMPFS 0x00000800 -#define PR_ALLOW_MOUNT_FDESCFS 0x00001000 -#define PR_ALLOW_MOUNT_LINPROCFS 0x00002000 -#define PR_ALLOW_MOUNT_LINSYSFS 0x00004000 #define PR_ALLOW_RESERVED_PORTS 0x00008000 #define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */ -#define PR_ALLOW_ALL 0x0001ffff +#define PR_ALLOW_ALL 0x0001807f /* * OSD methods @@ -364,6 +357,7 @@ struct mount; struct sockaddr; struct statfs; +struct vfsconf; int jailed(struct ucred *cred); int jailed_without_vnet(struct ucred *); void getcredhostname(struct ucred *, char *, size_t); @@ -413,6 +407,8 @@ char *prison_name(struct prison *, struct prison *); int prison_priv_check(struct ucred *cred, int priv); int sysctl_jail_param(SYSCTL_HANDLER_ARGS); +void prison_add_vfs_param(const struct vfsconf *vfsp); +int prison_check_vfs(struct ucred *cred, const struct vfsconf *vfsp); void prison_racct_foreach(void (*callback)(struct racct *racct, void *arg2, void *arg3), void (*pre)(void), void (*post)(void), void *arg2, void *arg3);