Page MenuHomeFreeBSD
Files F141944175

D40262.id122431.diff
No OneTemporary
Actions

D40262.id122431.diff
View Options

diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -344,6 +344,9 @@
Elf_Brandinfo *bi, *bi_m;
bool ret, has_fctl0;
int i, interp_name_len;
+ int prison_fallback_brand;
+
+ prison_fallback_brand = imgp->proc->p_ucred->cr_prison->pr_elf_fallback_brand;
interp_name_len = interp != NULL ? strlen(interp) + 1 : 0;
@@ -471,6 +474,11 @@
if (bi == NULL || (bi->flags & BI_BRAND_NOTE_MANDATORY) != 0 ||
(interp != NULL && (bi->flags & BI_BRAND_ONLY_STATIC) != 0))
continue;
+ if (hdr->e_machine == bi->machine &&
+ prison_fallback_brand == bi->brand &&
+ (bi->header_supported == NULL ||
+ bi->header_supported(imgp, NULL, NULL)))
+ return (bi);
if (hdr->e_machine == bi->machine &&
__elfN(fallback_brand) == bi->brand &&
(bi->header_supported == NULL ||
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -991,9 +991,10 @@
size_t namelen, onamelen, pnamelen;
int born, created, cuflags, descend, drflags, enforce;
int error, errmsg_len, errmsg_pos;
- int gotchildmax, gotenforce, gothid, gotrsnum, gotslevel;
+ int gotchildmax, gotenforce, gothid, gotrsnum, gotslevel, gotelf;
int jid, jsys, len, level;
int childmax, osreldt, rsnum, slevel;
+ int elf_fallback_brand;
#ifdef INET
int ip4s;
bool redo_ip4;
@@ -1088,6 +1089,14 @@
else
gotrsnum = 1;
+ error = vfs_copyopt(opts, "elf.fallback_brand", &elf_fallback_brand, sizeof(elf_fallback_brand));
+ if (error == ENOENT)
+ gotelf = 0;
+ else if (error != 0)
+ goto done_free;
+ else
+ gotelf = 1;
+
pr_flags = ch_flags = 0;
for (bf = pr_flag_bool;
bf < pr_flag_bool + nitems(pr_flag_bool);
@@ -1687,6 +1696,7 @@
pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow;
pr->pr_enforce_statfs = jail_default_enforce_statfs;
pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum;
+ pr->pr_elf_fallback_brand = -1;
pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate;
if (osrelstr == NULL)
@@ -1944,6 +1954,10 @@
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend)
tpr->pr_devfs_rsnum = rsnum;
}
+
+ if (gotelf)
+ pr->pr_elf_fallback_brand = elf_fallback_brand;
+
if (namelc != NULL) {
if (ppr == &prison0)
strlcpy(pr->pr_name, namelc, sizeof(pr->pr_name));
@@ -2422,6 +2436,11 @@
error = vfs_setopts(opts, "host.hostuuid", pr->pr_hostuuid);
if (error != 0 && error != ENOENT)
goto done;
+ error = vfs_setopt(opts, "elf.fallback_brand",
+ &pr->pr_elf_fallback_brand,
+ sizeof(pr->pr_elf_fallback_brand));
+ if (error != 0 && error != ENOENT)
+ goto done;
#ifdef COMPAT_FREEBSD32
if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) {
uint32_t hid32 = pr->pr_hostid;
@@ -4489,6 +4508,10 @@
SYSCTL_JAIL_PARAM(, dying, CTLTYPE_INT | CTLFLAG_RD,
"B", "Jail is in the process of shutting down");
+SYSCTL_JAIL_PARAM_NODE(elf, "Jail ABI");
+SYSCTL_JAIL_PARAM(_elf, fallback_brand, CTLTYPE_INT | CTLFLAG_RW,
+ "I", "ELF brand of last resort");
+
SYSCTL_JAIL_PARAM_NODE(children, "Number of child jails");
SYSCTL_JAIL_PARAM(_children, cur, CTLTYPE_INT | CTLFLAG_RD,
"I", "Current number of child jails");
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -206,6 +206,7 @@
char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */
char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */
char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */
+ int pr_elf_fallback_brand; /* (p) elf fallback abi */
};
struct prison_racct {
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -760,6 +760,20 @@
Allow access to SYSV IPC semaphore and shared memory primitives, in the
same manner as
.Va sysvmsg.
+.It Va efi.fallback_brand
+The ABI brand of the Jail.
+
+Setting this value allows executables with unknown ABI brand to run as the
+specified ABI brand.
+
+More specifically, if the ABI field of the ELF header of an executable to run in
+the Jail is unknown, it will fallback to try this brand before trying the
+system-wise fallback brands.
+
+For example, setting this parameter to 3, the Linux ABI brand, cause Linux
+executables with ELF ABI brand "0" run in the Jail without the need to rebrand
+the executables with
+.Xr brandelf 1 .
.El
.Pp
There are pseudo-parameters that are not passed to the kernel, but are

File Metadata

Mime Type
text/plain
Expires
Wed, Jan 14, 10:07 PM (1 h, 35 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
27640093
Default Alt Text
D40262.id122431.diff (4 KB)

Event Timeline