Index: sys/kern/kern_jail.c =================================================================== --- sys/kern/kern_jail.c +++ sys/kern/kern_jail.c @@ -2510,14 +2510,14 @@ * PR_IP4 and PR_IP6), or only the single bit is examined, without regard * to any other prison data. */ -int +bool prison_flag(struct ucred *cred, unsigned flag) { return (cred->cr_prison->pr_flags & flag); } -int +bool prison_allow(struct ucred *cred, unsigned flag) { @@ -3141,16 +3141,16 @@ } /* - * Return 1 if p2 is a child of p1, otherwise 0. + * Return true if p2 is a child of p1, otherwise false. */ -int +bool prison_ischild(struct prison *pr1, struct prison *pr2) { for (pr2 = pr2->pr_parent; pr2 != NULL; pr2 = pr2->pr_parent) if (pr1 == pr2) - return (1); - return (0); + return (true); + return (false); } /* @@ -3185,21 +3185,21 @@ } /* - * Return 1 if the passed credential is in a jail and that jail does not - * have its own virtual network stack, otherwise 0. + * Return true if the passed credential is in a jail and that jail does not + * have its own virtual network stack, otherwise false. */ -int +bool jailed_without_vnet(struct ucred *cred) { if (!jailed(cred)) - return (0); + return (false); #ifdef VIMAGE if (prison_owns_vnet(cred)) - return (0); + return (false); #endif - return (1); + return (true); } /* @@ -3261,9 +3261,9 @@ * Determine whether the prison represented by cred owns * its vnet rather than having it inherited. * - * Returns 1 in case the prison owns the vnet, 0 otherwise. + * Returns true in case the prison owns the vnet, false otherwise. */ -int +bool prison_owns_vnet(struct ucred *cred) { @@ -3271,7 +3271,7 @@ * vnets cannot be added/removed after jail creation, * so no need to lock here. */ - return (cred->cr_prison->pr_flags & PR_VNET ? 1 : 0); + return ((cred->cr_prison->pr_flags & PR_VNET) != 0); } #endif Index: sys/netinet/in_jail.c =================================================================== --- sys/netinet/in_jail.c +++ sys/netinet/in_jail.c @@ -94,10 +94,11 @@ * Restrict a prison's IP address list with its parent's, possibly replacing * it. Return true if the replacement buffer was used (or would have been). */ -int +bool prison_restrict_ip4(struct prison *pr, struct in_addr *newip4) { - int ii, ij, used; + int ii, ij; + bool used; struct prison *ppr; ppr = pr->pr_parent; @@ -110,12 +111,12 @@ * (if it was passed). If there's no buffer, try to * allocate one. */ - used = 1; + used = true; if (newip4 == NULL) { newip4 = malloc(ppr->pr_ip4s * sizeof(*newip4), M_PRISON, M_NOWAIT); if (newip4 != NULL) - used = 0; + used = false; } if (newip4 != NULL) { bcopy(ppr->pr_ip4, newip4, @@ -171,7 +172,7 @@ pr->pr_ip4 = NULL; } } - return (0); + return (false); } /* @@ -210,49 +211,47 @@ } /* - * Return 1 if we should do proper source address selection or are not jailed. - * We will return 0 if we should bypass source address selection in favour + * Return true if we should do proper source address selection or are not jailed. + * We will return false if we should bypass source address selection in favour * of the primary jail IPv4 address. Only in this case *ia will be updated and * returned in NBO. - * Return EAFNOSUPPORT, in case this jail does not allow IPv4. + * Return true, even in case this jail does not allow IPv4. */ -int +bool prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia) { struct prison *pr; struct in_addr lia; - int error; KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); KASSERT(ia != NULL, ("%s: ia is NULL", __func__)); if (!jailed(cred)) - return (1); + return (true); pr = cred->cr_prison; if (pr->pr_flags & PR_IP4_SADDRSEL) - return (1); + return (true); lia.s_addr = INADDR_ANY; - error = prison_get_ip4(cred, &lia); - if (error) - return (error); + if (prison_get_ip4(cred, &lia)) + return (true); if (lia.s_addr == INADDR_ANY) - return (1); + return (true); ia->s_addr = lia.s_addr; - return (0); + return (false); } /* * Return true if pr1 and pr2 have the same IPv4 address restrictions. */ -int +bool prison_equal_ip4(struct prison *pr1, struct prison *pr2) { if (pr1 == pr2) - return (1); + return (true); /* * No need to lock since the PR_IP4_USER flag can't be altered for Index: sys/netinet6/in6_jail.c =================================================================== --- sys/netinet6/in6_jail.c +++ sys/netinet6/in6_jail.c @@ -84,10 +84,15 @@ return (rc); } -int +/* + * Restrict a prison's IP address list with its parent's, possibly replacing + * it. Return true if the replacement buffer was used (or would have been). + */ +bool prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6) { - int ii, ij, used; + int ii, ij; + bool used; struct prison *ppr; ppr = pr->pr_parent; @@ -100,12 +105,12 @@ * (if it was passed). If there's no buffer, try to * allocate one. */ - used = 1; + used = true; if (newip6 == NULL) { newip6 = malloc(ppr->pr_ip6s * sizeof(*newip6), M_PRISON, M_NOWAIT); if (newip6 != NULL) - used = 0; + used = false; } if (newip6 != NULL) { bcopy(ppr->pr_ip6, newip6, @@ -163,7 +168,7 @@ pr->pr_ip6 = NULL; } } - return 0; + return (false); } /* @@ -201,49 +206,47 @@ } /* - * Return 1 if we should do proper source address selection or are not jailed. - * We will return 0 if we should bypass source address selection in favour + * Return true if we should do proper source address selection or are not jailed. + * We will return false if we should bypass source address selection in favour * of the primary jail IPv6 address. Only in this case *ia will be updated and * returned in NBO. - * Return EAFNOSUPPORT, in case this jail does not allow IPv6. + * Return true, even in case this jail does not allow IPv6. */ -int +bool prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6) { struct prison *pr; struct in6_addr lia6; - int error; KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__)); if (!jailed(cred)) - return (1); + return (true); pr = cred->cr_prison; if (pr->pr_flags & PR_IP6_SADDRSEL) - return (1); + return (true); lia6 = in6addr_any; - error = prison_get_ip6(cred, &lia6); - if (error) - return (error); + if (prison_get_ip6(cred, &lia6)) + return (true); if (IN6_IS_ADDR_UNSPECIFIED(&lia6)) - return (1); + return (true); bcopy(&lia6, ia6, sizeof(struct in6_addr)); - return (0); + return (false); } /* * Return true if pr1 and pr2 have the same IPv6 address restrictions. */ -int +bool prison_equal_ip6(struct prison *pr1, struct prison *pr2) { if (pr1 == pr2) - return (1); + return (true); while (pr1 != &prison0 && #ifdef VIMAGE Index: sys/sys/jail.h =================================================================== --- sys/sys/jail.h +++ sys/sys/jail.h @@ -404,23 +404,23 @@ */ #define jailed(cred) (cred->cr_prison != &prison0) -int jailed_without_vnet(struct ucred *); +bool jailed_without_vnet(struct ucred *); void getcredhostname(struct ucred *, char *, size_t); void getcreddomainname(struct ucred *, char *, size_t); void getcredhostuuid(struct ucred *, char *, size_t); void getcredhostid(struct ucred *, unsigned long *); void getjailname(struct ucred *cred, char *name, size_t len); void prison0_init(void); -int prison_allow(struct ucred *, unsigned); +bool prison_allow(struct ucred *, unsigned); int prison_check(struct ucred *cred1, struct ucred *cred2); -int prison_owns_vnet(struct ucred *); +bool prison_owns_vnet(struct ucred *); int prison_canseemount(struct ucred *cred, struct mount *mp); void prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp); struct prison *prison_find(int prid); struct prison *prison_find_child(struct prison *, int); struct prison *prison_find_name(struct prison *, const char *); -int prison_flag(struct ucred *, unsigned); +bool prison_flag(struct ucred *, unsigned); void prison_free(struct prison *pr); void prison_free_locked(struct prison *pr); void prison_hold(struct prison *pr); @@ -428,27 +428,27 @@ void prison_proc_hold(struct prison *); void prison_proc_free(struct prison *); void prison_set_allow(struct ucred *cred, unsigned flag, int enable); -int prison_ischild(struct prison *, struct prison *); +bool prison_ischild(struct prison *, struct prison *); bool prison_isalive(struct prison *); bool prison_isvalid(struct prison *); -int prison_equal_ip4(struct prison *, struct prison *); +bool prison_equal_ip4(struct prison *, struct prison *); int prison_get_ip4(struct ucred *cred, struct in_addr *ia); int prison_local_ip4(struct ucred *cred, struct in_addr *ia); int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); int prison_check_ip4(const struct ucred *, const struct in_addr *); int prison_check_ip4_locked(const struct prison *, const struct in_addr *); -int prison_saddrsel_ip4(struct ucred *, struct in_addr *); -int prison_restrict_ip4(struct prison *, struct in_addr *); +bool prison_saddrsel_ip4(struct ucred *, struct in_addr *); +bool prison_restrict_ip4(struct prison *, struct in_addr *); int prison_qcmp_v4(const void *, const void *); #ifdef INET6 -int prison_equal_ip6(struct prison *, struct prison *); +bool prison_equal_ip6(struct prison *, struct prison *); int prison_get_ip6(struct ucred *, struct in6_addr *); int prison_local_ip6(struct ucred *, struct in6_addr *, int); int prison_remote_ip6(struct ucred *, struct in6_addr *); int prison_check_ip6(const struct ucred *, const struct in6_addr *); int prison_check_ip6_locked(const struct prison *, const struct in6_addr *); -int prison_saddrsel_ip6(struct ucred *, struct in6_addr *); -int prison_restrict_ip6(struct prison *, struct in6_addr *); +bool prison_saddrsel_ip6(struct ucred *, struct in6_addr *); +bool prison_restrict_ip6(struct prison *, struct in6_addr *); int prison_qcmp_v6(const void *, const void *); #endif int prison_check_af(struct ucred *cred, int af);