Page MenuHomeFreeBSD
Files F146914307

D51656.id.diff
No OneTemporary
Actions

D51656.id.diff
View Options

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -115,8 +115,11 @@
#else
.pr_flags = PR_HOST|_PR_IP_SADDRSEL,
#endif
- .pr_allow = PR_ALLOW_ALL_STATIC,
+ .pr_allow = PR_ALLOW_PRISON0,
};
+_Static_assert((PR_ALLOW_PRISON0 & ~PR_ALLOW_ALL_STATIC) == 0,
+ "Bits enabled in PR_ALLOW_PRISON0 that are not statically reserved");
+
MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
struct bool_flags {
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -260,7 +260,15 @@
#define PR_ALLOW_ADJTIME 0x00080000
#define PR_ALLOW_SETTIME 0x00100000
#define PR_ALLOW_ROUTING 0x00200000
+
+/*
+ * PR_ALLOW_PRISON0 are the allow flags that we apply by default to prison0,
+ * while PR_ALLOW_ALL_STATIC are all of the allow bits that we have allocated at
+ * build time. PR_ALLOW_ALL_STATIC should contain any bit above that we expect
+ * to be used on the system, while PR_ALLOW_PRISON0 will be some subset of that.
+ */
#define PR_ALLOW_ALL_STATIC 0x003f87ff
+#define PR_ALLOW_PRISON0 (PR_ALLOW_ALL_STATIC)
/*
* PR_ALLOW_DIFFERENCES determines which flags are able to be

File Metadata

Mime Type
text/plain
Expires
Sat, Mar 7, 5:32 PM (5 h, 31 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29362176
Default Alt Text
D51656.id.diff (1 KB)

Event Timeline