Changeset View
Changeset View
Standalone View
Standalone View
sys/sys/jail.h
Show First 20 Lines • Show All 178 Lines • ▼ Show 20 Lines | struct prison { | ||||
int pr_devfs_rsnum; /* (p) devfs ruleset */ | int pr_devfs_rsnum; /* (p) devfs ruleset */ | ||||
int pr_spare[4]; | int pr_spare[4]; | ||||
unsigned long pr_hostid; /* (p) jail hostid */ | unsigned long pr_hostid; /* (p) jail hostid */ | ||||
char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ | char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ | ||||
char pr_path[MAXPATHLEN]; /* (c) chroot path */ | char pr_path[MAXPATHLEN]; /* (c) chroot path */ | ||||
char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ | char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ | ||||
char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ | char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ | ||||
char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ | char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ | ||||
/* Lock only needed for pax_* if pr_pax_set == 0 */ | |||||
rwatson: Elsewhere, you use "pax" in many variable and data-structure names; why not call this… | |||||
Not Done Inline ActionsSome of the hardening/exploit mitigation features we hope to upstream from HardenedBSD have nothing to do with PaX. pr_hardening makes the most sense when that is taken into account. lattera-gmail.com: Some of the hardening/exploit mitigation features we hope to upstream from HardenedBSD have… | |||||
int pr_pax_set; /* (p) PaX settings initialized */ | |||||
int pr_pax_aslr_status; /* (p) PaX ASLR enabled */ | |||||
int pr_pax_aslr_debug; /* (p) PaX ASLR debug */ | |||||
int pr_pax_aslr_mmap_len; /* (p) Number of bits randomized with mmap */ | |||||
int pr_pax_aslr_stack_len; /* (p) Number of bits randomized with stack */ | |||||
int pr_pax_aslr_exec_len; /* (p) Number of bits randomized with the execbase */ | |||||
int pr_pax_aslr_compat_status; /* (p) PaX ASLR enabled (compat32) */ | |||||
int pr_pax_aslr_compat_mmap_len; /* (p) Number of bits randomized with mmap (compat32) */ | |||||
int pr_pax_aslr_compat_stack_len; /* (p) Number of bits randomized with stack (compat32) */ | |||||
int pr_pax_aslr_compat_exec_len; /* (p) Number of bits randomized with the execbase (compat32) */ | |||||
}; | }; | ||||
struct prison_racct { | struct prison_racct { | ||||
LIST_ENTRY(prison_racct) prr_next; | LIST_ENTRY(prison_racct) prr_next; | ||||
char prr_name[MAXHOSTNAMELEN]; | char prr_name[MAXHOSTNAMELEN]; | ||||
u_int prr_refcount; | u_int prr_refcount; | ||||
struct racct *prr_racct; | struct racct *prr_racct; | ||||
}; | }; | ||||
▲ Show 20 Lines • Show All 215 Lines • Show Last 20 Lines |
Elsewhere, you use "pax" in many variable and data-structure names; why not call this pax_features and pr_pax?