Changeset View
Changeset View
Standalone View
Standalone View
sys/sys/jail.h
Show First 20 Lines • Show All 82 Lines • ▼ Show 20 Lines | #if 0 | ||||
* IPv4 and IPv6 addesses. Offsets are based numbers of addresses. | * IPv4 and IPv6 addesses. Offsets are based numbers of addresses. | ||||
*/ | */ | ||||
struct in_addr pr_ip4[]; | struct in_addr pr_ip4[]; | ||||
struct in6_addr pr_ip6[]; | struct in6_addr pr_ip6[]; | ||||
#endif | #endif | ||||
}; | }; | ||||
#define XPRISON_VERSION 3 | #define XPRISON_VERSION 3 | ||||
#define PRISON_STATE_INVALID 0 | enum prison_state { | ||||
#define PRISON_STATE_ALIVE 1 | PRISON_STATE_INVALID = 0, /* New prison, not ready to be seen */ | ||||
#define PRISON_STATE_DYING 2 | PRISON_STATE_ALIVE, /* Current prison, visible to all */ | ||||
PRISON_STATE_DYING /* Removed, but holding resources, */ | |||||
}; /* optionally visible. */ | |||||
/* | /* | ||||
* Flags for jail_set and jail_get. | * Flags for jail_set and jail_get. | ||||
*/ | */ | ||||
#define JAIL_CREATE 0x01 /* Create jail if it doesn't exist */ | #define JAIL_CREATE 0x01 /* Create jail if it doesn't exist */ | ||||
#define JAIL_UPDATE 0x02 /* Update parameters of existing jail */ | #define JAIL_UPDATE 0x02 /* Update parameters of existing jail */ | ||||
#define JAIL_ATTACH 0x04 /* Attach to jail upon creation */ | #define JAIL_ATTACH 0x04 /* Attach to jail upon creation */ | ||||
#define JAIL_DYING 0x08 /* Allow getting a dying jail */ | #define JAIL_DYING 0x08 /* Allow getting a dying jail */ | ||||
#define JAIL_SET_MASK 0x0f | #define JAIL_SET_MASK 0x0f /* JAIL_DYING is deprecated/ignored here */ | ||||
#define JAIL_GET_MASK 0x08 | #define JAIL_GET_MASK 0x08 | ||||
#define JAIL_SYS_DISABLE 0 | #define JAIL_SYS_DISABLE 0 | ||||
#define JAIL_SYS_NEW 1 | #define JAIL_SYS_NEW 1 | ||||
#define JAIL_SYS_INHERIT 2 | #define JAIL_SYS_INHERIT 2 | ||||
#ifndef _KERNEL | #ifndef _KERNEL | ||||
Show All 39 Lines | |||||
* | * | ||||
* Lock key: | * Lock key: | ||||
* (a) allprison_lock | * (a) allprison_lock | ||||
* (c) set only during creation before the structure is shared, no mutex | * (c) set only during creation before the structure is shared, no mutex | ||||
* required to read | * required to read | ||||
* (m) locked by pr_mtx | * (m) locked by pr_mtx | ||||
* (p) locked by pr_mtx, and also at least shared allprison_lock required | * (p) locked by pr_mtx, and also at least shared allprison_lock required | ||||
* to update | * to update | ||||
* (r) atomic via refcount(9), pr_mtx required to decrement to zero | * (q) locked both pr_mtx and allprison_lock | ||||
* (r) atomic via refcount(9), pr_mtx and allprison_lock required to | |||||
* decrement to zero | |||||
*/ | */ | ||||
struct prison { | struct prison { | ||||
TAILQ_ENTRY(prison) pr_list; /* (a) all prisons */ | TAILQ_ENTRY(prison) pr_list; /* (a) all prisons */ | ||||
int pr_id; /* (c) prison id */ | int pr_id; /* (c) prison id */ | ||||
volatile u_int pr_ref; /* (r) refcount */ | volatile u_int pr_ref; /* (r) refcount */ | ||||
volatile u_int pr_uref; /* (r) user (alive) refcount */ | volatile u_int pr_uref; /* (r) user (alive) refcount */ | ||||
unsigned pr_flags; /* (p) PR_* flags */ | unsigned pr_flags; /* (p) PR_* flags */ | ||||
LIST_HEAD(, prison) pr_children; /* (a) list of child jails */ | LIST_HEAD(, prison) pr_children; /* (a) list of child jails */ | ||||
LIST_ENTRY(prison) pr_sibling; /* (a) next in parent's list */ | LIST_ENTRY(prison) pr_sibling; /* (a) next in parent's list */ | ||||
struct prison *pr_parent; /* (c) containing jail */ | struct prison *pr_parent; /* (c) containing jail */ | ||||
struct mtx pr_mtx; | struct mtx pr_mtx; | ||||
struct task pr_task; /* (c) destroy task */ | struct task pr_task; /* (c) destroy task */ | ||||
struct osd pr_osd; /* (p) additional data */ | struct osd pr_osd; /* (p) additional data */ | ||||
struct cpuset *pr_cpuset; /* (p) cpuset */ | struct cpuset *pr_cpuset; /* (p) cpuset */ | ||||
struct vnet *pr_vnet; /* (c) network stack */ | struct vnet *pr_vnet; /* (c) network stack */ | ||||
struct vnode *pr_root; /* (c) vnode to rdir */ | struct vnode *pr_root; /* (c) vnode to rdir */ | ||||
int pr_ip4s; /* (p) number of v4 IPs */ | int pr_ip4s; /* (p) number of v4 IPs */ | ||||
int pr_ip6s; /* (p) number of v6 IPs */ | int pr_ip6s; /* (p) number of v6 IPs */ | ||||
struct in_addr *pr_ip4; /* (p) v4 IPs of jail */ | struct in_addr *pr_ip4; /* (p) v4 IPs of jail */ | ||||
struct in6_addr *pr_ip6; /* (p) v6 IPs of jail */ | struct in6_addr *pr_ip6; /* (p) v6 IPs of jail */ | ||||
struct prison_racct *pr_prison_racct; /* (c) racct jail proxy */ | struct prison_racct *pr_prison_racct; /* (c) racct jail proxy */ | ||||
void *pr_sparep[3]; | void *pr_sparep[3]; | ||||
int pr_childcount; /* (a) number of child jails */ | int pr_childcount; /* (a) number of child jails */ | ||||
int pr_childmax; /* (p) maximum child jails */ | int pr_childmax; /* (a) maximum child jails */ | ||||
unsigned pr_allow; /* (p) PR_ALLOW_* flags */ | unsigned pr_allow; /* (p) PR_ALLOW_* flags */ | ||||
int pr_securelevel; /* (p) securelevel */ | int pr_securelevel; /* (p) securelevel */ | ||||
int pr_enforce_statfs; /* (p) statfs permission */ | int pr_enforce_statfs; /* (p) statfs permission */ | ||||
int pr_devfs_rsnum; /* (p) devfs ruleset */ | int pr_devfs_rsnum; /* (p) devfs ruleset */ | ||||
int pr_spare[3]; | enum prison_state pr_state; /* (q) state in life cycle */ | ||||
int pr_spare[2]; | |||||
int pr_osreldate; /* (c) kern.osreldate value */ | int pr_osreldate; /* (c) kern.osreldate value */ | ||||
unsigned long pr_hostid; /* (p) jail hostid */ | unsigned long pr_hostid; /* (p) jail hostid */ | ||||
char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ | char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ | ||||
char pr_path[MAXPATHLEN]; /* (c) chroot path */ | char pr_path[MAXPATHLEN]; /* (c) chroot path */ | ||||
char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ | char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ | ||||
char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ | char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ | ||||
char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ | char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ | ||||
char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */ | char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */ | ||||
Show All 15 Lines | |||||
#define PR_IP6_USER 0x00000008 /* Restrict IPv6 addresses */ | #define PR_IP6_USER 0x00000008 /* Restrict IPv6 addresses */ | ||||
#define PR_VNET 0x00000010 /* Virtual network stack */ | #define PR_VNET 0x00000010 /* Virtual network stack */ | ||||
#define PR_IP4_SADDRSEL 0x00000080 /* Do IPv4 src addr sel. or use the */ | #define PR_IP4_SADDRSEL 0x00000080 /* Do IPv4 src addr sel. or use the */ | ||||
/* primary jail address. */ | /* primary jail address. */ | ||||
#define PR_IP6_SADDRSEL 0x00000100 /* Do IPv6 src addr sel. or use the */ | #define PR_IP6_SADDRSEL 0x00000100 /* Do IPv6 src addr sel. or use the */ | ||||
/* primary jail address. */ | /* primary jail address. */ | ||||
/* Internal flag bits */ | /* Internal flag bits */ | ||||
#define PR_REMOVE 0x01000000 /* In process of being removed */ | |||||
#define PR_IP4 0x02000000 /* IPv4 restricted or disabled */ | #define PR_IP4 0x02000000 /* IPv4 restricted or disabled */ | ||||
/* by this jail or an ancestor */ | /* by this jail or an ancestor */ | ||||
#define PR_IP6 0x04000000 /* IPv6 restricted or disabled */ | #define PR_IP6 0x04000000 /* IPv6 restricted or disabled */ | ||||
/* by this jail or an ancestor */ | /* by this jail or an ancestor */ | ||||
/* | /* | ||||
* Flags for pr_allow | * Flags for pr_allow | ||||
* Bits not noted here may be used for dynamic allow.mount.xxxfs. | * Bits not noted here may be used for dynamic allow.mount.xxxfs. | ||||
▲ Show 20 Lines • Show All 100 Lines • ▼ Show 20 Lines | for ((cpr) = (ppr), (descend) = 1, (level) = 0; \ | ||||
? NULL \ | ? NULL \ | ||||
: ((prison_unlock(cpr), \ | : ((prison_unlock(cpr), \ | ||||
(descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ | (descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ | ||||
? LIST_NEXT(cpr, pr_sibling) \ | ? LIST_NEXT(cpr, pr_sibling) \ | ||||
: (level--, (cpr)->pr_parent)))));) \ | : (level--, (cpr)->pr_parent)))));) \ | ||||
if ((descend) ? (prison_lock(cpr), 0) : 1) \ | if ((descend) ? (prison_lock(cpr), 0) : 1) \ | ||||
; \ | ; \ | ||||
else | else | ||||
/* | |||||
* As FOREACH_PRISON_DESCENDANT, but visit both preorder and postorder. | |||||
*/ | |||||
#define FOREACH_PRISON_DESCENDANT_PRE_POST(ppr, cpr, descend) \ | |||||
for ((cpr) = (ppr), (descend) = 1; \ | |||||
((cpr) = (descend) \ | |||||
? ((descend) = !LIST_EMPTY(&(cpr)->pr_children)) \ | |||||
? LIST_FIRST(&(cpr)->pr_children) \ | |||||
: (cpr) \ | |||||
: ((descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ | |||||
? LIST_NEXT(cpr, pr_sibling) \ | |||||
: cpr->pr_parent) != (ppr);) | |||||
/* | /* | ||||
* Attributes of the physical system, and the root of the jail tree. | * Attributes of the physical system, and the root of the jail tree. | ||||
*/ | */ | ||||
extern struct prison prison0; | extern struct prison prison0; | ||||
TAILQ_HEAD(prisonlist, prison); | TAILQ_HEAD(prisonlist, prison); | ||||
extern struct prisonlist allprison; | extern struct prisonlist allprison; | ||||
▲ Show 20 Lines • Show All 107 Lines • Show Last 20 Lines |