Index: contrib/openbsm/bin/auditdistd/sandbox.c =================================================================== --- contrib/openbsm/bin/auditdistd/sandbox.c +++ contrib/openbsm/bin/auditdistd/sandbox.c @@ -38,6 +38,9 @@ #endif #include +#ifdef HAVE_JAIL +#include +#endif #include #include #include @@ -63,7 +66,6 @@ sandbox(const char *user, bool capsicum, const char *fmt, ...) { #ifdef HAVE_JAIL - struct jail jailst; char *jailhost; va_list ap; #endif @@ -132,11 +134,8 @@ pjdlog_error("Unable to allocate memory for jail host name."); goto out; } - bzero(&jailst, sizeof(jailst)); - jailst.version = JAIL_API_VERSION; - jailst.path = pw->pw_dir; - jailst.hostname = jailhost; - if (jail(&jailst) >= 0) { + if (jail_setv(JAIL_CREATE | JAIL_ATTACH, "path", pw->pw_dir, + "host.hostname", jailhost, NULL) >= 0) { jailed = true; } else { jailed = false; Index: contrib/pjdfstest/tests/chflags/09.t =================================================================== --- contrib/pjdfstest/tests/chflags/09.t +++ contrib/pjdfstest/tests/chflags/09.t @@ -15,9 +15,6 @@ n1=`namegen` n2=`namegen` -old=`sysctl -n security.jail.chflags_allowed` -sysctl security.jail.chflags_allowed=1 >/dev/null - expect 0 mkdir ${n0} 0755 cdir=`pwd` cd ${n0} @@ -62,6 +59,5 @@ fi done -sysctl security.jail.chflags_allowed=${old} >/dev/null cd ${cdir} expect 0 rmdir ${n0} Index: etc/rc.d/hostname =================================================================== --- etc/rc.d/hostname +++ etc/rc.d/hostname @@ -40,14 +40,7 @@ hostname_start() { - # If we are not inside a jail, set the host name. - # If we are inside a jail, set the host name if it is permitted. - # - if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then - if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then - return - fi - else + if [ `$SYSCTL_N security.jail.jailed` -eq 0 ]; then # If we're not in a jail and rc.conf doesn't specify a # hostname, see if we can get one from kenv. # Index: etc/rc.d/zfs =================================================================== --- etc/rc.d/zfs +++ etc/rc.d/zfs @@ -18,9 +18,7 @@ zfs_start_jail() { - if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then - zfs mount -a - fi + zfs mount -a } zfs_start_main() @@ -43,9 +41,7 @@ zfs_stop_jail() { - if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then - zfs unmount -a - fi + zfs unmount -a } zfs_stop_main() Index: lib/libc/gen/getvfsbyname.3 =================================================================== --- lib/libc/gen/getvfsbyname.3 +++ lib/libc/gen/getvfsbyname.3 @@ -28,7 +28,7 @@ .\" @(#)kvm_getvfsbyname.3 8.3 (Berkeley) 5/4/95 .\" $FreeBSD$ .\" -.Dd August 30, 2016 +.Dd March 21, 2018 .Dt GETVFSBYNAME 3 .Os .Sh NAME @@ -83,9 +83,10 @@ stores file names as Unicode .It Dv VFCF_JAIL can be mounted from within a jail if -.Va security.jail.mount_allowed -sysctl is set to -.Dv 1 +.Va allow.mount +and +.Va allow.mount. +jail parameters are set .It Dv VFCF_DELEGADMIN supports delegated administration if .Va vfs.usermount Index: lib/libc/sys/jail.2 =================================================================== --- lib/libc/sys/jail.2 +++ lib/libc/sys/jail.2 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 8, 2012 +.Dd March 21, 2018 .Dt JAIL 2 .Os .Sh NAME @@ -41,8 +41,6 @@ .In sys/param.h .In sys/jail.h .Ft int -.Fn jail "struct jail *jail" -.Ft int .Fn jail_attach "int jid" .Ft int .Fn jail_remove "int jid" @@ -53,74 +51,7 @@ .Fn jail_set "struct iovec *iov" "u_int niov" "int flags" .Sh DESCRIPTION The -.Fn jail -system call sets up a jail and locks the current process in it. -.Pp -The argument is a pointer to a structure describing the prison: -.Bd -literal -offset indent -struct jail { - uint32_t version; - char *path; - char *hostname; - char *jailname; - unsigned int ip4s; - unsigned int ip6s; - struct in_addr *ip4; - struct in6_addr *ip6; -}; -.Ed -.Pp -.Dq Li version -defines the version of the API in use. -.Dv JAIL_API_VERSION -is defined for the current version. -.Pp -The -.Dq Li path -pointer should be set to the directory which is to be the root of the -prison. -.Pp -The -.Dq Li hostname -pointer can be set to the hostname of the prison. -This can be changed -from the inside of the prison. -.Pp -The -.Dq Li jailname -pointer is an optional name that can be assigned to the jail -for example for management purposes. -.Pp -The -.Dq Li ip4s -and -.Dq Li ip6s -give the numbers of IPv4 and IPv6 addresses that will be passed -via their respective pointers. -.Pp -The -.Dq Li ip4 -and -.Dq Li ip6 -pointers can be set to an arrays of IPv4 and IPv6 addresses to be assigned to -the prison, or NULL if none. -IPv4 addresses must be in network byte order. -.Pp -This is equivalent to, and deprecated in favor of, the .Fn jail_set -system call (see below), with the parameters -.Va path , -.Va host.hostname , -.Va name , -.Va ip4.addr , -and -.Va ip6.addr , -and with the -.Dv JAIL_ATTACH -flag. -.Pp -The -.Fn jail_set system call creates a new jail, or modifies an existing one, and optionally locks the current process in it. Jail parameters are passed as an array of name-value pairs in the array @@ -146,13 +77,19 @@ retrieved via the .Va security.jail.param sysctl MIB entry. -Notable parameters include those mentioned in the -.Fn jail -description above, as well as +Notable parameters include .Va jid and -.Va name , -which identify the jail being created or modified. +.Va name +which identify the jail being created or modified, +.Va path +(the root directory of the jail), +.Va host.hostname +(the hostname of the jail), and +.Va ip4.addr +and +.Va ip6.addr +(IP addresses to assign to the jail). See .Xr jail 8 for more information on the core jail parameters. @@ -237,8 +174,7 @@ of that jail. .Sh RETURN VALUES If successful, -.Fn jail , -.Fn jail_set , +.Fn jail_set and .Fn jail_get return a non-negative integer, termed the jail identifier (JID). @@ -249,25 +185,6 @@ .Rv -std jail_attach jail_remove .Sh ERRORS The -.Fn jail -system call -will fail if: -.Bl -tag -width Er -.It Bq Er EPERM -This process is not allowed to create a jail, either because it is not -the super-user, or because it would exceed the jail's -.Va children.max -limit. -.It Bq Er EFAULT -.Fa jail -points to an address outside the allocated address space of the process. -.It Bq Er EINVAL -The version number of the argument is not correct. -.It Bq Er EAGAIN -No free JID could be found. -.El -.Pp -The .Fn jail_set system call will fail if: @@ -371,8 +288,7 @@ .El .Pp Further -.Fn jail , -.Fn jail_set , +.Fn jail_set and .Fn jail_attach call @@ -386,7 +302,7 @@ .Xr chroot 2 , .Xr jail 8 .Sh HISTORY -The +The now-deprecated .Fn jail system call appeared in .Fx 4.0 . Index: sbin/hastd/Makefile =================================================================== --- sbin/hastd/Makefile +++ sbin/hastd/Makefile @@ -31,7 +31,7 @@ CFLAGS+=-DINET6 .endif -LIBADD= geom md pthread util +LIBADD= geom jail md pthread util YFLAGS+=-v Index: sbin/hastd/subr.c =================================================================== --- sbin/hastd/subr.c +++ sbin/hastd/subr.c @@ -45,6 +45,7 @@ #include #include +#include #include #include #include @@ -155,7 +156,6 @@ drop_privs(const struct hast_resource *res) { char jailhost[sizeof(res->hr_name) * 2]; - struct jail jailst; struct passwd *pw; uid_t ruid, euid, suid; gid_t rgid, egid, sgid; @@ -181,9 +181,6 @@ } } - bzero(&jailst, sizeof(jailst)); - jailst.version = JAIL_API_VERSION; - jailst.path = pw->pw_dir; if (res == NULL) { (void)snprintf(jailhost, sizeof(jailhost), "hastctl"); } else { @@ -190,13 +187,8 @@ (void)snprintf(jailhost, sizeof(jailhost), "hastd: %s (%s)", res->hr_name, role2str(res->hr_role)); } - jailst.hostname = jailhost; - jailst.jailname = NULL; - jailst.ip4s = 0; - jailst.ip4 = NULL; - jailst.ip6s = 0; - jailst.ip6 = NULL; - if (jail(&jailst) >= 0) { + if (jail_setv(JAIL_CREATE | JAIL_ATTACH, "path", pw->pw_dir, + "host.hostname", jailhost, NULL) >= 0) { jailed = true; } else { jailed = false; Index: share/man/man9/VFS_SET.9 =================================================================== --- share/man/man9/VFS_SET.9 +++ share/man/man9/VFS_SET.9 @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 21, 2013 +.Dd March 21, 2018 .Dt VFS_SET 9 .Os .Sh NAME @@ -72,9 +72,10 @@ File names are stored as Unicode. .It Dv VFCF_JAIL Can be mounted from within a jail if -.Va security.jail.mount_allowed -sysctl is set to -.Dv 1 . +.Va allow.mount +and +.Va allow.mount. +jail parameters are set. .It Dv VFCF_DELEGADMIN Supports delegated administration if .Va vfs.usermount Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c =================================================================== --- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c +++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c @@ -5195,9 +5195,8 @@ * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. * Privileged jail processes behave like privileged non-jail - * processes if the security.jail.chflags_allowed sysctl is - * is non-zero; otherwise, they behave like unprivileged - * processes. + * processes if the PR_ALLOW_CHFLAGS permission bit is set; + * otherwise, they behave like unprivileged processes. */ if (secpolicy_fs_owner(vp->v_mount, cred) == 0 || priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) { Index: sys/compat/freebsd32/freebsd32_misc.c =================================================================== --- sys/compat/freebsd32/freebsd32_misc.c +++ sys/compat/freebsd32/freebsd32_misc.c @@ -2271,8 +2271,10 @@ return (0); } +#ifdef COMPAT_FREEBSD11 int -freebsd32_jail(struct thread *td, struct freebsd32_jail_args *uap) +freebsd11_freebsd32_jail(struct thread *td, + struct freebsd11_freebsd32_jail_args *uap) { uint32_t version; int error; @@ -2329,8 +2331,9 @@ /* Sci-Fi jails are not supported, sorry. */ return (EINVAL); } - return (kern_jail(td, &j)); + return (freebsd11_kern_jail(td, &j)); } +#endif /* COMPAT_FREEBSD11 */ int freebsd32_jail_set(struct thread *td, struct freebsd32_jail_set_args *uap) Index: sys/compat/freebsd32/freebsd32_proto.h =================================================================== --- sys/compat/freebsd32/freebsd32_proto.h +++ sys/compat/freebsd32/freebsd32_proto.h @@ -279,9 +279,6 @@ struct freebsd32_aio_error_args { char aiocbp_l_[PADL_(struct aiocb32 *)]; struct aiocb32 * aiocbp; char aiocbp_r_[PADR_(struct aiocb32 *)]; }; -struct freebsd32_jail_args { - char jail_l_[PADL_(struct jail32 *)]; struct jail32 * jail; char jail_r_[PADR_(struct jail32 *)]; -}; struct freebsd32_sigtimedwait_args { char set_l_[PADL_(const sigset_t *)]; const sigset_t * set; char set_r_[PADR_(const sigset_t *)]; char info_l_[PADL_(siginfo_t *)]; siginfo_t * info; char info_r_[PADR_(siginfo_t *)]; @@ -756,7 +753,6 @@ int freebsd32_aio_return(struct thread *, struct freebsd32_aio_return_args *); int freebsd32_aio_suspend(struct thread *, struct freebsd32_aio_suspend_args *); int freebsd32_aio_error(struct thread *, struct freebsd32_aio_error_args *); -int freebsd32_jail(struct thread *, struct freebsd32_jail_args *); int freebsd32_sigtimedwait(struct thread *, struct freebsd32_sigtimedwait_args *); int freebsd32_sigwaitinfo(struct thread *, struct freebsd32_sigwaitinfo_args *); int freebsd32_aio_waitcomplete(struct thread *, struct freebsd32_aio_waitcomplete_args *); @@ -1179,6 +1175,9 @@ char u_fhp_l_[PADL_(const struct fhandle *)]; const struct fhandle * u_fhp; char u_fhp_r_[PADR_(const struct fhandle *)]; char sb_l_[PADL_(struct freebsd11_stat32 *)]; struct freebsd11_stat32 * sb; char sb_r_[PADR_(struct freebsd11_stat32 *)]; }; +struct freebsd11_freebsd32_jail_args { + char jail_l_[PADL_(struct jail32 *)]; struct jail32 * jail; char jail_r_[PADR_(struct jail32 *)]; +}; struct freebsd11_freebsd32_kevent_args { char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)]; char changelist_l_[PADL_(const struct kevent32_freebsd11 *)]; const struct kevent32_freebsd11 * changelist; char changelist_r_[PADR_(const struct kevent32_freebsd11 *)]; @@ -1218,6 +1217,7 @@ int freebsd11_freebsd32_getdirentries(struct thread *, struct freebsd11_freebsd32_getdirentries_args *); int freebsd11_freebsd32_getdents(struct thread *, struct freebsd11_freebsd32_getdents_args *); int freebsd11_freebsd32_fhstat(struct thread *, struct freebsd11_freebsd32_fhstat_args *); +int freebsd11_freebsd32_jail(struct thread *, struct freebsd11_freebsd32_jail_args *); int freebsd11_freebsd32_kevent(struct thread *, struct freebsd11_freebsd32_kevent_args *); int freebsd11_freebsd32_fstatat(struct thread *, struct freebsd11_freebsd32_fstatat_args *); int freebsd11_freebsd32_mknodat(struct thread *, struct freebsd11_freebsd32_mknodat_args *); @@ -1311,7 +1311,7 @@ #define FREEBSD32_SYS_AUE_freebsd6_freebsd32_aio_write AUE_AIO_WRITE #define FREEBSD32_SYS_AUE_freebsd6_freebsd32_lio_listio AUE_LIO_LISTIO #define FREEBSD32_SYS_AUE_freebsd4_freebsd32_sendfile AUE_SENDFILE -#define FREEBSD32_SYS_AUE_freebsd32_jail AUE_JAIL +#define FREEBSD32_SYS_AUE_freebsd11_freebsd32_jail AUE_JAIL #define FREEBSD32_SYS_AUE_freebsd4_freebsd32_sigaction AUE_SIGACTION #define FREEBSD32_SYS_AUE_freebsd4_freebsd32_sigreturn AUE_SIGRETURN #define FREEBSD32_SYS_AUE_freebsd32_sigtimedwait AUE_SIGWAIT Index: sys/compat/freebsd32/freebsd32_syscall.h =================================================================== --- sys/compat/freebsd32/freebsd32_syscall.h +++ sys/compat/freebsd32/freebsd32_syscall.h @@ -275,7 +275,7 @@ #define FREEBSD32_SYS_utrace 335 /* 336 is freebsd4 freebsd32_sendfile */ #define FREEBSD32_SYS_kldsym 337 -#define FREEBSD32_SYS_freebsd32_jail 338 +#define FREEBSD32_SYS_freebsd11_freebsd32_jail 338 #define FREEBSD32_SYS_sigprocmask 340 #define FREEBSD32_SYS_sigsuspend 341 /* 342 is freebsd4 freebsd32_sigaction */ Index: sys/compat/freebsd32/freebsd32_syscalls.c =================================================================== --- sys/compat/freebsd32/freebsd32_syscalls.c +++ sys/compat/freebsd32/freebsd32_syscalls.c @@ -347,7 +347,7 @@ "utrace", /* 335 = utrace */ "compat4.freebsd32_sendfile", /* 336 = freebsd4 freebsd32_sendfile */ "kldsym", /* 337 = kldsym */ - "freebsd32_jail", /* 338 = freebsd32_jail */ + "compat11.freebsd32_jail", /* 338 = freebsd11 freebsd32_jail */ "#339", /* 339 = pioctl */ "sigprocmask", /* 340 = sigprocmask */ "sigsuspend", /* 341 = sigsuspend */ Index: sys/compat/freebsd32/freebsd32_sysent.c =================================================================== --- sys/compat/freebsd32/freebsd32_sysent.c +++ sys/compat/freebsd32/freebsd32_sysent.c @@ -396,7 +396,7 @@ { AS(utrace_args), (sy_call_t *)sys_utrace, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 335 = utrace */ { compat4(AS(freebsd4_freebsd32_sendfile_args),freebsd32_sendfile), AUE_SENDFILE, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 336 = freebsd4 freebsd32_sendfile */ { AS(kldsym_args), (sy_call_t *)sys_kldsym, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 337 = kldsym */ - { AS(freebsd32_jail_args), (sy_call_t *)freebsd32_jail, AUE_JAIL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 338 = freebsd32_jail */ + { compat11(AS(freebsd11_freebsd32_jail_args),freebsd32_jail), AUE_JAIL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 338 = freebsd11 freebsd32_jail */ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 339 = pioctl */ { AS(sigprocmask_args), (sy_call_t *)sys_sigprocmask, AUE_SIGPROCMASK, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 340 = sigprocmask */ { AS(sigsuspend_args), (sy_call_t *)sys_sigsuspend, AUE_SIGSUSPEND, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 341 = sigsuspend */ Index: sys/compat/freebsd32/freebsd32_systrace_args.c =================================================================== --- sys/compat/freebsd32/freebsd32_systrace_args.c +++ sys/compat/freebsd32/freebsd32_systrace_args.c @@ -1584,13 +1584,6 @@ *n_args = 3; break; } - /* freebsd32_jail */ - case 338: { - struct freebsd32_jail_args *p = params; - uarg[0] = (intptr_t) p->jail; /* struct jail32 * */ - *n_args = 1; - break; - } /* sigprocmask */ case 340: { struct sigprocmask_args *p = params; @@ -5778,16 +5771,6 @@ break; }; break; - /* freebsd32_jail */ - case 338: - switch(ndx) { - case 0: - p = "userland struct jail32 *"; - break; - default: - break; - }; - break; /* sigprocmask */ case 340: switch(ndx) { @@ -9755,11 +9738,6 @@ if (ndx == 0 || ndx == 1) p = "int"; break; - /* freebsd32_jail */ - case 338: - if (ndx == 0 || ndx == 1) - p = "int"; - break; /* sigprocmask */ case 340: if (ndx == 0 || ndx == 1) Index: sys/compat/freebsd32/syscalls.master =================================================================== --- sys/compat/freebsd32/syscalls.master +++ sys/compat/freebsd32/syscalls.master @@ -606,7 +606,7 @@ off_t *sbytes, int flags); } 337 AUE_NULL NOPROTO { int kldsym(int fileid, int cmd, \ void *data); } -338 AUE_JAIL STD { int freebsd32_jail(struct jail32 *jail); } +338 AUE_JAIL COMPAT11 { int freebsd32_jail(struct jail32 *jail); } 339 AUE_NULL UNIMPL pioctl 340 AUE_SIGPROCMASK NOPROTO { int sigprocmask(int how, \ const sigset_t *set, sigset_t *oset); } Index: sys/fs/nandfs/nandfs_vnops.c =================================================================== --- sys/fs/nandfs/nandfs_vnops.c +++ sys/fs/nandfs/nandfs_vnops.c @@ -834,9 +834,8 @@ * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. * Privileged jail processes behave like privileged non-jail - * processes if the security.jail.chflags_allowed sysctl is - * is non-zero; otherwise, they behave like unprivileged - * processes. + * processes if the PR_ALLOW_CHFLAGS permission bit is set; + * otherwise, they behave like unprivileged processes. */ flags = inode->i_flags; Index: sys/kern/init_sysent.c =================================================================== --- sys/kern/init_sysent.c +++ sys/kern/init_sysent.c @@ -389,7 +389,7 @@ { AS(utrace_args), (sy_call_t *)sys_utrace, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 335 = utrace */ { compat4(AS(freebsd4_sendfile_args),sendfile), AUE_SENDFILE, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 336 = freebsd4 sendfile */ { AS(kldsym_args), (sy_call_t *)sys_kldsym, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 337 = kldsym */ - { AS(jail_args), (sy_call_t *)sys_jail, AUE_JAIL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 338 = jail */ + { compat11(AS(freebsd11_jail_args),jail), AUE_JAIL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 338 = freebsd11 jail */ { AS(nnpfs_syscall_args), (sy_call_t *)lkmressys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 339 = nnpfs_syscall */ { AS(sigprocmask_args), (sy_call_t *)sys_sigprocmask, AUE_SIGPROCMASK, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 340 = sigprocmask */ { AS(sigsuspend_args), (sy_call_t *)sys_sigsuspend, AUE_SIGSUSPEND, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 341 = sigsuspend */ Index: sys/kern/kern_jail.c =================================================================== --- sys/kern/kern_jail.c +++ sys/kern/kern_jail.c @@ -208,9 +208,11 @@ #define JAIL_DEFAULT_ALLOW (PR_ALLOW_SET_HOSTNAME | PR_ALLOW_RESERVED_PORTS) #define JAIL_DEFAULT_ENFORCE_STATFS 2 #define JAIL_DEFAULT_DEVFS_RSNUM 0 +#ifndef BURN_BRIDGES static unsigned jail_default_allow = JAIL_DEFAULT_ALLOW; static int jail_default_enforce_statfs = JAIL_DEFAULT_ENFORCE_STATFS; static int jail_default_devfs_rsnum = JAIL_DEFAULT_DEVFS_RSNUM; +#endif #if defined(INET) || defined(INET6) static unsigned jail_max_af_ips = 255; #endif @@ -228,6 +230,7 @@ strlcpy(prison0.pr_osrelease, osrelease, sizeof(prison0.pr_osrelease)); } +#ifdef COMPAT_FREEBSD11 /* * struct jail_args { * struct jail *jail; @@ -234,7 +237,7 @@ * }; */ int -sys_jail(struct thread *td, struct jail_args *uap) +freebsd11_jail(struct thread *td, struct freebsd11_jail_args *uap) { uint32_t version; int error; @@ -279,13 +282,16 @@ /* Sci-Fi jails are not supported, sorry. */ return (EINVAL); } - return (kern_jail(td, &j)); + return (freebsd11_kern_jail(td, &j)); } int -kern_jail(struct thread *td, struct jail *j) +freebsd11_kern_jail(struct thread *td, struct jail *j) { - struct iovec optiov[2 * (4 + nitems(pr_flag_allow) + struct iovec optiov[2 * (3 +#ifndef BURN_BRIDGES + + 1 + nitems(pr_flag_allow) +#endif #ifdef INET + 1 #endif @@ -295,7 +301,10 @@ )]; struct uio opt; char *u_path, *u_hostname, *u_name; +#ifndef BURN_BRIDGES struct bool_flags *bf; + int enforce_statfs; +#endif #ifdef INET uint32_t ip4s; struct in_addr *u_ip4; @@ -304,7 +313,7 @@ struct in6_addr *u_ip6; #endif size_t tmplen; - int error, enforce_statfs; + int error; bzero(&optiov, sizeof(optiov)); opt.uio_iov = optiov; @@ -315,6 +324,7 @@ opt.uio_rw = UIO_READ; opt.uio_td = td; +#ifndef BURN_BRIDGES /* Set permissions for top-level jails from sysctls. */ if (!jailed(td->td_ucred)) { for (bf = pr_flag_allow; @@ -335,6 +345,7 @@ optiov[opt.uio_iovcnt].iov_len = sizeof(enforce_statfs); opt.uio_iovcnt++; } +#endif tmplen = MAXPATHLEN + MAXHOSTNAMELEN + MAXHOSTNAMELEN; #ifdef INET @@ -438,6 +449,7 @@ free(u_path, M_TEMP); return (error); } +#endif /* COMPAT_FREEBSD11 */ /* @@ -1255,7 +1267,11 @@ pr->pr_securelevel = ppr->pr_securelevel; pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow; +#ifdef BURN_BRIDGES + pr->pr_enforce_statfs = JAIL_DEFAULT_ENFORCE_STATFS; +#else pr->pr_enforce_statfs = jail_default_enforce_statfs; +#endif pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum; pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; @@ -3407,6 +3423,7 @@ static SYSCTL_NODE(_security, OID_AUTO, jail, CTLFLAG_RW, 0, "Jails"); +#ifdef COMPAT_FREEBSD11 static int sysctl_jail_list(SYSCTL_HANDLER_ARGS) { @@ -3510,6 +3527,7 @@ SYSCTL_OID(_security_jail, OID_AUTO, list, CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_list, "S", "List of active jails"); +#endif /* COMPAT_FREEBSD11 */ static int sysctl_jail_jailed(SYSCTL_HANDLER_ARGS) @@ -3549,9 +3567,10 @@ #if defined(INET) || defined(INET6) SYSCTL_UINT(_security_jail, OID_AUTO, jail_max_af_ips, CTLFLAG_RW, &jail_max_af_ips, 0, - "Number of IP addresses a jail may have at most per address family (deprecated)"); + "Number of IP addresses a jail may have at most per address family"); #endif +#ifndef BURN_BRIDGES /* * Default parameters for jail(2) compatibility. For historical reasons, * the sysctl names have varying similarity to the parameter names. Prisons @@ -3669,6 +3688,7 @@ &jail_default_devfs_rsnum, offsetof(struct prison, pr_devfs_rsnum), sysctl_jail_default_level, "I", "Ruleset for the devfs filesystem in jail (deprecated)"); +#endif /* !BURN_BRIDGES */ /* * Nodes to describe jail parameters. Maximum length of string parameters Index: sys/kern/syscalls.c =================================================================== --- sys/kern/syscalls.c +++ sys/kern/syscalls.c @@ -344,7 +344,7 @@ "utrace", /* 335 = utrace */ "compat4.sendfile", /* 336 = freebsd4 sendfile */ "kldsym", /* 337 = kldsym */ - "jail", /* 338 = jail */ + "compat11.jail", /* 338 = freebsd11 jail */ "nnpfs_syscall", /* 339 = nnpfs_syscall */ "sigprocmask", /* 340 = sigprocmask */ "sigsuspend", /* 341 = sigsuspend */ Index: sys/kern/syscalls.master =================================================================== --- sys/kern/syscalls.master +++ sys/kern/syscalls.master @@ -595,7 +595,7 @@ int flags); } 337 AUE_NULL STD { int kldsym(int fileid, int cmd, \ void *data); } -338 AUE_JAIL STD { int jail(struct jail *jail); } +338 AUE_JAIL COMPAT11 { int jail(struct jail *jail); } 339 AUE_NULL NOSTD|NOTSTATIC { int nnpfs_syscall(int operation, \ char *a_pathP, int a_opcode, \ void *a_paramsP, int a_followSymlinks); } Index: sys/kern/systrace_args.c =================================================================== --- sys/kern/systrace_args.c +++ sys/kern/systrace_args.c @@ -1618,13 +1618,6 @@ *n_args = 3; break; } - /* jail */ - case 338: { - struct jail_args *p = params; - uarg[0] = (intptr_t) p->jail; /* struct jail * */ - *n_args = 1; - break; - } /* nnpfs_syscall */ case 339: { struct nnpfs_syscall_args *p = params; @@ -5839,16 +5832,6 @@ break; }; break; - /* jail */ - case 338: - switch(ndx) { - case 0: - p = "userland struct jail *"; - break; - default: - break; - }; - break; /* nnpfs_syscall */ case 339: switch(ndx) { @@ -9729,11 +9712,6 @@ if (ndx == 0 || ndx == 1) p = "int"; break; - /* jail */ - case 338: - if (ndx == 0 || ndx == 1) - p = "int"; - break; /* nnpfs_syscall */ case 339: if (ndx == 0 || ndx == 1) Index: sys/sys/jail.h =================================================================== --- sys/sys/jail.h +++ sys/sys/jail.h @@ -32,6 +32,7 @@ #ifndef _SYS_JAIL_H_ #define _SYS_JAIL_H_ +#ifdef COMPAT_FREEBSD11 #ifdef _KERNEL struct jail_v0 { u_int32_t version; @@ -57,16 +58,6 @@ * For all xprison structs, always keep the pr_version an int and * the first variable so userspace can easily distinguish them. */ -#ifndef _KERNEL -struct xprison_v1 { - int pr_version; - int pr_id; - char pr_path[MAXPATHLEN]; - char pr_host[MAXHOSTNAMELEN]; - u_int32_t pr_ip; -}; -#endif - struct xprison { int pr_version; int pr_id; @@ -91,6 +82,7 @@ #define PRISON_STATE_INVALID 0 #define PRISON_STATE_ALIVE 1 #define PRISON_STATE_DYING 2 +#endif /* COMPAT_FREEBSD11 */ /* * Flags for jail_set and jail_get. @@ -110,7 +102,6 @@ struct iovec; -int jail(struct jail *); int jail_set(struct iovec *, unsigned int, int); int jail_get(struct iovec *, unsigned int, int); int jail_attach(int); Index: sys/sys/syscall.h =================================================================== --- sys/sys/syscall.h +++ sys/sys/syscall.h @@ -280,7 +280,7 @@ #define SYS_utrace 335 /* 336 is freebsd4 sendfile */ #define SYS_kldsym 337 -#define SYS_jail 338 +#define SYS_freebsd11_jail 338 #define SYS_nnpfs_syscall 339 #define SYS_sigprocmask 340 #define SYS_sigsuspend 341 Index: sys/sys/syscall.mk =================================================================== --- sys/sys/syscall.mk +++ sys/sys/syscall.mk @@ -211,7 +211,7 @@ sched_rr_get_interval.o \ utrace.o \ kldsym.o \ - jail.o \ + freebsd11_jail.o \ nnpfs_syscall.o \ sigprocmask.o \ sigsuspend.o \ Index: sys/sys/syscallsubr.h =================================================================== --- sys/sys/syscallsubr.h +++ sys/sys/syscallsubr.h @@ -141,7 +141,6 @@ int kern_getsockopt(struct thread *td, int s, int level, int name, void *optval, enum uio_seg valseg, socklen_t *valsize); int kern_ioctl(struct thread *td, int fd, u_long com, caddr_t data); -int kern_jail(struct thread *td, struct jail *j); int kern_jail_get(struct thread *td, struct uio *options, int flags); int kern_jail_set(struct thread *td, struct uio *options, int flags); int kern_kevent(struct thread *td, int fd, int nchanges, int nevents, @@ -306,5 +305,6 @@ int freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int count, long *basep, void (*func)(struct freebsd11_dirent *)); +int freebsd11_kern_jail(struct thread *td, struct jail *j); #endif /* !_SYS_SYSCALLSUBR_H_ */ Index: sys/sys/sysproto.h =================================================================== --- sys/sys/sysproto.h +++ sys/sys/sysproto.h @@ -852,9 +852,6 @@ char cmd_l_[PADL_(int)]; int cmd; char cmd_r_[PADR_(int)]; char data_l_[PADL_(void *)]; void * data; char data_r_[PADR_(void *)]; }; -struct jail_args { - char jail_l_[PADL_(struct jail *)]; struct jail * jail; char jail_r_[PADR_(struct jail *)]; -}; struct nnpfs_syscall_args { char operation_l_[PADL_(int)]; int operation; char operation_r_[PADR_(int)]; char a_pathP_l_[PADL_(char *)]; char * a_pathP; char a_pathP_r_[PADR_(char *)]; @@ -1965,7 +1962,6 @@ int sys_sched_rr_get_interval(struct thread *, struct sched_rr_get_interval_args *); int sys_utrace(struct thread *, struct utrace_args *); int sys_kldsym(struct thread *, struct kldsym_args *); -int sys_jail(struct thread *, struct jail_args *); int sys_nnpfs_syscall(struct thread *, struct nnpfs_syscall_args *); int sys_sigprocmask(struct thread *, struct sigprocmask_args *); int sys_sigsuspend(struct thread *, struct sigsuspend_args *); @@ -2532,6 +2528,9 @@ char u_fhp_l_[PADL_(const struct fhandle *)]; const struct fhandle * u_fhp; char u_fhp_r_[PADR_(const struct fhandle *)]; char sb_l_[PADL_(struct freebsd11_stat *)]; struct freebsd11_stat * sb; char sb_r_[PADR_(struct freebsd11_stat *)]; }; +struct freebsd11_jail_args { + char jail_l_[PADL_(struct jail *)]; struct jail * jail; char jail_r_[PADR_(struct jail *)]; +}; struct freebsd11_kevent_args { char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)]; char changelist_l_[PADL_(struct kevent_freebsd11 *)]; struct kevent_freebsd11 * changelist; char changelist_r_[PADR_(struct kevent_freebsd11 *)]; @@ -2579,6 +2578,7 @@ int freebsd11_nfstat(struct thread *, struct freebsd11_nfstat_args *); int freebsd11_nlstat(struct thread *, struct freebsd11_nlstat_args *); int freebsd11_fhstat(struct thread *, struct freebsd11_fhstat_args *); +int freebsd11_jail(struct thread *, struct freebsd11_jail_args *); int freebsd11_kevent(struct thread *, struct freebsd11_kevent_args *); int freebsd11_getfsstat(struct thread *, struct freebsd11_getfsstat_args *); int freebsd11_statfs(struct thread *, struct freebsd11_statfs_args *); @@ -2849,7 +2849,7 @@ #define SYS_AUE_utrace AUE_NULL #define SYS_AUE_freebsd4_sendfile AUE_SENDFILE #define SYS_AUE_kldsym AUE_NULL -#define SYS_AUE_jail AUE_JAIL +#define SYS_AUE_freebsd11_jail AUE_JAIL #define SYS_AUE_nnpfs_syscall AUE_NULL #define SYS_AUE_sigprocmask AUE_SIGPROCMASK #define SYS_AUE_sigsuspend AUE_SIGSUSPEND Index: sys/ufs/ufs/ufs_vnops.c =================================================================== --- sys/ufs/ufs/ufs_vnops.c +++ sys/ufs/ufs/ufs_vnops.c @@ -550,9 +550,8 @@ * Privileged non-jail processes may not modify system flags * if securelevel > 0 and any existing system flags are set. * Privileged jail processes behave like privileged non-jail - * processes if the security.jail.chflags_allowed sysctl is - * is non-zero; otherwise, they behave like unprivileged - * processes. + * processes if the PR_ALLOW_CHFLAGS permission bit is set; + * otherwise, they behave like unprivileged processes. */ if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { if (ip->i_flags & Index: tools/regression/netinet/udpconnectjail/Makefile =================================================================== --- tools/regression/netinet/udpconnectjail/Makefile +++ tools/regression/netinet/udpconnectjail/Makefile @@ -4,4 +4,6 @@ MAN= WARNS?= 2 +LIBADD+= jail + .include Index: tools/regression/netinet/udpconnectjail/udpconnectjail.c =================================================================== --- tools/regression/netinet/udpconnectjail/udpconnectjail.c +++ tools/regression/netinet/udpconnectjail/udpconnectjail.c @@ -36,6 +36,7 @@ #include #include +#include #include #include #include @@ -76,8 +77,6 @@ main(int argc, __unused char *argv[]) { struct sockaddr_in sin; - struct jail thejail; - struct in_addr ia4; if (argc != 1) usage(); @@ -95,19 +94,9 @@ /* * Now re-run in a jail. - * XXX-BZ should switch to jail_set(2). */ - ia4.s_addr = htonl(INADDR_LOOPBACK); - - bzero(&thejail, sizeof(thejail)); - thejail.version = JAIL_API_VERSION; - thejail.path = "/"; - thejail.hostname = "jail"; - thejail.jailname = "udpconnectjail"; - thejail.ip4s = 1; - thejail.ip4 = &ia4; - - if (jail(&thejail) < 0) + if (jail_setv(JAIL_CREATE | JAIL_ATTACH, "name", "udpconnectjail", + "host.hostname", "jail", "ip4.addr", "127.0.0.1", NULL) < 0) errx(-1, "jail: %s", strerror(errno)); test("in jail", &sin); Index: tools/regression/priv/Makefile =================================================================== --- tools/regression/priv/Makefile +++ tools/regression/priv/Makefile @@ -48,7 +48,7 @@ MAN= WARNS?= 3 -LIBADD+= ipsec +LIBADD+= ipsec jail .if ${MK_INET6_SUPPORT} != "no" CFLAGS+= -DINET6 Index: tools/regression/priv/main.c =================================================================== --- tools/regression/priv/main.c +++ tools/regression/priv/main.c @@ -45,6 +45,7 @@ #include #include +#include #include #include #include @@ -438,25 +439,13 @@ static void enter_jail(const char *test) { - struct jail j; - struct in_addr ia4; -#ifdef INET6 - struct in6_addr ia6 = IN6ADDR_LOOPBACK_INIT; -#endif - bzero(&j, sizeof(j)); - j.version = JAIL_API_VERSION; - j.path = "/"; - j.hostname = "test"; - j.jailname = "regressions/priv"; - ia4.s_addr = htonl(INADDR_LOOPBACK); - j.ip4s = 1; - j.ip4 = &ia4; + if (jail_setv(JAIL_CREATE | JAIL_ATTACH, "name", "regressions/priv", + "host.hostname", "test", "ip4.addr", "127.0.0.1", #ifdef INET6 - j.ip6s = 1; - j.ip6 = &ia6; + "ip6.addr", "::1", #endif - if (jail(&j) < 0) + NULL) < 0) err(-1, "test %s: jail", test); } Index: tools/tools/sysdoc/tunables.mdoc =================================================================== --- tools/tools/sysdoc/tunables.mdoc +++ tools/tools/sysdoc/tunables.mdoc @@ -1728,19 +1728,6 @@ security.bsd.unprivileged_read_msgbuf --- -security.jail.set_hostname_allowed -bool - -Determines whether or not the root user -within the jail can set the hostname. - ---- -security.jail.socket_unixiproute_only - ---- -security.jail.sysvipc_allowed - ---- security.mac.biba.enabled bool Index: usr.sbin/jail/command.c =================================================================== --- usr.sbin/jail/command.c +++ usr.sbin/jail/command.c @@ -33,7 +33,6 @@ #include #include #include -#include #include #include Index: usr.sbin/jail/config.c =================================================================== --- usr.sbin/jail/config.c +++ usr.sbin/jail/config.c @@ -32,7 +32,9 @@ #include #include #include +#ifndef BURN_BRIDGES #include +#endif #include #include @@ -98,6 +100,7 @@ #endif [IP__MOUNT_FROM_FSTAB] = {"mount.fstab", PF_INTERNAL | PF_CONV | PF_REV}, [IP__OP] = {NULL, PF_CONV}, +#ifndef BURN_BRIDGES [KP_ALLOW_CHFLAGS] = {"allow.chflags", 0}, [KP_ALLOW_MOUNT] = {"allow.mount", 0}, [KP_ALLOW_RAW_SOCKETS] = {"allow.raw_sockets", 0}, @@ -104,8 +107,11 @@ [KP_ALLOW_SET_HOSTNAME]= {"allow.set_hostname", 0}, [KP_ALLOW_SOCKET_AF] = {"allow.socket_af", 0}, [KP_ALLOW_SYSVIPC] = {"allow.sysvipc", 0}, +#endif [KP_DEVFS_RULESET] = {"devfs_ruleset", 0}, +#ifndef BURN_BRIDGES [KP_ENFORCE_STATFS] = {"enforce_statfs", 0}, +#endif [KP_HOST_HOSTNAME] = {"host.hostname", 0}, #ifdef INET [KP_IP4_ADDR] = {"ip4.addr", 0}, Index: usr.sbin/jail/jail.c =================================================================== --- usr.sbin/jail/jail.c +++ usr.sbin/jail/jail.c @@ -33,7 +33,9 @@ #include #include #include +#ifndef BURN_BRIDGES #include +#endif #include #include @@ -74,6 +76,7 @@ static void quoted_print(FILE *fp, char *str); static void usage(void); +#ifndef BURN_BRIDGES static struct permspec perm_sysctl[] = { { "security.jail.set_hostname_allowed", KP_ALLOW_SET_HOSTNAME, 0 }, { "security.jail.sysvipc_allowed", KP_ALLOW_SYSVIPC, 0 }, @@ -82,6 +85,7 @@ { "security.jail.mount_allowed", KP_ALLOW_MOUNT, 0 }, { "security.jail.socket_unixiproute_only", KP_ALLOW_SOCKET_AF, 1 }, }; +#endif static const enum intparam startcommands[] = { IP__NULL, @@ -260,6 +264,7 @@ #endif for (i = 3; i < argc; i++) add_param(NULL, NULL, IP_COMMAND, argv[i]); +#ifndef BURN_BRIDGES /* Emulate the defaults from security.jail.* sysctls. */ sysvallen = sizeof(sysval); if (sysctlbyname("security.jail.jailed", &sysval, &sysvallen, @@ -284,6 +289,7 @@ enforce_statfs); } } +#endif } else if (op == JF_STOP) { /* Jail remove, perhaps using the config file */ if (!docf || argc == 0) Index: usr.sbin/jail/jailp.h =================================================================== --- usr.sbin/jail/jailp.h +++ usr.sbin/jail/jailp.h @@ -112,6 +112,7 @@ #endif IP__MOUNT_FROM_FSTAB, /* Line from mount.fstab file */ IP__OP, /* Placeholder for requested operation */ +#ifndef BURN_BRIDGES KP_ALLOW_CHFLAGS, KP_ALLOW_MOUNT, KP_ALLOW_RAW_SOCKETS, @@ -118,8 +119,11 @@ KP_ALLOW_SET_HOSTNAME, KP_ALLOW_SOCKET_AF, KP_ALLOW_SYSVIPC, +#endif KP_DEVFS_RULESET, +#ifndef BURN_BRIDGES KP_ENFORCE_STATFS, +#endif KP_HOST_HOSTNAME, #ifdef INET KP_IP4_ADDR,