diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -223,6 +223,8 @@ {"allow.nfsd", "allow.nonfsd", PR_ALLOW_NFSD}, #endif {"allow.extattr", "allow.noextattr", PR_ALLOW_EXTATTR}, + {"allow.adjtime", "allow.noadjtime", PR_ALLOW_ADJTIME}, + {"allow.settime", "allow.nosettime", PR_ALLOW_SETTIME}, }; static unsigned pr_allow_all = PR_ALLOW_ALL_STATIC; const size_t pr_flag_allow_size = sizeof(pr_flag_allow); @@ -4167,6 +4169,28 @@ return (0); return (EPERM); + /* + * Conditionally allow privileged process in the jail adjust + * machine time. + */ + case PRIV_ADJTIME: + case PRIV_NTP_ADJTIME: + if (cred->cr_prison->pr_allow & + (PR_ALLOW_ADJTIME | PR_ALLOW_SET_HOSTNAME)) { + return (0); + } + return (EPERM); + + /* + * Conditionally allow privileged process in the jail set + * machine time. + */ + case PRIV_CLOCK_SETTIME: + if (cred->cr_prison->pr_allow & PR_ALLOW_SETTIME) + return (0); + else + return (EPERM); + default: /* * In all remaining cases, deny the privilege request. This @@ -4631,6 +4655,10 @@ #endif SYSCTL_JAIL_PARAM(_allow, extattr, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may set system-level filesystem extended attributes"); +SYSCTL_JAIL_PARAM(_allow, adjtime, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may adjust system time"); +SYSCTL_JAIL_PARAM(_allow, settime, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may set system time"); SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags"); SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, diff --git a/sys/sys/jail.h b/sys/sys/jail.h --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -254,7 +254,9 @@ #define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */ #define PR_ALLOW_NFSD 0x00020000 #define PR_ALLOW_EXTATTR 0x00040000 -#define PR_ALLOW_ALL_STATIC 0x000787ff +#define PR_ALLOW_ADJTIME 0x00080000 +#define PR_ALLOW_SETTIME 0x00100000 +#define PR_ALLOW_ALL_STATIC 0x001f87ff /* * PR_ALLOW_DIFFERENCES determines which flags are able to be diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd March 16, 2024 +.Dd June 10, 2024 .Dt JAIL 8 .Os .Sh NAME @@ -656,6 +656,15 @@ .It Va allow.extattr Allow privileged process in the jail to manipulate filesystem extended attributes in the system namespace. +.It Va allow.adjtime +Allow privileged process in the jail to adjust global operating system time. +For example through utilities like +.Xr ntpd 8 . +.It Va allow.settime +Allow privileged process in the jail to calibrate global operating system data +and time. +For example through utilities like +.Xr date 1 . .El .El .Pp @@ -1408,6 +1417,7 @@ This is by virtue of the child jail being created in the chrooted environment of the first jail. .Sh SEE ALSO +.Xr date 1 , .Xr killall 1 , .Xr lsvfs 1 , .Xr newaliases 1 , @@ -1415,6 +1425,9 @@ .Xr pkill 1 , .Xr ps 1 , .Xr quota 1 , +.Xr adjtime 2 , +.Xr clock_settime 2 , +.Xr ntp_adjtime 2 , .Xr jail_set 2 , .Xr devfs 4 , .Xr fdescfs 4 , @@ -1436,6 +1449,7 @@ .Xr mount 8 , .Xr mountd 8 , .Xr nfsd 8 , +.Xr ntpd 8 , .Xr reboot 8 , .Xr rpcbind 8 , .Xr sendmail 8 ,