Changeset View
Changeset View
Standalone View
Standalone View
sys/sys/jail.h
Show All 24 Lines | |||||
* SUCH DAMAGE. | * SUCH DAMAGE. | ||||
* | * | ||||
* $FreeBSD$ | * $FreeBSD$ | ||||
*/ | */ | ||||
#ifndef _SYS_JAIL_H_ | #ifndef _SYS_JAIL_H_ | ||||
#define _SYS_JAIL_H_ | #define _SYS_JAIL_H_ | ||||
#if defined(_KERNEL) || defined(_WANT_PRISON) | |||||
#include <sys/pax.h> | |||||
#endif | |||||
#ifdef _KERNEL | #ifdef _KERNEL | ||||
struct jail_v0 { | struct jail_v0 { | ||||
u_int32_t version; | u_int32_t version; | ||||
char *path; | char *path; | ||||
char *hostname; | char *hostname; | ||||
u_int32_t ip_number; | u_int32_t ip_number; | ||||
}; | }; | ||||
#endif | #endif | ||||
▲ Show 20 Lines • Show All 138 Lines • ▼ Show 20 Lines | struct prison { | ||||
int pr_devfs_rsnum; /* (p) devfs ruleset */ | int pr_devfs_rsnum; /* (p) devfs ruleset */ | ||||
int pr_spare[4]; | int pr_spare[4]; | ||||
unsigned long pr_hostid; /* (p) jail hostid */ | unsigned long pr_hostid; /* (p) jail hostid */ | ||||
char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ | char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ | ||||
char pr_path[MAXPATHLEN]; /* (c) chroot path */ | char pr_path[MAXPATHLEN]; /* (c) chroot path */ | ||||
char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ | char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ | ||||
char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ | char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ | ||||
char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ | char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ | ||||
struct hardening_features pr_hardening; /* (p) PaX-inspired hardening features */ | |||||
rwatson: Elsewhere, you use "pax" in many variable and data-structure names; why not call this… | |||||
Not Done Inline ActionsSome of the hardening/exploit mitigation features we hope to upstream from HardenedBSD have nothing to do with PaX. pr_hardening makes the most sense when that is taken into account. lattera-gmail.com: Some of the hardening/exploit mitigation features we hope to upstream from HardenedBSD have… | |||||
}; | }; | ||||
struct prison_racct { | struct prison_racct { | ||||
LIST_ENTRY(prison_racct) prr_next; | LIST_ENTRY(prison_racct) prr_next; | ||||
char prr_name[MAXHOSTNAMELEN]; | char prr_name[MAXHOSTNAMELEN]; | ||||
u_int prr_refcount; | u_int prr_refcount; | ||||
struct racct *prr_racct; | struct racct *prr_racct; | ||||
}; | }; | ||||
▲ Show 20 Lines • Show All 214 Lines • Show Last 20 Lines |
Elsewhere, you use "pax" in many variable and data-structure names; why not call this pax_features and pr_pax?