Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/kern_jail.c
Show First 20 Lines • Show All 985 Lines • ▼ Show 20 Lines | #endif | ||||
struct jailsys_flags *jsf; | struct jailsys_flags *jsf; | ||||
#if defined(INET) || defined(INET6) | #if defined(INET) || defined(INET6) | ||||
void *op; | void *op; | ||||
#endif | #endif | ||||
unsigned long hid; | unsigned long hid; | ||||
size_t namelen, onamelen, pnamelen; | size_t namelen, onamelen, pnamelen; | ||||
int born, created, cuflags, descend, drflags, enforce; | int born, created, cuflags, descend, drflags, enforce; | ||||
int error, errmsg_len, errmsg_pos; | int error, errmsg_len, errmsg_pos; | ||||
int gotchildmax, gotenforce, gothid, gotrsnum, gotslevel; | int gotchildmax, gotenforce, gothid, gotrsnum, gotslevel, gotelf; | ||||
int jid, jsys, len, level; | int jid, jsys, len, level; | ||||
int childmax, osreldt, rsnum, slevel; | int childmax, osreldt, rsnum, slevel; | ||||
int elf_fallback_brand; | |||||
#ifdef INET | #ifdef INET | ||||
int ip4s; | int ip4s; | ||||
bool redo_ip4; | bool redo_ip4; | ||||
#endif | #endif | ||||
#ifdef INET6 | #ifdef INET6 | ||||
int ip6s; | int ip6s; | ||||
bool redo_ip6; | bool redo_ip6; | ||||
#endif | #endif | ||||
▲ Show 20 Lines • Show All 78 Lines • ▼ Show 20 Lines | #endif | ||||
error = vfs_copyopt(opts, "devfs_ruleset", &rsnum, sizeof(rsnum)); | error = vfs_copyopt(opts, "devfs_ruleset", &rsnum, sizeof(rsnum)); | ||||
if (error == ENOENT) | if (error == ENOENT) | ||||
gotrsnum = 0; | gotrsnum = 0; | ||||
else if (error != 0) | else if (error != 0) | ||||
goto done_free; | goto done_free; | ||||
else | else | ||||
gotrsnum = 1; | gotrsnum = 1; | ||||
error = vfs_copyopt(opts, "elf.fallback_brand", &elf_fallback_brand, sizeof(elf_fallback_brand)); | |||||
markj: This line is too long. | |||||
if (error == ENOENT) | |||||
gotelf = 0; | |||||
else if (error != 0) | |||||
goto done_free; | |||||
else | |||||
gotelf = 1; | |||||
pr_flags = ch_flags = 0; | pr_flags = ch_flags = 0; | ||||
for (bf = pr_flag_bool; | for (bf = pr_flag_bool; | ||||
bf < pr_flag_bool + nitems(pr_flag_bool); | bf < pr_flag_bool + nitems(pr_flag_bool); | ||||
bf++) { | bf++) { | ||||
vfs_flagopt(opts, bf->name, &pr_flags, bf->flag); | vfs_flagopt(opts, bf->name, &pr_flags, bf->flag); | ||||
vfs_flagopt(opts, bf->noname, &ch_flags, bf->flag); | vfs_flagopt(opts, bf->noname, &ch_flags, bf->flag); | ||||
} | } | ||||
ch_flags |= pr_flags; | ch_flags |= pr_flags; | ||||
▲ Show 20 Lines • Show All 583 Lines • ▼ Show 20 Lines | |||||
#endif | #endif | ||||
/* Source address selection is always on by default. */ | /* Source address selection is always on by default. */ | ||||
pr->pr_flags |= _PR_IP_SADDRSEL; | pr->pr_flags |= _PR_IP_SADDRSEL; | ||||
pr->pr_securelevel = ppr->pr_securelevel; | pr->pr_securelevel = ppr->pr_securelevel; | ||||
pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow; | pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow; | ||||
pr->pr_enforce_statfs = jail_default_enforce_statfs; | pr->pr_enforce_statfs = jail_default_enforce_statfs; | ||||
pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum; | pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum; | ||||
pr->pr_elf_fallback_brand = -1; | |||||
pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; | pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; | ||||
if (osrelstr == NULL) | if (osrelstr == NULL) | ||||
strlcpy(pr->pr_osrelease, ppr->pr_osrelease, | strlcpy(pr->pr_osrelease, ppr->pr_osrelease, | ||||
sizeof(pr->pr_osrelease)); | sizeof(pr->pr_osrelease)); | ||||
else | else | ||||
strlcpy(pr->pr_osrelease, osrelstr, | strlcpy(pr->pr_osrelease, osrelstr, | ||||
sizeof(pr->pr_osrelease)); | sizeof(pr->pr_osrelease)); | ||||
▲ Show 20 Lines • Show All 241 Lines • ▼ Show 20 Lines | FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) | ||||
tpr->pr_enforce_statfs = enforce; | tpr->pr_enforce_statfs = enforce; | ||||
} | } | ||||
if (gotrsnum) { | if (gotrsnum) { | ||||
pr->pr_devfs_rsnum = rsnum; | pr->pr_devfs_rsnum = rsnum; | ||||
/* Pass this restriction on to the children. */ | /* Pass this restriction on to the children. */ | ||||
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) | FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) | ||||
tpr->pr_devfs_rsnum = rsnum; | tpr->pr_devfs_rsnum = rsnum; | ||||
} | } | ||||
if (gotelf) | |||||
pr->pr_elf_fallback_brand = elf_fallback_brand; | |||||
if (namelc != NULL) { | if (namelc != NULL) { | ||||
if (ppr == &prison0) | if (ppr == &prison0) | ||||
strlcpy(pr->pr_name, namelc, sizeof(pr->pr_name)); | strlcpy(pr->pr_name, namelc, sizeof(pr->pr_name)); | ||||
else | else | ||||
snprintf(pr->pr_name, sizeof(pr->pr_name), "%s.%s", | snprintf(pr->pr_name, sizeof(pr->pr_name), "%s.%s", | ||||
ppr->pr_name, namelc); | ppr->pr_name, namelc); | ||||
/* Change this component of child names. */ | /* Change this component of child names. */ | ||||
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { | FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { | ||||
▲ Show 20 Lines • Show All 462 Lines • ▼ Show 20 Lines | #endif | ||||
if (error != 0 && error != ENOENT) | if (error != 0 && error != ENOENT) | ||||
goto done; | goto done; | ||||
error = vfs_setopts(opts, "host.domainname", pr->pr_domainname); | error = vfs_setopts(opts, "host.domainname", pr->pr_domainname); | ||||
if (error != 0 && error != ENOENT) | if (error != 0 && error != ENOENT) | ||||
goto done; | goto done; | ||||
error = vfs_setopts(opts, "host.hostuuid", pr->pr_hostuuid); | error = vfs_setopts(opts, "host.hostuuid", pr->pr_hostuuid); | ||||
if (error != 0 && error != ENOENT) | if (error != 0 && error != ENOENT) | ||||
goto done; | goto done; | ||||
error = vfs_setopt(opts, "elf.fallback_brand", | |||||
&pr->pr_elf_fallback_brand, | |||||
sizeof(pr->pr_elf_fallback_brand)); | |||||
Not Done Inline ActionsIndentation of continuing lines should be by four spaces. markj: Indentation of continuing lines should be by four spaces. | |||||
if (error != 0 && error != ENOENT) | |||||
goto done; | |||||
#ifdef COMPAT_FREEBSD32 | #ifdef COMPAT_FREEBSD32 | ||||
if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { | if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { | ||||
uint32_t hid32 = pr->pr_hostid; | uint32_t hid32 = pr->pr_hostid; | ||||
error = vfs_setopt(opts, "host.hostid", &hid32, sizeof(hid32)); | error = vfs_setopt(opts, "host.hostid", &hid32, sizeof(hid32)); | ||||
} else | } else | ||||
#endif | #endif | ||||
error = vfs_setopt(opts, "host.hostid", &pr->pr_hostid, | error = vfs_setopt(opts, "host.hostid", &pr->pr_hostid, | ||||
▲ Show 20 Lines • Show All 2,050 Lines • ▼ Show 20 Lines | |||||
SYSCTL_JAIL_PARAM(, persist, CTLTYPE_INT | CTLFLAG_RW, | SYSCTL_JAIL_PARAM(, persist, CTLTYPE_INT | CTLFLAG_RW, | ||||
"B", "Jail persistence"); | "B", "Jail persistence"); | ||||
#ifdef VIMAGE | #ifdef VIMAGE | ||||
SYSCTL_JAIL_PARAM(, vnet, CTLTYPE_INT | CTLFLAG_RDTUN, | SYSCTL_JAIL_PARAM(, vnet, CTLTYPE_INT | CTLFLAG_RDTUN, | ||||
"E,jailsys", "Virtual network stack"); | "E,jailsys", "Virtual network stack"); | ||||
#endif | #endif | ||||
SYSCTL_JAIL_PARAM(, dying, CTLTYPE_INT | CTLFLAG_RD, | SYSCTL_JAIL_PARAM(, dying, CTLTYPE_INT | CTLFLAG_RD, | ||||
"B", "Jail is in the process of shutting down"); | "B", "Jail is in the process of shutting down"); | ||||
SYSCTL_JAIL_PARAM_NODE(elf, "Jail ABI"); | |||||
SYSCTL_JAIL_PARAM(_elf, fallback_brand, CTLTYPE_INT | CTLFLAG_RW, | |||||
"I", "ELF brand of last resort"); | |||||
SYSCTL_JAIL_PARAM_NODE(children, "Number of child jails"); | SYSCTL_JAIL_PARAM_NODE(children, "Number of child jails"); | ||||
SYSCTL_JAIL_PARAM(_children, cur, CTLTYPE_INT | CTLFLAG_RD, | SYSCTL_JAIL_PARAM(_children, cur, CTLTYPE_INT | CTLFLAG_RD, | ||||
"I", "Current number of child jails"); | "I", "Current number of child jails"); | ||||
SYSCTL_JAIL_PARAM(_children, max, CTLTYPE_INT | CTLFLAG_RW, | SYSCTL_JAIL_PARAM(_children, max, CTLTYPE_INT | CTLFLAG_RW, | ||||
"I", "Maximum number of child jails"); | "I", "Maximum number of child jails"); | ||||
SYSCTL_JAIL_PARAM_SYS_NODE(host, CTLFLAG_RW, "Jail host info"); | SYSCTL_JAIL_PARAM_SYS_NODE(host, CTLFLAG_RW, "Jail host info"); | ||||
▲ Show 20 Lines • Show All 513 Lines • Show Last 20 Lines |
This line is too long.