Changeset View
Changeset View
Standalone View
Standalone View
head/sys/kern/kern_jail.c
Show First 20 Lines • Show All 105 Lines • ▼ Show 20 Lines | struct prison prison0 = { | ||||
.pr_childmax = JAIL_MAX, | .pr_childmax = JAIL_MAX, | ||||
.pr_hostuuid = DEFAULT_HOSTUUID, | .pr_hostuuid = DEFAULT_HOSTUUID, | ||||
.pr_children = LIST_HEAD_INITIALIZER(prison0.pr_children), | .pr_children = LIST_HEAD_INITIALIZER(prison0.pr_children), | ||||
#ifdef VIMAGE | #ifdef VIMAGE | ||||
.pr_flags = PR_HOST|PR_VNET|_PR_IP_SADDRSEL, | .pr_flags = PR_HOST|PR_VNET|_PR_IP_SADDRSEL, | ||||
#else | #else | ||||
.pr_flags = PR_HOST|_PR_IP_SADDRSEL, | .pr_flags = PR_HOST|_PR_IP_SADDRSEL, | ||||
#endif | #endif | ||||
.pr_allow = PR_ALLOW_ALL, | .pr_allow = PR_ALLOW_ALL_STATIC, | ||||
}; | }; | ||||
MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); | MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); | ||||
struct bool_flags { | struct bool_flags { | ||||
const char *name; | const char *name; | ||||
const char *noname; | const char *noname; | ||||
unsigned flag; | unsigned flag; | ||||
}; | }; | ||||
▲ Show 20 Lines • Show All 53 Lines • ▼ Show 20 Lines | #ifdef INET | ||||
{"ip4", PR_IP4_USER, PR_IP4_USER}, | {"ip4", PR_IP4_USER, PR_IP4_USER}, | ||||
#endif | #endif | ||||
#ifdef INET6 | #ifdef INET6 | ||||
{"ip6", PR_IP6_USER, PR_IP6_USER}, | {"ip6", PR_IP6_USER, PR_IP6_USER}, | ||||
#endif | #endif | ||||
}; | }; | ||||
const size_t pr_flag_jailsys_size = sizeof(pr_flag_jailsys); | const size_t pr_flag_jailsys_size = sizeof(pr_flag_jailsys); | ||||
static struct bool_flags pr_flag_allow[] = { | /* Make this array full-size so dynamic parameters can be added. */ | ||||
static struct bool_flags pr_flag_allow[NBBY * NBPW] = { | |||||
{"allow.set_hostname", "allow.noset_hostname", PR_ALLOW_SET_HOSTNAME}, | {"allow.set_hostname", "allow.noset_hostname", PR_ALLOW_SET_HOSTNAME}, | ||||
{"allow.sysvipc", "allow.nosysvipc", PR_ALLOW_SYSVIPC}, | {"allow.sysvipc", "allow.nosysvipc", PR_ALLOW_SYSVIPC}, | ||||
{"allow.raw_sockets", "allow.noraw_sockets", PR_ALLOW_RAW_SOCKETS}, | {"allow.raw_sockets", "allow.noraw_sockets", PR_ALLOW_RAW_SOCKETS}, | ||||
{"allow.chflags", "allow.nochflags", PR_ALLOW_CHFLAGS}, | {"allow.chflags", "allow.nochflags", PR_ALLOW_CHFLAGS}, | ||||
{"allow.mount", "allow.nomount", PR_ALLOW_MOUNT}, | {"allow.mount", "allow.nomount", PR_ALLOW_MOUNT}, | ||||
{"allow.quotas", "allow.noquotas", PR_ALLOW_QUOTAS}, | {"allow.quotas", "allow.noquotas", PR_ALLOW_QUOTAS}, | ||||
{"allow.socket_af", "allow.nosocket_af", PR_ALLOW_SOCKET_AF}, | {"allow.socket_af", "allow.nosocket_af", PR_ALLOW_SOCKET_AF}, | ||||
{"allow.mount.devfs", "allow.mount.nodevfs", PR_ALLOW_MOUNT_DEVFS}, | |||||
{"allow.mount.nullfs", "allow.mount.nonullfs", PR_ALLOW_MOUNT_NULLFS}, | |||||
{"allow.mount.zfs", "allow.mount.nozfs", PR_ALLOW_MOUNT_ZFS}, | |||||
{"allow.mount.procfs", "allow.mount.noprocfs", PR_ALLOW_MOUNT_PROCFS}, | |||||
{"allow.mount.tmpfs", "allow.mount.notmpfs", PR_ALLOW_MOUNT_TMPFS}, | |||||
{"allow.mount.fdescfs", "allow.mount.nofdescfs", | |||||
PR_ALLOW_MOUNT_FDESCFS}, | |||||
{"allow.mount.linprocfs", "allow.mount.nolinprocfs", | |||||
PR_ALLOW_MOUNT_LINPROCFS}, | |||||
{"allow.mount.linsysfs", "allow.mount.nolinsysfs", | |||||
PR_ALLOW_MOUNT_LINSYSFS}, | |||||
{"allow.reserved_ports", "allow.noreserved_ports", | {"allow.reserved_ports", "allow.noreserved_ports", | ||||
PR_ALLOW_RESERVED_PORTS}, | PR_ALLOW_RESERVED_PORTS}, | ||||
}; | }; | ||||
const size_t pr_flag_allow_size = sizeof(pr_flag_allow); | const size_t pr_flag_allow_size = sizeof(pr_flag_allow); | ||||
#define JAIL_DEFAULT_ALLOW (PR_ALLOW_SET_HOSTNAME | PR_ALLOW_RESERVED_PORTS) | #define JAIL_DEFAULT_ALLOW (PR_ALLOW_SET_HOSTNAME | PR_ALLOW_RESERVED_PORTS) | ||||
#define JAIL_DEFAULT_ENFORCE_STATFS 2 | #define JAIL_DEFAULT_ENFORCE_STATFS 2 | ||||
#define JAIL_DEFAULT_DEVFS_RSNUM 0 | #define JAIL_DEFAULT_DEVFS_RSNUM 0 | ||||
▲ Show 20 Lines • Show All 102 Lines • ▼ Show 20 Lines | #endif | ||||
opt.uio_resid = -1; | opt.uio_resid = -1; | ||||
opt.uio_segflg = UIO_SYSSPACE; | opt.uio_segflg = UIO_SYSSPACE; | ||||
opt.uio_rw = UIO_READ; | opt.uio_rw = UIO_READ; | ||||
opt.uio_td = td; | opt.uio_td = td; | ||||
/* Set permissions for top-level jails from sysctls. */ | /* Set permissions for top-level jails from sysctls. */ | ||||
if (!jailed(td->td_ucred)) { | if (!jailed(td->td_ucred)) { | ||||
for (bf = pr_flag_allow; | for (bf = pr_flag_allow; | ||||
bf < pr_flag_allow + nitems(pr_flag_allow); | bf < pr_flag_allow + nitems(pr_flag_allow) && | ||||
bf->flag != 0; | |||||
bf++) { | bf++) { | ||||
optiov[opt.uio_iovcnt].iov_base = __DECONST(char *, | optiov[opt.uio_iovcnt].iov_base = __DECONST(char *, | ||||
(jail_default_allow & bf->flag) | (jail_default_allow & bf->flag) | ||||
? bf->name : bf->noname); | ? bf->name : bf->noname); | ||||
optiov[opt.uio_iovcnt].iov_len = | optiov[opt.uio_iovcnt].iov_len = | ||||
strlen(optiov[opt.uio_iovcnt].iov_base) + 1; | strlen(optiov[opt.uio_iovcnt].iov_base) + 1; | ||||
opt.uio_iovcnt += 2; | opt.uio_iovcnt += 2; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 319 Lines • ▼ Show 20 Lines | if ((flags & JAIL_UPDATE) && (ch_flags & PR_IP6_USER)) { | ||||
error = EINVAL; | error = EINVAL; | ||||
vfs_opterror(opts, "ip6 cannot be changed after creation"); | vfs_opterror(opts, "ip6 cannot be changed after creation"); | ||||
goto done_errmsg; | goto done_errmsg; | ||||
} | } | ||||
#endif | #endif | ||||
pr_allow = ch_allow = 0; | pr_allow = ch_allow = 0; | ||||
for (bf = pr_flag_allow; | for (bf = pr_flag_allow; | ||||
bf < pr_flag_allow + nitems(pr_flag_allow); | bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0; | ||||
bf++) { | bf++) { | ||||
vfs_flagopt(opts, bf->name, &pr_allow, bf->flag); | vfs_flagopt(opts, bf->name, &pr_allow, bf->flag); | ||||
vfs_flagopt(opts, bf->noname, &ch_allow, bf->flag); | vfs_flagopt(opts, bf->noname, &ch_allow, bf->flag); | ||||
} | } | ||||
ch_allow |= pr_allow; | ch_allow |= pr_allow; | ||||
error = vfs_getopt(opts, "name", (void **)&name, &len); | error = vfs_getopt(opts, "name", (void **)&name, &len); | ||||
if (error == ENOENT) | if (error == ENOENT) | ||||
▲ Show 20 Lines • Show All 1,444 Lines • ▼ Show 20 Lines | for (jsf = pr_flag_jailsys; | ||||
i = (f != 0 && f == jsf->disable) ? JAIL_SYS_DISABLE | i = (f != 0 && f == jsf->disable) ? JAIL_SYS_DISABLE | ||||
: (f == jsf->new) ? JAIL_SYS_NEW | : (f == jsf->new) ? JAIL_SYS_NEW | ||||
: JAIL_SYS_INHERIT; | : JAIL_SYS_INHERIT; | ||||
error = vfs_setopt(opts, jsf->name, &i, sizeof(i)); | error = vfs_setopt(opts, jsf->name, &i, sizeof(i)); | ||||
if (error != 0 && error != ENOENT) | if (error != 0 && error != ENOENT) | ||||
goto done_deref; | goto done_deref; | ||||
} | } | ||||
for (bf = pr_flag_allow; | for (bf = pr_flag_allow; | ||||
bf < pr_flag_allow + nitems(pr_flag_allow); | bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0; | ||||
bf++) { | bf++) { | ||||
i = (pr->pr_allow & bf->flag) ? 1 : 0; | i = (pr->pr_allow & bf->flag) ? 1 : 0; | ||||
error = vfs_setopt(opts, bf->name, &i, sizeof(i)); | error = vfs_setopt(opts, bf->name, &i, sizeof(i)); | ||||
if (error != 0 && error != ENOENT) | if (error != 0 && error != ENOENT) | ||||
goto done_deref; | goto done_deref; | ||||
i = !i; | i = !i; | ||||
error = vfs_setopt(opts, bf->noname, &i, sizeof(i)); | error = vfs_setopt(opts, bf->noname, &i, sizeof(i)); | ||||
if (error != 0 && error != ENOENT) | if (error != 0 && error != ENOENT) | ||||
▲ Show 20 Lines • Show All 1,483 Lines • ▼ Show 20 Lines | |||||
SYSCTL_PROC(_security_jail, OID_AUTO, chflags_allowed, | SYSCTL_PROC(_security_jail, OID_AUTO, chflags_allowed, | ||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | ||||
NULL, PR_ALLOW_CHFLAGS, sysctl_jail_default_allow, "I", | NULL, PR_ALLOW_CHFLAGS, sysctl_jail_default_allow, "I", | ||||
"Processes in jail can alter system file flags (deprecated)"); | "Processes in jail can alter system file flags (deprecated)"); | ||||
SYSCTL_PROC(_security_jail, OID_AUTO, mount_allowed, | SYSCTL_PROC(_security_jail, OID_AUTO, mount_allowed, | ||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | ||||
NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I", | NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I", | ||||
"Processes in jail can mount/unmount jail-friendly file systems (deprecated)"); | "Processes in jail can mount/unmount jail-friendly file systems (deprecated)"); | ||||
SYSCTL_PROC(_security_jail, OID_AUTO, mount_devfs_allowed, | |||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, PR_ALLOW_MOUNT_DEVFS, sysctl_jail_default_allow, "I", | |||||
"Processes in jail can mount the devfs file system (deprecated)"); | |||||
SYSCTL_PROC(_security_jail, OID_AUTO, mount_fdescfs_allowed, | |||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, PR_ALLOW_MOUNT_FDESCFS, sysctl_jail_default_allow, "I", | |||||
"Processes in jail can mount the fdescfs file system (deprecated)"); | |||||
SYSCTL_PROC(_security_jail, OID_AUTO, mount_nullfs_allowed, | |||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, PR_ALLOW_MOUNT_NULLFS, sysctl_jail_default_allow, "I", | |||||
"Processes in jail can mount the nullfs file system (deprecated)"); | |||||
SYSCTL_PROC(_security_jail, OID_AUTO, mount_procfs_allowed, | |||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I", | |||||
"Processes in jail can mount the procfs file system (deprecated)"); | |||||
SYSCTL_PROC(_security_jail, OID_AUTO, mount_linprocfs_allowed, | |||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, PR_ALLOW_MOUNT_LINPROCFS, sysctl_jail_default_allow, "I", | |||||
"Processes in jail can mount the linprocfs file system (deprecated)"); | |||||
SYSCTL_PROC(_security_jail, OID_AUTO, mount_linsysfs_allowed, | |||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, PR_ALLOW_MOUNT_LINSYSFS, sysctl_jail_default_allow, "I", | |||||
"Processes in jail can mount the linsysfs file system (deprecated)"); | |||||
SYSCTL_PROC(_security_jail, OID_AUTO, mount_tmpfs_allowed, | |||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, PR_ALLOW_MOUNT_TMPFS, sysctl_jail_default_allow, "I", | |||||
"Processes in jail can mount the tmpfs file system (deprecated)"); | |||||
SYSCTL_PROC(_security_jail, OID_AUTO, mount_zfs_allowed, | |||||
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, PR_ALLOW_MOUNT_ZFS, sysctl_jail_default_allow, "I", | |||||
"Processes in jail can mount the zfs file system (deprecated)"); | |||||
static int | static int | ||||
sysctl_jail_default_level(SYSCTL_HANDLER_ARGS) | sysctl_jail_default_level(SYSCTL_HANDLER_ARGS) | ||||
{ | { | ||||
struct prison *pr; | struct prison *pr; | ||||
int level, error; | int level, error; | ||||
pr = req->td->td_ucred->cr_prison; | pr = req->td->td_ucred->cr_prison; | ||||
▲ Show 20 Lines • Show All 136 Lines • ▼ Show 20 Lines | |||||
SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW, | SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW, | ||||
"B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route"); | "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route"); | ||||
SYSCTL_JAIL_PARAM(_allow, reserved_ports, CTLTYPE_INT | CTLFLAG_RW, | SYSCTL_JAIL_PARAM(_allow, reserved_ports, CTLTYPE_INT | CTLFLAG_RW, | ||||
"B", "Jail may bind sockets to reserved ports"); | "B", "Jail may bind sockets to reserved ports"); | ||||
SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags"); | SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags"); | ||||
SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, | SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, | ||||
"B", "Jail may mount/unmount jail-friendly file systems in general"); | "B", "Jail may mount/unmount jail-friendly file systems in general"); | ||||
SYSCTL_JAIL_PARAM(_allow_mount, devfs, CTLTYPE_INT | CTLFLAG_RW, | |||||
"B", "Jail may mount the devfs file system"); | |||||
SYSCTL_JAIL_PARAM(_allow_mount, fdescfs, CTLTYPE_INT | CTLFLAG_RW, | |||||
"B", "Jail may mount the fdescfs file system"); | |||||
SYSCTL_JAIL_PARAM(_allow_mount, nullfs, CTLTYPE_INT | CTLFLAG_RW, | |||||
"B", "Jail may mount the nullfs file system"); | |||||
SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, | |||||
"B", "Jail may mount the procfs file system"); | |||||
SYSCTL_JAIL_PARAM(_allow_mount, linprocfs, CTLTYPE_INT | CTLFLAG_RW, | |||||
"B", "Jail may mount the linprocfs file system"); | |||||
SYSCTL_JAIL_PARAM(_allow_mount, linsysfs, CTLTYPE_INT | CTLFLAG_RW, | |||||
"B", "Jail may mount the linsysfs file system"); | |||||
SYSCTL_JAIL_PARAM(_allow_mount, tmpfs, CTLTYPE_INT | CTLFLAG_RW, | |||||
"B", "Jail may mount the tmpfs file system"); | |||||
SYSCTL_JAIL_PARAM(_allow_mount, zfs, CTLTYPE_INT | CTLFLAG_RW, | |||||
"B", "Jail may mount the zfs file system"); | |||||
/* | |||||
* The VFS system will register jail-aware filesystems here. They each get | |||||
* a parameter allow.mount.xxxfs and a flag to check when a jailed user | |||||
* attempts to mount. | |||||
*/ | |||||
void | |||||
prison_add_vfs(struct vfsconf *vfsp) | |||||
{ | |||||
char *allow_name, *allow_noname, *mount_allowed; | |||||
struct bool_flags *bf; | |||||
#ifndef NO_SYSCTL_DESCR | |||||
char *descr; | |||||
#endif | |||||
unsigned allow_flag; | |||||
if (asprintf(&allow_name, M_PRISON, "allow.mount.%s", vfsp->vfc_name) < | |||||
0 || asprintf(&allow_noname, M_PRISON, "allow.mount.no%s", | |||||
vfsp->vfc_name) < 0) { | |||||
free(allow_name, M_PRISON); | |||||
return; | |||||
} | |||||
/* | |||||
* See if this parameter has already beed added, i.e. if the filesystem | |||||
* was previously loaded/unloaded. | |||||
*/ | |||||
mtx_lock(&prison0.pr_mtx); | |||||
for (bf = pr_flag_allow; | |||||
bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0; | |||||
bf++) { | |||||
if (strcmp(bf->name, allow_name) == 0) { | |||||
vfsp->vfc_prison_flag = bf->flag; | |||||
goto no_add; | |||||
} | |||||
} | |||||
/* | |||||
* Find a free bit in prison0's pr_allow, failing if there are none | |||||
* (which shouldn't happen as long as we keep track of how many | |||||
* filesystems are jail-aware). | |||||
*/ | |||||
for (allow_flag = 1;; allow_flag <<= 1) { | |||||
if (allow_flag == 0) | |||||
goto no_add; | |||||
if ((prison0.pr_allow & allow_flag) == 0) | |||||
break; | |||||
} | |||||
/* | |||||
* Note the parameter in the next open slot in pr_flag_allow. | |||||
* Set the flag last so code that checks pr_flag_allow can do so | |||||
* without locking. | |||||
*/ | |||||
for (bf = pr_flag_allow; bf->flag != 0; bf++) | |||||
if (bf == pr_flag_allow + nitems(pr_flag_allow)) { | |||||
/* This should never happen, but is not fatal. */ | |||||
goto no_add; | |||||
} | |||||
prison0.pr_allow |= allow_flag; | |||||
bf->name = allow_name; | |||||
bf->noname = allow_noname; | |||||
bf->flag = allow_flag; | |||||
vfsp->vfc_prison_flag = allow_flag; | |||||
mtx_unlock(&prison0.pr_mtx); | |||||
/* | |||||
* Create sysctls for the paramter, and the back-compat global | |||||
* permission. | |||||
*/ | |||||
#ifndef NO_SYSCTL_DESCR | |||||
(void)asprintf(&descr, M_TEMP, "Jail may mount the %s file system", | |||||
vfsp->vfc_name); | |||||
#endif | |||||
(void)SYSCTL_ADD_PROC(NULL, | |||||
SYSCTL_CHILDREN(&sysctl___security_jail_param_allow_mount), | |||||
OID_AUTO, vfsp->vfc_name, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, 0, sysctl_jail_param, "B", descr); | |||||
#ifndef NO_SYSCTL_DESCR | |||||
free(descr, M_TEMP); | |||||
#endif | |||||
if (asprintf(&mount_allowed, M_TEMP, "mount_%s_allowed", | |||||
vfsp->vfc_name) >= 0) { | |||||
#ifndef NO_SYSCTL_DESCR | |||||
(void)asprintf(&descr, M_TEMP, | |||||
"Processes in jail can mount the %s file system (deprecated)", | |||||
vfsp->vfc_name); | |||||
#endif | |||||
(void)SYSCTL_ADD_PROC(NULL, | |||||
SYSCTL_CHILDREN(&sysctl___security_jail), OID_AUTO, | |||||
mount_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, | |||||
NULL, allow_flag, sysctl_jail_default_allow, "I", descr); | |||||
#ifndef NO_SYSCTL_DESCR | |||||
free(descr, M_TEMP); | |||||
#endif | |||||
free(mount_allowed, M_TEMP); | |||||
} | |||||
return; | |||||
no_add: | |||||
mtx_unlock(&prison0.pr_mtx); | |||||
free(allow_name, M_PRISON); | |||||
free(allow_noname, M_PRISON); | |||||
} | |||||
#ifdef RACCT | #ifdef RACCT | ||||
void | void | ||||
prison_racct_foreach(void (*callback)(struct racct *racct, | prison_racct_foreach(void (*callback)(struct racct *racct, | ||||
void *arg2, void *arg3), void (*pre)(void), void (*post)(void), | void *arg2, void *arg3), void (*pre)(void), void (*post)(void), | ||||
void *arg2, void *arg3) | void *arg2, void *arg3) | ||||
{ | { | ||||
struct prison_racct *prr; | struct prison_racct *prr; | ||||
▲ Show 20 Lines • Show All 218 Lines • ▼ Show 20 Lines | for (jsf = pr_flag_jailsys; | ||||
f = pr->pr_flags & (jsf->disable | jsf->new); | f = pr->pr_flags & (jsf->disable | jsf->new); | ||||
db_printf(" %-16s= %s\n", jsf->name, | db_printf(" %-16s= %s\n", jsf->name, | ||||
(f != 0 && f == jsf->disable) ? "disable" | (f != 0 && f == jsf->disable) ? "disable" | ||||
: (f == jsf->new) ? "new" | : (f == jsf->new) ? "new" | ||||
: "inherit"); | : "inherit"); | ||||
} | } | ||||
db_printf(" allow = 0x%x", pr->pr_allow); | db_printf(" allow = 0x%x", pr->pr_allow); | ||||
for (bf = pr_flag_allow; | for (bf = pr_flag_allow; | ||||
bf < pr_flag_allow + nitems(pr_flag_allow); | bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0; | ||||
bf++) | bf++) | ||||
if (pr->pr_allow & bf->flag) | if (pr->pr_allow & bf->flag) | ||||
db_printf(" %s", bf->name); | db_printf(" %s", bf->name); | ||||
db_printf("\n"); | db_printf("\n"); | ||||
db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs); | db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs); | ||||
db_printf(" host.hostname = %s\n", pr->pr_hostname); | db_printf(" host.hostname = %s\n", pr->pr_hostname); | ||||
db_printf(" host.domainname = %s\n", pr->pr_domainname); | db_printf(" host.domainname = %s\n", pr->pr_domainname); | ||||
db_printf(" host.hostuuid = %s\n", pr->pr_hostuuid); | db_printf(" host.hostuuid = %s\n", pr->pr_hostuuid); | ||||
▲ Show 20 Lines • Show All 57 Lines • Show Last 20 Lines |