Page MenuHomeFreeBSD
Files F145162713

D40262.id122393.diff
No OneTemporary
Actions

D40262.id122393.diff
View Options

diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -344,6 +344,9 @@
Elf_Brandinfo *bi, *bi_m;
bool ret, has_fctl0;
int i, interp_name_len;
+ int prison_fallback_brand;
+
+ prison_fallback_brand = imgp->proc->p_ucred->cr_prison->pr_elf_fallback_brand;
interp_name_len = interp != NULL ? strlen(interp) + 1 : 0;
@@ -471,6 +474,11 @@
if (bi == NULL || (bi->flags & BI_BRAND_NOTE_MANDATORY) != 0 ||
(interp != NULL && (bi->flags & BI_BRAND_ONLY_STATIC) != 0))
continue;
+ if (hdr->e_machine == bi->machine &&
+ prison_fallback_brand == bi->brand &&
+ (bi->header_supported == NULL ||
+ bi->header_supported(imgp, NULL, NULL)))
+ return (bi);
if (hdr->e_machine == bi->machine &&
__elfN(fallback_brand) == bi->brand &&
(bi->header_supported == NULL ||
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -953,9 +953,10 @@
size_t namelen, onamelen, pnamelen;
int born, created, cuflags, descend, drflags, enforce;
int error, errmsg_len, errmsg_pos;
- int gotchildmax, gotenforce, gothid, gotrsnum, gotslevel;
+ int gotchildmax, gotenforce, gothid, gotrsnum, gotslevel, gotelf;
int jid, jsys, len, level;
int childmax, osreldt, rsnum, slevel;
+ int elf_fallback_brand;
#ifdef INET
int ip4s, redo_ip4;
#endif
@@ -1048,6 +1049,14 @@
else
gotrsnum = 1;
+ error = vfs_copyopt(opts, "elf.fallback_brand", &elf_fallback_brand, sizeof(elf_fallback_brand));
+ if (error == ENOENT)
+ gotelf = 0;
+ else if (error != 0)
+ goto done_free;
+ else
+ gotelf = 1;
+
pr_flags = ch_flags = 0;
for (bf = pr_flag_bool;
bf < pr_flag_bool + nitems(pr_flag_bool);
@@ -1647,6 +1656,7 @@
pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow;
pr->pr_enforce_statfs = jail_default_enforce_statfs;
pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum;
+ pr->pr_elf_fallback_brand = -1;
pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate;
if (osrelstr == NULL)
@@ -1904,6 +1914,10 @@
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend)
tpr->pr_devfs_rsnum = rsnum;
}
+
+ if (gotelf)
+ pr->pr_elf_fallback_brand = elf_fallback_brand;
+
if (namelc != NULL) {
if (ppr == &prison0)
strlcpy(pr->pr_name, namelc, sizeof(pr->pr_name));
@@ -2383,6 +2397,11 @@
error = vfs_setopts(opts, "host.hostuuid", pr->pr_hostuuid);
if (error != 0 && error != ENOENT)
goto done;
+ error = vfs_setopt(opts, "elf.fallback_brand",
+ &pr->pr_elf_fallback_brand,
+ sizeof(pr->pr_elf_fallback_brand));
+ if (error != 0 && error != ENOENT)
+ goto done;
#ifdef COMPAT_FREEBSD32
if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) {
uint32_t hid32 = pr->pr_hostid;
@@ -4413,6 +4432,10 @@
SYSCTL_JAIL_PARAM(, dying, CTLTYPE_INT | CTLFLAG_RD,
"B", "Jail is in the process of shutting down");
+SYSCTL_JAIL_PARAM_NODE(elf, "Jail ABI");
+SYSCTL_JAIL_PARAM(_elf, fallback_brand, CTLTYPE_INT | CTLFLAG_RW,
+ "I", "ELF brand of last resort");
+
SYSCTL_JAIL_PARAM_NODE(children, "Number of child jails");
SYSCTL_JAIL_PARAM(_children, cur, CTLTYPE_INT | CTLFLAG_RD,
"I", "Current number of child jails");
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -205,6 +205,7 @@
char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */
char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */
char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */
+ int pr_elf_fallback_brand; /* (p) elf fallback abi */
};
struct prison_racct {

File Metadata

Mime Type
text/plain
Expires
Tue, Feb 17, 3:19 PM (7 h, 42 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
28817563
Default Alt Text
D40262.id122393.diff (3 KB)

Event Timeline