Page MenuHomeFreeBSD
Files F147021574

D47332.id146847.diff
No OneTemporary
Actions

D47332.id146847.diff
View Options

diff --git a/share/man/man9/sysctl.9 b/share/man/man9/sysctl.9
--- a/share/man/man9/sysctl.9
+++ b/share/man/man9/sysctl.9
@@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd September 1, 2020
+.Dd November 7, 2024
.Dt SYSCTL 9
.Os
.Sh NAME
@@ -901,7 +901,13 @@
This sysctl can be written to only if the effective securelevel of the
process is \[<=] 0.
.It Dv CTLFLAG_PRISON
-This sysctl can be written to by processes in
+It indicates that this sysctl variable may vary per
+.Xr jail 2 .
+All such variables can be listed using
+.Fl J
+option of
+.Xr sysctl 8 .
+Also, if it is not read-only then it can be written to by processes in
.Xr jail 2 .
.It Dv CTLFLAG_SKIP
When iterating the sysctl name space, do not list this sysctl.
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -4356,7 +4356,7 @@
}
SYSCTL_OID(_security_jail, OID_AUTO, list,
- CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_PRISON | CTLFLAG_MPSAFE, NULL, 0,
sysctl_jail_list, "S", "List of active jails");
static int
@@ -4371,7 +4371,7 @@
}
SYSCTL_PROC(_security_jail, OID_AUTO, jailed,
- CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_PRISON | CTLFLAG_MPSAFE, NULL, 0,
sysctl_jail_jailed, "I", "Process in jail?");
static int
@@ -4391,7 +4391,7 @@
}
SYSCTL_PROC(_security_jail, OID_AUTO, vnet,
- CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_PRISON | CTLFLAG_MPSAFE, NULL, 0,
sysctl_jail_vnet, "I", "Jail owns vnet?");
#if defined(INET) || defined(INET6)
@@ -4427,7 +4427,7 @@
if (arg1 != NULL)
i ^= arg2;
/*
- * The sysctls don't have CTLFLAGS_PRISON, so assume prison0
+ * The sysctls don't have CTLFLAG_PRISON, so assume prison0
* for writing.
*/
mtx_lock(&prison0.pr_mtx);
@@ -4513,11 +4513,11 @@
}
SYSCTL_PROC(_security_jail_children, OID_AUTO, max,
- CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE,
+ CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
NULL, offsetof(struct prison, pr_childmax), sysctl_jail_children,
"I", "Maximum number of child jails");
SYSCTL_PROC(_security_jail_children, OID_AUTO, cur,
- CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE,
+ CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
NULL, offsetof(struct prison, pr_childcount), sysctl_jail_children,
"I", "Current number of child jails");
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -555,7 +555,7 @@
}
SYSCTL_PROC(_kern, KERN_OSRELEASE, osrelease,
- CTLTYPE_STRING | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_MPSAFE,
+ CTLTYPE_STRING | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
NULL, 0, sysctl_osrelease, "A", "Operating system release");
/*
@@ -578,7 +578,7 @@
* /usr/include/osreldate.h
*/
SYSCTL_PROC(_kern, KERN_OSRELDATE, osreldate,
- CTLTYPE_INT | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_MPSAFE,
+ CTLTYPE_INT | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
NULL, 0, sysctl_osreldate, "I", "Kernel release date");
/*
diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h
--- a/sys/sys/sysctl.h
+++ b/sys/sys/sysctl.h
@@ -81,7 +81,7 @@
#define CTLFLAG_DORMANT 0x20000000 /* This sysctl is not active yet */
#define CTLFLAG_ANYBODY 0x10000000 /* All users can set this var */
#define CTLFLAG_SECURE 0x08000000 /* Permit set only if securelevel<=0 */
-#define CTLFLAG_PRISON 0x04000000 /* Prisoned roots can fiddle */
+#define CTLFLAG_PRISON 0x04000000 /* Per jail, prisoned root can fiddle */
#define CTLFLAG_DYN 0x02000000 /* Dynamic oid - can be freed */
#define CTLFLAG_SKIP 0x01000000 /* Skip this sysctl when listing */
#define CTLMASK_SECURE 0x00F00000 /* Secure level */

File Metadata

Mime Type
text/plain
Expires
Sun, Mar 8, 4:43 PM (13 h, 20 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29410408
Default Alt Text
D47332.id146847.diff (3 KB)

Event Timeline