2005-01-06 23:35:40 +00:00
|
|
|
/*-
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
* Copyright (c) 1999 Poul-Henning Kamp.
|
|
|
|
* Copyright (c) 2008 Bjoern A. Zeeb.
|
2009-04-29 21:14:15 +00:00
|
|
|
* Copyright (c) 2009 James Gritton.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
* All rights reserved.
|
2009-03-27 13:13:59 +00:00
|
|
|
*
|
2008-11-28 19:23:46 +00:00
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
1999-04-30 06:51:51 +00:00
|
|
|
*/
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
|
2003-06-11 00:56:59 +00:00
|
|
|
#include <sys/cdefs.h>
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
2009-05-29 21:27:12 +00:00
|
|
|
#include "opt_compat.h"
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#include "opt_ddb.h"
|
|
|
|
#include "opt_inet.h"
|
|
|
|
#include "opt_inet6.h"
|
2004-06-27 09:03:22 +00:00
|
|
|
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
#include <sys/param.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/kernel.h>
|
|
|
|
#include <sys/systm.h>
|
|
|
|
#include <sys/errno.h>
|
|
|
|
#include <sys/sysproto.h>
|
|
|
|
#include <sys/malloc.h>
|
2009-05-27 14:11:23 +00:00
|
|
|
#include <sys/osd.h>
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
#include <sys/priv.h>
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
#include <sys/proc.h>
|
2004-01-23 20:44:26 +00:00
|
|
|
#include <sys/taskqueue.h>
|
2008-03-31 12:01:21 +00:00
|
|
|
#include <sys/fcntl.h>
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
#include <sys/jail.h>
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
#include <sys/lock.h>
|
|
|
|
#include <sys/mutex.h>
|
2007-04-05 23:19:13 +00:00
|
|
|
#include <sys/sx.h>
|
2009-05-29 21:27:12 +00:00
|
|
|
#include <sys/sysent.h>
|
2003-04-09 02:55:18 +00:00
|
|
|
#include <sys/namei.h>
|
2005-06-09 18:49:19 +00:00
|
|
|
#include <sys/mount.h>
|
2003-04-09 02:55:18 +00:00
|
|
|
#include <sys/queue.h>
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
#include <sys/socket.h>
|
2003-04-09 02:55:18 +00:00
|
|
|
#include <sys/syscallsubr.h>
|
2000-02-12 13:41:56 +00:00
|
|
|
#include <sys/sysctl.h>
|
2003-04-09 02:55:18 +00:00
|
|
|
#include <sys/vnode.h>
|
Commit step 1 of the vimage project, (network stack)
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
2008-08-17 23:27:27 +00:00
|
|
|
#include <sys/vimage.h>
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
#include <net/if.h>
|
|
|
|
#include <netinet/in.h>
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef DDB
|
|
|
|
#include <ddb/ddb.h>
|
|
|
|
#ifdef INET6
|
|
|
|
#include <netinet6/in6_var.h>
|
|
|
|
#endif /* INET6 */
|
|
|
|
#endif /* DDB */
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
|
2006-10-22 11:52:19 +00:00
|
|
|
#include <security/mac/mac_framework.h>
|
|
|
|
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/* prison0 describes what is "real" about the system. */
|
|
|
|
struct prison prison0 = {
|
|
|
|
.pr_id = 0,
|
|
|
|
.pr_name = "0",
|
|
|
|
.pr_ref = 1,
|
|
|
|
.pr_uref = 1,
|
|
|
|
.pr_path = "/",
|
|
|
|
.pr_securelevel = -1,
|
2009-05-29 21:27:12 +00:00
|
|
|
.pr_uuid = "00000000-0000-0000-0000-000000000000",
|
2009-05-27 14:11:23 +00:00
|
|
|
.pr_children = LIST_HEAD_INITIALIZER(&prison0.pr_children),
|
2009-05-29 21:27:12 +00:00
|
|
|
.pr_flags = PR_HOST,
|
2009-05-27 14:11:23 +00:00
|
|
|
.pr_allow = PR_ALLOW_ALL,
|
|
|
|
};
|
|
|
|
MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
|
|
|
|
|
|
|
|
/* allprison and lastprid are protected by allprison_lock. */
|
2007-04-05 23:19:13 +00:00
|
|
|
struct sx allprison_lock;
|
2009-04-29 21:14:15 +00:00
|
|
|
SX_SYSINIT(allprison_lock, &allprison_lock, "allprison");
|
|
|
|
struct prisonlist allprison = TAILQ_HEAD_INITIALIZER(allprison);
|
2008-06-19 21:41:57 +00:00
|
|
|
int lastprid = 0;
|
2003-04-09 02:55:18 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
static int do_jail_attach(struct thread *td, struct prison *pr);
|
2009-03-27 13:13:59 +00:00
|
|
|
static void prison_complete(void *context, int pending);
|
2009-04-29 21:14:15 +00:00
|
|
|
static void prison_deref(struct prison *pr, int flags);
|
2009-05-27 14:11:23 +00:00
|
|
|
static char *prison_path(struct prison *pr1, struct prison *pr2);
|
|
|
|
static void prison_remove_one(struct prison *pr);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2009-03-27 13:13:59 +00:00
|
|
|
static int _prison_check_ip4(struct prison *pr, struct in_addr *ia);
|
2009-05-27 14:11:23 +00:00
|
|
|
static int prison_restrict_ip4(struct prison *pr, struct in_addr *newip4);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
2009-03-27 13:13:59 +00:00
|
|
|
static int _prison_check_ip6(struct prison *pr, struct in6_addr *ia6);
|
2009-05-27 14:11:23 +00:00
|
|
|
static int prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
2003-04-09 02:55:18 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/* Flags for prison_deref */
|
|
|
|
#define PD_DEREF 0x01
|
|
|
|
#define PD_DEUREF 0x02
|
|
|
|
#define PD_LOCKED 0x04
|
|
|
|
#define PD_LIST_SLOCKED 0x08
|
|
|
|
#define PD_LIST_XLOCKED 0x10
|
2003-04-09 02:55:18 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/*
|
|
|
|
* Parameter names corresponding to PR_* flag values
|
|
|
|
*/
|
|
|
|
static char *pr_flag_names[] = {
|
|
|
|
[0] = "persist",
|
2009-05-29 21:27:12 +00:00
|
|
|
"host",
|
2009-05-27 14:11:23 +00:00
|
|
|
#ifdef INET
|
2009-05-29 21:27:12 +00:00
|
|
|
"ip4",
|
2009-05-27 14:11:23 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
[3] = "ip6",
|
|
|
|
#endif
|
|
|
|
};
|
|
|
|
|
|
|
|
static char *pr_flag_nonames[] = {
|
|
|
|
[0] = "nopersist",
|
2009-05-29 21:27:12 +00:00
|
|
|
"nohost",
|
2009-05-27 14:11:23 +00:00
|
|
|
#ifdef INET
|
2009-05-29 21:27:12 +00:00
|
|
|
"noip4",
|
2009-05-27 14:11:23 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
[3] = "noip6",
|
|
|
|
#endif
|
|
|
|
};
|
|
|
|
|
|
|
|
static char *pr_allow_names[] = {
|
|
|
|
"allow.set_hostname",
|
|
|
|
"allow.sysvipc",
|
|
|
|
"allow.raw_sockets",
|
|
|
|
"allow.chflags",
|
|
|
|
"allow.mount",
|
|
|
|
"allow.quotas",
|
|
|
|
"allow.jails",
|
|
|
|
"allow.socket_af",
|
|
|
|
};
|
|
|
|
|
|
|
|
static char *pr_allow_nonames[] = {
|
|
|
|
"allow.noset_hostname",
|
|
|
|
"allow.nosysvipc",
|
|
|
|
"allow.noraw_sockets",
|
|
|
|
"allow.nochflags",
|
|
|
|
"allow.nomount",
|
|
|
|
"allow.noquotas",
|
|
|
|
"allow.nojails",
|
|
|
|
"allow.nosocket_af",
|
|
|
|
};
|
|
|
|
|
|
|
|
#define JAIL_DEFAULT_ALLOW PR_ALLOW_SET_HOSTNAME
|
|
|
|
static unsigned jail_default_allow = JAIL_DEFAULT_ALLOW;
|
|
|
|
static int jail_default_enforce_statfs = 2;
|
|
|
|
#if defined(INET) || defined(INET6)
|
2009-06-09 22:09:29 +00:00
|
|
|
static unsigned jail_max_af_ips = 255;
|
2009-05-27 14:11:23 +00:00
|
|
|
#endif
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
|
|
|
static int
|
|
|
|
qcmp_v4(const void *ip1, const void *ip2)
|
|
|
|
{
|
|
|
|
in_addr_t iaa, iab;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We need to compare in HBO here to get the list sorted as expected
|
|
|
|
* by the result of the code. Sorting NBO addresses gives you
|
|
|
|
* interesting results. If you do not understand, do not try.
|
|
|
|
*/
|
|
|
|
iaa = ntohl(((const struct in_addr *)ip1)->s_addr);
|
|
|
|
iab = ntohl(((const struct in_addr *)ip2)->s_addr);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Do not simply return the difference of the two numbers, the int is
|
|
|
|
* not wide enough.
|
|
|
|
*/
|
|
|
|
if (iaa > iab)
|
|
|
|
return (1);
|
|
|
|
else if (iaa < iab)
|
|
|
|
return (-1);
|
|
|
|
else
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef INET6
|
|
|
|
static int
|
|
|
|
qcmp_v6(const void *ip1, const void *ip2)
|
|
|
|
{
|
|
|
|
const struct in6_addr *ia6a, *ia6b;
|
|
|
|
int i, rc;
|
|
|
|
|
|
|
|
ia6a = (const struct in6_addr *)ip1;
|
|
|
|
ia6b = (const struct in6_addr *)ip2;
|
|
|
|
|
|
|
|
rc = 0;
|
2009-03-27 13:13:59 +00:00
|
|
|
for (i = 0; rc == 0 && i < sizeof(struct in6_addr); i++) {
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
if (ia6a->s6_addr[i] > ia6b->s6_addr[i])
|
|
|
|
rc = 1;
|
|
|
|
else if (ia6a->s6_addr[i] < ia6b->s6_addr[i])
|
|
|
|
rc = -1;
|
|
|
|
}
|
|
|
|
return (rc);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
|
|
|
* struct jail_args {
|
|
|
|
* struct jail *jail;
|
|
|
|
* };
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
jail(struct thread *td, struct jail_args *uap)
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
uint32_t version;
|
|
|
|
int error;
|
2009-05-27 14:11:23 +00:00
|
|
|
struct jail j;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
error = copyin(uap->jail, &version, sizeof(uint32_t));
|
|
|
|
if (error)
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
switch (version) {
|
|
|
|
case 0:
|
|
|
|
{
|
|
|
|
struct jail_v0 j0;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/* FreeBSD single IPv4 jails. */
|
|
|
|
bzero(&j, sizeof(struct jail));
|
2009-04-29 21:14:15 +00:00
|
|
|
error = copyin(uap->jail, &j0, sizeof(struct jail_v0));
|
|
|
|
if (error)
|
|
|
|
return (error);
|
2009-05-27 14:11:23 +00:00
|
|
|
j.version = j0.version;
|
|
|
|
j.path = j0.path;
|
|
|
|
j.hostname = j0.hostname;
|
|
|
|
j.ip4s = j0.ip_number;
|
2009-04-29 21:14:15 +00:00
|
|
|
break;
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
case 1:
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
2009-04-29 21:14:15 +00:00
|
|
|
* Version 1 was used by multi-IPv4 jail implementations
|
|
|
|
* that never made it into the official kernel.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
case 2: /* JAIL_API_VERSION */
|
|
|
|
/* FreeBSD multi-IPv4/IPv6,noIP jails. */
|
|
|
|
error = copyin(uap->jail, &j, sizeof(struct jail));
|
|
|
|
if (error)
|
|
|
|
return (error);
|
2009-05-27 14:11:23 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
/* Sci-Fi jails are not supported, sorry. */
|
|
|
|
return (EINVAL);
|
|
|
|
}
|
|
|
|
return (kern_jail(td, &j));
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_jail(struct thread *td, struct jail *j)
|
|
|
|
{
|
2009-06-09 22:09:29 +00:00
|
|
|
struct iovec optiov[2 * (4
|
|
|
|
+ sizeof(pr_allow_names) / sizeof(pr_allow_names[0])
|
|
|
|
#ifdef INET
|
|
|
|
+ 1
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
+ 1
|
|
|
|
#endif
|
|
|
|
)];
|
2009-05-27 14:11:23 +00:00
|
|
|
struct uio opt;
|
|
|
|
char *u_path, *u_hostname, *u_name;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2009-06-09 22:09:29 +00:00
|
|
|
uint32_t ip4s;
|
2009-05-27 14:11:23 +00:00
|
|
|
struct in_addr *u_ip4;
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
struct in6_addr *u_ip6;
|
|
|
|
#endif
|
|
|
|
size_t tmplen;
|
|
|
|
int error, enforce_statfs, fi;
|
|
|
|
|
|
|
|
bzero(&optiov, sizeof(optiov));
|
|
|
|
opt.uio_iov = optiov;
|
|
|
|
opt.uio_iovcnt = 0;
|
|
|
|
opt.uio_offset = -1;
|
|
|
|
opt.uio_resid = -1;
|
|
|
|
opt.uio_segflg = UIO_SYSSPACE;
|
|
|
|
opt.uio_rw = UIO_READ;
|
|
|
|
opt.uio_td = td;
|
|
|
|
|
|
|
|
/* Set permissions for top-level jails from sysctls. */
|
|
|
|
if (!jailed(td->td_ucred)) {
|
|
|
|
for (fi = 0; fi < sizeof(pr_allow_names) /
|
|
|
|
sizeof(pr_allow_names[0]); fi++) {
|
|
|
|
optiov[opt.uio_iovcnt].iov_base =
|
|
|
|
(jail_default_allow & (1 << fi))
|
|
|
|
? pr_allow_names[fi] : pr_allow_nonames[fi];
|
|
|
|
optiov[opt.uio_iovcnt].iov_len =
|
|
|
|
strlen(optiov[opt.uio_iovcnt].iov_base) + 1;
|
|
|
|
opt.uio_iovcnt += 2;
|
|
|
|
}
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = "enforce_statfs";
|
|
|
|
optiov[opt.uio_iovcnt].iov_len = sizeof("enforce_statfs");
|
|
|
|
opt.uio_iovcnt++;
|
|
|
|
enforce_statfs = jail_default_enforce_statfs;
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = &enforce_statfs;
|
|
|
|
optiov[opt.uio_iovcnt].iov_len = sizeof(enforce_statfs);
|
|
|
|
opt.uio_iovcnt++;
|
|
|
|
}
|
|
|
|
|
|
|
|
tmplen = MAXPATHLEN + MAXHOSTNAMELEN + MAXHOSTNAMELEN;
|
|
|
|
#ifdef INET
|
|
|
|
ip4s = (j->version == 0) ? 1 : j->ip4s;
|
|
|
|
if (ip4s > jail_max_af_ips)
|
|
|
|
return (EINVAL);
|
|
|
|
tmplen += ip4s * sizeof(struct in_addr);
|
2009-04-29 21:14:15 +00:00
|
|
|
#else
|
2009-05-27 14:11:23 +00:00
|
|
|
if (j->ip4s > 0)
|
|
|
|
return (EINVAL);
|
2009-04-29 21:14:15 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
2009-05-27 14:11:23 +00:00
|
|
|
if (j->ip6s > jail_max_af_ips)
|
|
|
|
return (EINVAL);
|
|
|
|
tmplen += j->ip6s * sizeof(struct in6_addr);
|
2009-04-29 21:14:15 +00:00
|
|
|
#else
|
2009-05-27 14:11:23 +00:00
|
|
|
if (j->ip6s > 0)
|
|
|
|
return (EINVAL);
|
2009-04-29 21:14:15 +00:00
|
|
|
#endif
|
2009-05-27 14:11:23 +00:00
|
|
|
u_path = malloc(tmplen, M_TEMP, M_WAITOK);
|
|
|
|
u_hostname = u_path + MAXPATHLEN;
|
|
|
|
u_name = u_hostname + MAXHOSTNAMELEN;
|
2009-04-29 21:14:15 +00:00
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
u_ip4 = (struct in_addr *)(u_name + MAXHOSTNAMELEN);
|
2009-04-29 21:14:15 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
u_ip6 = (struct in6_addr *)(u_ip4 + ip4s);
|
2009-04-29 21:14:15 +00:00
|
|
|
#else
|
2009-05-27 14:11:23 +00:00
|
|
|
u_ip6 = (struct in6_addr *)(u_name + MAXHOSTNAMELEN);
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = "path";
|
|
|
|
optiov[opt.uio_iovcnt].iov_len = sizeof("path");
|
|
|
|
opt.uio_iovcnt++;
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = u_path;
|
|
|
|
error = copyinstr(j->path, u_path, MAXPATHLEN,
|
|
|
|
&optiov[opt.uio_iovcnt].iov_len);
|
|
|
|
if (error) {
|
|
|
|
free(u_path, M_TEMP);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
opt.uio_iovcnt++;
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = "host.hostname";
|
|
|
|
optiov[opt.uio_iovcnt].iov_len = sizeof("host.hostname");
|
|
|
|
opt.uio_iovcnt++;
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = u_hostname;
|
|
|
|
error = copyinstr(j->hostname, u_hostname, MAXHOSTNAMELEN,
|
|
|
|
&optiov[opt.uio_iovcnt].iov_len);
|
|
|
|
if (error) {
|
|
|
|
free(u_path, M_TEMP);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
opt.uio_iovcnt++;
|
|
|
|
if (j->jailname != NULL) {
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = "name";
|
|
|
|
optiov[opt.uio_iovcnt].iov_len = sizeof("name");
|
2009-04-29 21:14:15 +00:00
|
|
|
opt.uio_iovcnt++;
|
2009-05-27 14:11:23 +00:00
|
|
|
optiov[opt.uio_iovcnt].iov_base = u_name;
|
|
|
|
error = copyinstr(j->jailname, u_name, MAXHOSTNAMELEN,
|
|
|
|
&optiov[opt.uio_iovcnt].iov_len);
|
2009-04-29 21:14:15 +00:00
|
|
|
if (error) {
|
|
|
|
free(u_path, M_TEMP);
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
opt.uio_iovcnt++;
|
2009-05-27 14:11:23 +00:00
|
|
|
}
|
|
|
|
#ifdef INET
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = "ip4.addr";
|
|
|
|
optiov[opt.uio_iovcnt].iov_len = sizeof("ip4.addr");
|
|
|
|
opt.uio_iovcnt++;
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = u_ip4;
|
|
|
|
optiov[opt.uio_iovcnt].iov_len = ip4s * sizeof(struct in_addr);
|
|
|
|
if (j->version == 0)
|
|
|
|
u_ip4->s_addr = j->ip4s;
|
|
|
|
else {
|
|
|
|
error = copyin(j->ip4, u_ip4, optiov[opt.uio_iovcnt].iov_len);
|
2009-04-29 21:14:15 +00:00
|
|
|
if (error) {
|
|
|
|
free(u_path, M_TEMP);
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
opt.uio_iovcnt++;
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = "ip6.addr";
|
|
|
|
optiov[opt.uio_iovcnt].iov_len = sizeof("ip6.addr");
|
|
|
|
opt.uio_iovcnt++;
|
|
|
|
optiov[opt.uio_iovcnt].iov_base = u_ip6;
|
|
|
|
optiov[opt.uio_iovcnt].iov_len = j->ip6s * sizeof(struct in6_addr);
|
|
|
|
error = copyin(j->ip6, u_ip6, optiov[opt.uio_iovcnt].iov_len);
|
|
|
|
if (error) {
|
|
|
|
free(u_path, M_TEMP);
|
|
|
|
return (error);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
opt.uio_iovcnt++;
|
|
|
|
#endif
|
|
|
|
KASSERT(opt.uio_iovcnt <= sizeof(optiov) / sizeof(optiov[0]),
|
|
|
|
("kern_jail: too many iovecs (%d)", opt.uio_iovcnt));
|
2009-04-29 21:14:15 +00:00
|
|
|
error = kern_jail_set(td, &opt, JAIL_CREATE | JAIL_ATTACH);
|
|
|
|
free(u_path, M_TEMP);
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
|
|
|
* struct jail_set_args {
|
|
|
|
* struct iovec *iovp;
|
|
|
|
* unsigned int iovcnt;
|
|
|
|
* int flags;
|
|
|
|
* };
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
jail_set(struct thread *td, struct jail_set_args *uap)
|
|
|
|
{
|
|
|
|
struct uio *auio;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
/* Check that we have an even number of iovecs. */
|
|
|
|
if (uap->iovcnt & 1)
|
|
|
|
return (EINVAL);
|
|
|
|
|
|
|
|
error = copyinuio(uap->iovp, uap->iovcnt, &auio);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
error = kern_jail_set(td, auio, uap->flags);
|
|
|
|
free(auio, M_IOV);
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
kern_jail_set(struct thread *td, struct uio *optuio, int flags)
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct nameidata nd;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2009-03-27 13:13:59 +00:00
|
|
|
struct in_addr *ip4;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
struct in6_addr *ip6;
|
|
|
|
#endif
|
2009-04-29 21:14:15 +00:00
|
|
|
struct vfsopt *opt;
|
|
|
|
struct vfsoptlist *opts;
|
2009-05-27 14:11:23 +00:00
|
|
|
struct prison *pr, *deadpr, *mypr, *ppr, *tpr;
|
2009-04-29 21:14:15 +00:00
|
|
|
struct vnode *root;
|
2009-05-29 21:27:12 +00:00
|
|
|
char *domain, *errmsg, *host, *name, *p, *path, *uuid;
|
2009-05-27 14:11:23 +00:00
|
|
|
#if defined(INET) || defined(INET6)
|
2009-04-29 21:14:15 +00:00
|
|
|
void *op;
|
2009-05-27 14:11:23 +00:00
|
|
|
#endif
|
2009-05-29 21:27:12 +00:00
|
|
|
unsigned long hid;
|
2009-05-27 14:11:23 +00:00
|
|
|
size_t namelen, onamelen;
|
|
|
|
int created, cuflags, descend, enforce, error, errmsg_len, errmsg_pos;
|
2009-05-29 21:27:12 +00:00
|
|
|
int gotenforce, gothid, gotslevel, fi, jid, len;
|
2009-04-29 21:14:15 +00:00
|
|
|
int slevel, vfslocked;
|
|
|
|
#if defined(INET) || defined(INET6)
|
2009-05-27 14:11:23 +00:00
|
|
|
int ii, ij;
|
2009-04-29 21:14:15 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
int ip4s, ip4a, redo_ip4;
|
2009-04-29 21:14:15 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
2009-05-27 14:11:23 +00:00
|
|
|
int ip6s, ip6a, redo_ip6;
|
2009-04-29 21:14:15 +00:00
|
|
|
#endif
|
|
|
|
unsigned pr_flags, ch_flags;
|
2009-05-27 14:11:23 +00:00
|
|
|
unsigned pr_allow, ch_allow, tallow;
|
2009-04-29 21:14:15 +00:00
|
|
|
char numbuf[12];
|
|
|
|
|
|
|
|
error = priv_check(td, PRIV_JAIL_SET);
|
|
|
|
if (!error && (flags & JAIL_ATTACH))
|
|
|
|
error = priv_check(td, PRIV_JAIL_ATTACH);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
2009-05-27 14:11:23 +00:00
|
|
|
mypr = ppr = td->td_ucred->cr_prison;
|
|
|
|
if ((flags & JAIL_CREATE) && !(mypr->pr_allow & PR_ALLOW_JAILS))
|
|
|
|
return (EPERM);
|
2009-04-29 21:14:15 +00:00
|
|
|
if (flags & ~JAIL_SET_MASK)
|
|
|
|
return (EINVAL);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
/*
|
2009-04-29 21:14:15 +00:00
|
|
|
* Check all the parameters before committing to anything. Not all
|
|
|
|
* errors can be caught early, but we may as well try. Also, this
|
|
|
|
* takes care of some expensive stuff (path lookup) before getting
|
|
|
|
* the allprison lock.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*
|
2009-04-29 21:14:15 +00:00
|
|
|
* XXX Jails are not filesystems, and jail parameters are not mount
|
|
|
|
* options. But it makes more sense to re-use the vfsopt code
|
|
|
|
* than duplicate it under a different name.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
error = vfs_buildopts(optuio, &opts);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
ip4a = 0;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
ip4 = NULL;
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
2009-05-27 14:11:23 +00:00
|
|
|
ip6a = 0;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
ip6 = NULL;
|
|
|
|
#endif
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
#if defined(INET) || defined(INET6)
|
|
|
|
again:
|
|
|
|
#endif
|
2009-04-29 21:14:15 +00:00
|
|
|
error = vfs_copyopt(opts, "jid", &jid, sizeof(jid));
|
|
|
|
if (error == ENOENT)
|
|
|
|
jid = 0;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
|
|
|
|
error = vfs_copyopt(opts, "securelevel", &slevel, sizeof(slevel));
|
|
|
|
if (error == ENOENT)
|
|
|
|
gotslevel = 0;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
else
|
|
|
|
gotslevel = 1;
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
error = vfs_copyopt(opts, "enforce_statfs", &enforce, sizeof(enforce));
|
|
|
|
gotenforce = (error == 0);
|
|
|
|
if (gotenforce) {
|
|
|
|
if (enforce < 0 || enforce > 2)
|
|
|
|
return (EINVAL);
|
|
|
|
} else if (error != ENOENT)
|
|
|
|
goto done_free;
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
pr_flags = ch_flags = 0;
|
2009-05-27 14:11:23 +00:00
|
|
|
for (fi = 0; fi < sizeof(pr_flag_names) / sizeof(pr_flag_names[0]);
|
|
|
|
fi++) {
|
|
|
|
if (pr_flag_names[fi] == NULL)
|
|
|
|
continue;
|
|
|
|
vfs_flagopt(opts, pr_flag_names[fi], &pr_flags, 1 << fi);
|
|
|
|
vfs_flagopt(opts, pr_flag_nonames[fi], &ch_flags, 1 << fi);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
ch_flags |= pr_flags;
|
|
|
|
if ((flags & (JAIL_CREATE | JAIL_UPDATE | JAIL_ATTACH)) == JAIL_CREATE
|
|
|
|
&& !(pr_flags & PR_PERSIST)) {
|
|
|
|
error = EINVAL;
|
|
|
|
vfs_opterror(opts, "new jail must persist or attach");
|
|
|
|
goto done_errmsg;
|
|
|
|
}
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
pr_allow = ch_allow = 0;
|
|
|
|
for (fi = 0; fi < sizeof(pr_allow_names) / sizeof(pr_allow_names[0]);
|
|
|
|
fi++) {
|
|
|
|
vfs_flagopt(opts, pr_allow_names[fi], &pr_allow, 1 << fi);
|
|
|
|
vfs_flagopt(opts, pr_allow_nonames[fi], &ch_allow, 1 << fi);
|
|
|
|
}
|
|
|
|
ch_allow |= pr_allow;
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
error = vfs_getopt(opts, "name", (void **)&name, &len);
|
|
|
|
if (error == ENOENT)
|
|
|
|
name = NULL;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
else {
|
|
|
|
if (len == 0 || name[len - 1] != '\0') {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
if (len > MAXHOSTNAMELEN) {
|
|
|
|
error = ENAMETOOLONG;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
error = vfs_getopt(opts, "host.hostname", (void **)&host, &len);
|
|
|
|
if (error == ENOENT)
|
|
|
|
host = NULL;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
else {
|
2009-05-29 21:27:12 +00:00
|
|
|
ch_flags |= PR_HOST;
|
|
|
|
pr_flags |= PR_HOST;
|
2009-04-29 21:14:15 +00:00
|
|
|
if (len == 0 || host[len - 1] != '\0') {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
if (len > MAXHOSTNAMELEN) {
|
|
|
|
error = ENAMETOOLONG;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-05-29 21:27:12 +00:00
|
|
|
error = vfs_getopt(opts, "host.domainname", (void **)&domain, &len);
|
|
|
|
if (error == ENOENT)
|
|
|
|
domain = NULL;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
else {
|
|
|
|
ch_flags |= PR_HOST;
|
|
|
|
pr_flags |= PR_HOST;
|
|
|
|
if (len == 0 || domain[len - 1] != '\0') {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
if (len > MAXHOSTNAMELEN) {
|
|
|
|
error = ENAMETOOLONG;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
error = vfs_getopt(opts, "host.hostuuid", (void **)&uuid, &len);
|
|
|
|
if (error == ENOENT)
|
|
|
|
uuid = NULL;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
else {
|
|
|
|
ch_flags |= PR_HOST;
|
|
|
|
pr_flags |= PR_HOST;
|
|
|
|
if (len == 0 || uuid[len - 1] != '\0') {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
if (len > HOSTUUIDLEN) {
|
|
|
|
error = ENAMETOOLONG;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef COMPAT_IA32
|
|
|
|
if (td->td_proc->p_sysent->sv_flags & SV_IA32) {
|
|
|
|
uint32_t hid32;
|
|
|
|
|
|
|
|
error = vfs_copyopt(opts, "host.hostid", &hid32, sizeof(hid32));
|
|
|
|
hid = hid32;
|
|
|
|
} else
|
|
|
|
#endif
|
|
|
|
error = vfs_copyopt(opts, "host.hostid", &hid, sizeof(hid));
|
|
|
|
if (error == ENOENT)
|
|
|
|
gothid = 0;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
else {
|
|
|
|
gothid = 1;
|
|
|
|
ch_flags |= PR_HOST;
|
|
|
|
pr_flags |= PR_HOST;
|
|
|
|
}
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/* This might be the second time around for this option. */
|
2009-04-29 21:14:15 +00:00
|
|
|
#ifdef INET
|
|
|
|
error = vfs_getopt(opts, "ip4.addr", &op, &ip4s);
|
|
|
|
if (error == ENOENT)
|
|
|
|
ip4s = -1;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
else if (ip4s & (sizeof(*ip4) - 1)) {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
2009-05-27 14:11:23 +00:00
|
|
|
} else {
|
|
|
|
ch_flags |= PR_IP4_USER;
|
|
|
|
pr_flags |= PR_IP4_USER;
|
|
|
|
if (ip4s > 0) {
|
|
|
|
ip4s /= sizeof(*ip4);
|
|
|
|
if (ip4s > jail_max_af_ips) {
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
error = EINVAL;
|
2009-05-27 14:11:23 +00:00
|
|
|
vfs_opterror(opts, "too many IPv4 addresses");
|
|
|
|
goto done_errmsg;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
if (ip4a < ip4s) {
|
|
|
|
ip4a = ip4s;
|
|
|
|
free(ip4, M_PRISON);
|
|
|
|
ip4 = NULL;
|
|
|
|
}
|
|
|
|
if (ip4 == NULL)
|
|
|
|
ip4 = malloc(ip4a * sizeof(*ip4), M_PRISON,
|
|
|
|
M_WAITOK);
|
|
|
|
bcopy(op, ip4, ip4s * sizeof(*ip4));
|
|
|
|
/*
|
|
|
|
* IP addresses are all sorted but ip[0] to preserve
|
|
|
|
* the primary IP address as given from userland.
|
|
|
|
* This special IP is used for unbound outgoing
|
|
|
|
* connections as well for "loopback" traffic.
|
|
|
|
*/
|
|
|
|
if (ip4s > 1)
|
|
|
|
qsort(ip4 + 1, ip4s - 1, sizeof(*ip4), qcmp_v4);
|
|
|
|
/*
|
|
|
|
* Check for duplicate addresses and do some simple
|
|
|
|
* zero and broadcast checks. If users give other bogus
|
|
|
|
* addresses it is their problem.
|
|
|
|
*
|
|
|
|
* We do not have to care about byte order for these
|
|
|
|
* checks so we will do them in NBO.
|
|
|
|
*/
|
|
|
|
for (ii = 0; ii < ip4s; ii++) {
|
|
|
|
if (ip4[ii].s_addr == INADDR_ANY ||
|
|
|
|
ip4[ii].s_addr == INADDR_BROADCAST) {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
if ((ii+1) < ip4s &&
|
|
|
|
(ip4[0].s_addr == ip4[ii+1].s_addr ||
|
|
|
|
ip4[ii].s_addr == ip4[ii+1].s_addr)) {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
2009-04-29 21:14:15 +00:00
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET6
|
2009-04-29 21:14:15 +00:00
|
|
|
error = vfs_getopt(opts, "ip6.addr", &op, &ip6s);
|
|
|
|
if (error == ENOENT)
|
|
|
|
ip6s = -1;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
else if (ip6s & (sizeof(*ip6) - 1)) {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
2009-05-27 14:11:23 +00:00
|
|
|
} else {
|
|
|
|
ch_flags |= PR_IP6_USER;
|
|
|
|
pr_flags |= PR_IP6_USER;
|
|
|
|
if (ip6s > 0) {
|
|
|
|
ip6s /= sizeof(*ip6);
|
|
|
|
if (ip6s > jail_max_af_ips) {
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
error = EINVAL;
|
2009-05-27 14:11:23 +00:00
|
|
|
vfs_opterror(opts, "too many IPv6 addresses");
|
|
|
|
goto done_errmsg;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
if (ip6a < ip6s) {
|
|
|
|
ip6a = ip6s;
|
|
|
|
free(ip6, M_PRISON);
|
|
|
|
ip6 = NULL;
|
|
|
|
}
|
|
|
|
if (ip6 == NULL)
|
|
|
|
ip6 = malloc(ip6a * sizeof(*ip6), M_PRISON,
|
|
|
|
M_WAITOK);
|
|
|
|
bcopy(op, ip6, ip6s * sizeof(*ip6));
|
|
|
|
if (ip6s > 1)
|
|
|
|
qsort(ip6 + 1, ip6s - 1, sizeof(*ip6), qcmp_v6);
|
|
|
|
for (ii = 0; ii < ip6s; ii++) {
|
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(&ip6[ii])) {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
if ((ii+1) < ip6s &&
|
|
|
|
(IN6_ARE_ADDR_EQUAL(&ip6[0], &ip6[ii+1]) ||
|
|
|
|
IN6_ARE_ADDR_EQUAL(&ip6[ii], &ip6[ii+1])))
|
|
|
|
{
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
root = NULL;
|
|
|
|
error = vfs_getopt(opts, "path", (void **)&path, &len);
|
|
|
|
if (error == ENOENT)
|
|
|
|
path = NULL;
|
|
|
|
else if (error != 0)
|
|
|
|
goto done_free;
|
|
|
|
else {
|
|
|
|
if (flags & JAIL_UPDATE) {
|
|
|
|
error = EINVAL;
|
|
|
|
vfs_opterror(opts,
|
|
|
|
"path cannot be changed after creation");
|
|
|
|
goto done_errmsg;
|
|
|
|
}
|
|
|
|
if (len == 0 || path[len - 1] != '\0') {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
if (len < 2 || (len == 2 && path[0] == '/'))
|
|
|
|
path = NULL;
|
|
|
|
else {
|
2009-05-27 14:11:23 +00:00
|
|
|
/* Leave room for a real-root full pathname. */
|
|
|
|
if (len + (path[0] == '/' && strcmp(mypr->pr_path, "/")
|
|
|
|
? strlen(mypr->pr_path) : 0) > MAXPATHLEN) {
|
|
|
|
error = ENAMETOOLONG;
|
|
|
|
goto done_free;
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW, UIO_SYSSPACE,
|
|
|
|
path, td);
|
|
|
|
error = namei(&nd);
|
|
|
|
if (error)
|
|
|
|
goto done_free;
|
|
|
|
vfslocked = NDHASGIANT(&nd);
|
|
|
|
root = nd.ni_vp;
|
|
|
|
NDFREE(&nd, NDF_ONLY_PNBUF);
|
|
|
|
if (root->v_type != VDIR) {
|
|
|
|
error = ENOTDIR;
|
|
|
|
vrele(root);
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
goto done_free;
|
|
|
|
}
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
}
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
|
|
|
* Grab the allprison lock before letting modules check their
|
|
|
|
* parameters. Once we have it, do not let go so we'll have a
|
|
|
|
* consistent view of the OSD list.
|
|
|
|
*/
|
|
|
|
sx_xlock(&allprison_lock);
|
|
|
|
error = osd_jail_call(NULL, PR_METHOD_CHECK, opts);
|
|
|
|
if (error)
|
|
|
|
goto done_unlock_list;
|
|
|
|
|
|
|
|
/* By now, all parameters should have been noted. */
|
|
|
|
TAILQ_FOREACH(opt, opts, link) {
|
|
|
|
if (!opt->seen && strcmp(opt->name, "errmsg")) {
|
|
|
|
error = EINVAL;
|
|
|
|
vfs_opterror(opts, "unknown parameter: %s", opt->name);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
/*
|
2009-04-29 21:14:15 +00:00
|
|
|
* See if we are creating a new record or updating an existing one.
|
|
|
|
* This abuses the file error codes ENOENT and EEXIST.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
cuflags = flags & (JAIL_CREATE | JAIL_UPDATE);
|
|
|
|
if (!cuflags) {
|
|
|
|
error = EINVAL;
|
|
|
|
vfs_opterror(opts, "no valid operation (create or update)");
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
pr = NULL;
|
|
|
|
if (jid != 0) {
|
2009-05-27 14:11:23 +00:00
|
|
|
/*
|
|
|
|
* See if a requested jid already exists. There is an
|
|
|
|
* information leak here if the jid exists but is not within
|
|
|
|
* the caller's jail hierarchy. Jail creators will get EEXIST
|
|
|
|
* even though they cannot see the jail, and CREATE | UPDATE
|
|
|
|
* will return ENOENT which is not normally a valid error.
|
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
if (jid < 0) {
|
|
|
|
error = EINVAL;
|
|
|
|
vfs_opterror(opts, "negative jid");
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
pr = prison_find(jid);
|
|
|
|
if (pr != NULL) {
|
2009-05-27 14:11:23 +00:00
|
|
|
ppr = pr->pr_parent;
|
2009-04-29 21:14:15 +00:00
|
|
|
/* Create: jid must not exist. */
|
|
|
|
if (cuflags == JAIL_CREATE) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
error = EEXIST;
|
|
|
|
vfs_opterror(opts, "jail %d already exists",
|
|
|
|
jid);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!prison_ischild(mypr, pr)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
pr = NULL;
|
|
|
|
} else if (pr->pr_uref == 0) {
|
2009-04-29 21:14:15 +00:00
|
|
|
if (!(flags & JAIL_DYING)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "jail %d is dying",
|
|
|
|
jid);
|
|
|
|
goto done_unlock_list;
|
|
|
|
} else if ((flags & JAIL_ATTACH) ||
|
|
|
|
(pr_flags & PR_PERSIST)) {
|
|
|
|
/*
|
|
|
|
* A dying jail might be resurrected
|
|
|
|
* (via attach or persist), but first
|
|
|
|
* it must determine if another jail
|
|
|
|
* has claimed its name. Accomplish
|
|
|
|
* this by implicitly re-setting the
|
|
|
|
* name.
|
|
|
|
*/
|
|
|
|
if (name == NULL)
|
2009-05-27 14:11:23 +00:00
|
|
|
name = prison_name(mypr, pr);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (pr == NULL) {
|
|
|
|
/* Update: jid must exist. */
|
|
|
|
if (cuflags == JAIL_UPDATE) {
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "jail %d not found", jid);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* If the caller provided a name, look for a jail by that name.
|
|
|
|
* This has different semantics for creates and updates keyed by jid
|
|
|
|
* (where the name must not already exist in a different jail),
|
|
|
|
* and updates keyed by the name itself (where the name must exist
|
|
|
|
* because that is the jail being updated).
|
|
|
|
*/
|
|
|
|
if (name != NULL) {
|
2009-05-27 14:11:23 +00:00
|
|
|
p = strrchr(name, '.');
|
|
|
|
if (p != NULL) {
|
|
|
|
/*
|
|
|
|
* This is a hierarchical name. Split it into the
|
|
|
|
* parent and child names, and make sure the parent
|
|
|
|
* exists or matches an already found jail.
|
|
|
|
*/
|
|
|
|
*p = '\0';
|
|
|
|
if (pr != NULL) {
|
|
|
|
if (strncmp(name, ppr->pr_name, p - name) ||
|
|
|
|
ppr->pr_name[p - name] != '\0') {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
error = EINVAL;
|
|
|
|
vfs_opterror(opts,
|
|
|
|
"cannot change jail's parent");
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
ppr = prison_find_name(mypr, name);
|
|
|
|
if (ppr == NULL) {
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts,
|
|
|
|
"jail \"%s\" not found", name);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
mtx_unlock(&ppr->pr_mtx);
|
|
|
|
}
|
|
|
|
name = p + 1;
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (name[0] != '\0') {
|
2009-05-27 14:11:23 +00:00
|
|
|
namelen =
|
|
|
|
(ppr == &prison0) ? 0 : strlen(ppr->pr_name) + 1;
|
2009-04-29 21:14:15 +00:00
|
|
|
name_again:
|
2009-05-27 14:11:23 +00:00
|
|
|
deadpr = NULL;
|
|
|
|
FOREACH_PRISON_CHILD(ppr, tpr) {
|
2009-04-29 21:14:15 +00:00
|
|
|
if (tpr != pr && tpr->pr_ref > 0 &&
|
2009-05-27 14:11:23 +00:00
|
|
|
!strcmp(tpr->pr_name + namelen, name)) {
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr == NULL &&
|
|
|
|
cuflags != JAIL_CREATE) {
|
|
|
|
mtx_lock(&tpr->pr_mtx);
|
|
|
|
if (tpr->pr_ref > 0) {
|
|
|
|
/*
|
|
|
|
* Use this jail
|
|
|
|
* for updates.
|
|
|
|
*/
|
|
|
|
if (tpr->pr_uref > 0) {
|
|
|
|
pr = tpr;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
deadpr = tpr;
|
|
|
|
}
|
|
|
|
mtx_unlock(&tpr->pr_mtx);
|
|
|
|
} else if (tpr->pr_uref > 0) {
|
|
|
|
/*
|
|
|
|
* Create, or update(jid):
|
|
|
|
* name must not exist in an
|
2009-05-27 14:11:23 +00:00
|
|
|
* active sibling jail.
|
2009-04-29 21:14:15 +00:00
|
|
|
*/
|
|
|
|
error = EEXIST;
|
|
|
|
if (pr != NULL)
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
vfs_opterror(opts,
|
|
|
|
"jail \"%s\" already exists",
|
|
|
|
name);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* If no active jail is found, use a dying one. */
|
|
|
|
if (deadpr != NULL && pr == NULL) {
|
|
|
|
if (flags & JAIL_DYING) {
|
|
|
|
mtx_lock(&deadpr->pr_mtx);
|
|
|
|
if (deadpr->pr_ref == 0) {
|
|
|
|
mtx_unlock(&deadpr->pr_mtx);
|
|
|
|
goto name_again;
|
|
|
|
}
|
|
|
|
pr = deadpr;
|
|
|
|
} else if (cuflags == JAIL_UPDATE) {
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts,
|
|
|
|
"jail \"%s\" is dying", name);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* Update: name must exist if no jid. */
|
|
|
|
else if (cuflags == JAIL_UPDATE && pr == NULL) {
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "jail \"%s\" not found",
|
|
|
|
name);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/* Update: must provide a jid or name. */
|
|
|
|
else if (cuflags == JAIL_UPDATE && pr == NULL) {
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "update specified no jail");
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/* If there's no prison to update, create a new one and link it in. */
|
|
|
|
if (pr == NULL) {
|
|
|
|
created = 1;
|
2009-05-27 14:11:23 +00:00
|
|
|
mtx_lock(&ppr->pr_mtx);
|
|
|
|
if (ppr->pr_ref == 0 || (ppr->pr_flags & PR_REMOVE)) {
|
|
|
|
mtx_unlock(&ppr->pr_mtx);
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "parent jail went away!");
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
ppr->pr_ref++;
|
|
|
|
ppr->pr_uref++;
|
|
|
|
mtx_unlock(&ppr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
pr = malloc(sizeof(*pr), M_PRISON, M_WAITOK | M_ZERO);
|
|
|
|
if (jid == 0) {
|
|
|
|
/* Find the next free jid. */
|
|
|
|
jid = lastprid + 1;
|
|
|
|
findnext:
|
|
|
|
if (jid == JAIL_MAX)
|
|
|
|
jid = 1;
|
|
|
|
TAILQ_FOREACH(tpr, &allprison, pr_list) {
|
|
|
|
if (tpr->pr_id < jid)
|
|
|
|
continue;
|
|
|
|
if (tpr->pr_id > jid || tpr->pr_ref == 0) {
|
|
|
|
TAILQ_INSERT_BEFORE(tpr, pr, pr_list);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (jid == lastprid) {
|
|
|
|
error = EAGAIN;
|
|
|
|
vfs_opterror(opts,
|
|
|
|
"no available jail IDs");
|
|
|
|
free(pr, M_PRISON);
|
2009-05-27 14:11:23 +00:00
|
|
|
prison_deref(ppr, PD_DEREF |
|
|
|
|
PD_DEUREF | PD_LIST_XLOCKED);
|
|
|
|
goto done_releroot;
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
|
|
|
jid++;
|
|
|
|
goto findnext;
|
|
|
|
}
|
|
|
|
lastprid = jid;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* The jail already has a jid (that did not yet exist),
|
|
|
|
* so just find where to insert it.
|
|
|
|
*/
|
|
|
|
TAILQ_FOREACH(tpr, &allprison, pr_list)
|
|
|
|
if (tpr->pr_id >= jid) {
|
|
|
|
TAILQ_INSERT_BEFORE(tpr, pr, pr_list);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (tpr == NULL)
|
|
|
|
TAILQ_INSERT_TAIL(&allprison, pr, pr_list);
|
2009-05-27 14:11:23 +00:00
|
|
|
LIST_INSERT_HEAD(&ppr->pr_children, pr, pr_sibling);
|
|
|
|
for (tpr = ppr; tpr != NULL; tpr = tpr->pr_parent)
|
|
|
|
tpr->pr_prisoncount++;
|
2009-04-29 21:14:15 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
pr->pr_parent = ppr;
|
2009-04-29 21:14:15 +00:00
|
|
|
pr->pr_id = jid;
|
2009-05-27 14:11:23 +00:00
|
|
|
|
|
|
|
/* Set some default values, and inherit some from the parent. */
|
2009-04-29 21:14:15 +00:00
|
|
|
if (name == NULL)
|
|
|
|
name = "";
|
2009-05-29 21:27:12 +00:00
|
|
|
if (host != NULL || domain != NULL || uuid != NULL || gothid) {
|
|
|
|
if (host == NULL)
|
|
|
|
host = ppr->pr_host;
|
|
|
|
if (domain == NULL)
|
|
|
|
domain = ppr->pr_domain;
|
|
|
|
if (uuid == NULL)
|
|
|
|
uuid = ppr->pr_uuid;
|
|
|
|
if (!gothid)
|
|
|
|
hid = ppr->pr_hostid;
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (path == NULL) {
|
|
|
|
path = "/";
|
2009-05-27 14:11:23 +00:00
|
|
|
root = mypr->pr_root;
|
2009-04-29 21:14:15 +00:00
|
|
|
vref(root);
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
#ifdef INET
|
|
|
|
pr->pr_flags |= ppr->pr_flags & PR_IP4;
|
|
|
|
pr->pr_ip4s = ppr->pr_ip4s;
|
|
|
|
if (ppr->pr_ip4 != NULL) {
|
|
|
|
pr->pr_ip4 = malloc(pr->pr_ip4s *
|
|
|
|
sizeof(struct in_addr), M_PRISON, M_WAITOK);
|
|
|
|
bcopy(ppr->pr_ip4, pr->pr_ip4,
|
|
|
|
pr->pr_ip4s * sizeof(*pr->pr_ip4));
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
pr->pr_flags |= ppr->pr_flags & PR_IP6;
|
|
|
|
pr->pr_ip6s = ppr->pr_ip6s;
|
|
|
|
if (ppr->pr_ip6 != NULL) {
|
|
|
|
pr->pr_ip6 = malloc(pr->pr_ip6s *
|
|
|
|
sizeof(struct in6_addr), M_PRISON, M_WAITOK);
|
|
|
|
bcopy(ppr->pr_ip6, pr->pr_ip6,
|
|
|
|
pr->pr_ip6s * sizeof(*pr->pr_ip6));
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
pr->pr_securelevel = ppr->pr_securelevel;
|
|
|
|
pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow;
|
|
|
|
pr->pr_enforce_statfs = ppr->pr_enforce_statfs;
|
2009-04-29 21:14:15 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
LIST_INIT(&pr->pr_children);
|
|
|
|
mtx_init(&pr->pr_mtx, "jail mutex", NULL, MTX_DEF | MTX_DUPOK);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
/*
|
2009-04-29 21:14:15 +00:00
|
|
|
* Allocate a dedicated cpuset for each jail.
|
|
|
|
* Unlike other initial settings, this may return an erorr.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2009-05-27 14:11:23 +00:00
|
|
|
error = cpuset_create_root(ppr, &pr->pr_cpuset);
|
2009-04-29 21:14:15 +00:00
|
|
|
if (error) {
|
|
|
|
prison_deref(pr, PD_LIST_XLOCKED);
|
|
|
|
goto done_releroot;
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
2009-04-29 21:14:15 +00:00
|
|
|
* New prisons do not yet have a reference, because we do not
|
|
|
|
* want other to see the incomplete prison once the
|
|
|
|
* allprison_lock is downgraded.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
} else {
|
|
|
|
created = 0;
|
|
|
|
/*
|
|
|
|
* Grab a reference for existing prisons, to ensure they
|
|
|
|
* continue to exist for the duration of the call.
|
|
|
|
*/
|
|
|
|
pr->pr_ref++;
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/* Do final error checking before setting anything. */
|
2009-05-27 14:11:23 +00:00
|
|
|
if (gotslevel) {
|
|
|
|
if (slevel < ppr->pr_securelevel) {
|
|
|
|
error = EPERM;
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (gotenforce) {
|
|
|
|
if (enforce < ppr->pr_enforce_statfs) {
|
|
|
|
error = EPERM;
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
if (ch_flags & PR_IP4_USER) {
|
|
|
|
if (ppr->pr_flags & PR_IP4) {
|
|
|
|
if (!(pr_flags & PR_IP4_USER)) {
|
|
|
|
/*
|
|
|
|
* Silently ignore attempts to make the IP
|
|
|
|
* addresses unrestricted when the parent is
|
|
|
|
* restricted; in other words, interpret
|
|
|
|
* "unrestricted" as "as unrestricted as
|
|
|
|
* possible".
|
|
|
|
*/
|
|
|
|
ip4s = ppr->pr_ip4s;
|
|
|
|
if (ip4s == 0) {
|
|
|
|
free(ip4, M_PRISON);
|
|
|
|
ip4 = NULL;
|
|
|
|
} else if (ip4s <= ip4a) {
|
|
|
|
/* Inherit the parent's address(es). */
|
|
|
|
bcopy(ppr->pr_ip4, ip4,
|
|
|
|
ip4s * sizeof(*ip4));
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* There's no room for the parent's
|
|
|
|
* address list. Allocate some more.
|
|
|
|
*/
|
|
|
|
ip4a = ip4s;
|
|
|
|
free(ip4, M_PRISON);
|
|
|
|
ip4 = malloc(ip4a * sizeof(*ip4),
|
|
|
|
M_PRISON, M_NOWAIT);
|
|
|
|
if (ip4 != NULL)
|
|
|
|
bcopy(ppr->pr_ip4, ip4,
|
|
|
|
ip4s * sizeof(*ip4));
|
|
|
|
else {
|
|
|
|
/* Allocation failed without
|
|
|
|
* sleeping. Unlocking the
|
|
|
|
* prison now will invalidate
|
|
|
|
* some checks and prematurely
|
|
|
|
* show an unfinished new jail.
|
|
|
|
* So let go of everything and
|
|
|
|
* start over.
|
|
|
|
*/
|
|
|
|
prison_deref(pr, created
|
|
|
|
? PD_LOCKED |
|
|
|
|
PD_LIST_XLOCKED
|
|
|
|
: PD_DEREF | PD_LOCKED |
|
|
|
|
PD_LIST_XLOCKED);
|
|
|
|
if (root != NULL) {
|
|
|
|
vfslocked =
|
|
|
|
VFS_LOCK_GIANT(
|
|
|
|
root->v_mount);
|
|
|
|
vrele(root);
|
|
|
|
VFS_UNLOCK_GIANT(
|
|
|
|
vfslocked);
|
|
|
|
}
|
|
|
|
ip4 = malloc(ip4a *
|
|
|
|
sizeof(*ip4), M_PRISON,
|
|
|
|
M_WAITOK);
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if (ip4s > 0) {
|
|
|
|
/*
|
|
|
|
* Make sure the new set of IP addresses is a
|
|
|
|
* subset of the parent's list. Don't worry
|
|
|
|
* about the parent being unlocked, as any
|
|
|
|
* setting is done with allprison_lock held.
|
|
|
|
*/
|
|
|
|
for (ij = 0; ij < ppr->pr_ip4s; ij++)
|
|
|
|
if (ip4[0].s_addr ==
|
|
|
|
ppr->pr_ip4[ij].s_addr)
|
|
|
|
break;
|
|
|
|
if (ij == ppr->pr_ip4s) {
|
|
|
|
error = EPERM;
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
|
|
|
if (ip4s > 1) {
|
|
|
|
for (ii = ij = 1; ii < ip4s; ii++) {
|
|
|
|
if (ip4[ii].s_addr ==
|
|
|
|
ppr->pr_ip4[0].s_addr)
|
|
|
|
continue;
|
|
|
|
for (; ij < ppr->pr_ip4s; ij++)
|
|
|
|
if (ip4[ii].s_addr ==
|
|
|
|
ppr->pr_ip4[ij].s_addr)
|
|
|
|
break;
|
|
|
|
if (ij == ppr->pr_ip4s)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (ij == ppr->pr_ip4s) {
|
|
|
|
error = EPERM;
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (ip4s > 0) {
|
|
|
|
/*
|
|
|
|
* Check for conflicting IP addresses. We permit them
|
|
|
|
* if there is no more than one IP on each jail. If
|
|
|
|
* there is a duplicate on a jail with more than one
|
|
|
|
* IP stop checking and return error.
|
|
|
|
*/
|
|
|
|
FOREACH_PRISON_DESCENDANT(&prison0, tpr, descend) {
|
|
|
|
if (tpr == pr || tpr->pr_uref == 0) {
|
|
|
|
descend = 0;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (!(tpr->pr_flags & PR_IP4_USER))
|
|
|
|
continue;
|
|
|
|
descend = 0;
|
|
|
|
if (tpr->pr_ip4 == NULL ||
|
|
|
|
(ip4s == 1 && tpr->pr_ip4s == 1))
|
|
|
|
continue;
|
|
|
|
for (ii = 0; ii < ip4s; ii++) {
|
2009-04-29 21:14:15 +00:00
|
|
|
if (_prison_check_ip4(tpr,
|
|
|
|
&ip4[ii]) == 0) {
|
2009-05-27 14:11:23 +00:00
|
|
|
error = EADDRINUSE;
|
2009-04-29 21:14:15 +00:00
|
|
|
vfs_opterror(opts,
|
|
|
|
"IPv4 addresses clash");
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
2009-04-29 21:14:15 +00:00
|
|
|
#ifdef INET6
|
2009-05-27 14:11:23 +00:00
|
|
|
if (ch_flags & PR_IP6_USER) {
|
|
|
|
if (ppr->pr_flags & PR_IP6) {
|
|
|
|
if (!(pr_flags & PR_IP6_USER)) {
|
|
|
|
/*
|
|
|
|
* Silently ignore attempts to make the IP
|
|
|
|
* addresses unrestricted when the parent is
|
|
|
|
* restricted.
|
|
|
|
*/
|
|
|
|
ip6s = ppr->pr_ip6s;
|
|
|
|
if (ip6s == 0) {
|
|
|
|
free(ip6, M_PRISON);
|
|
|
|
ip6 = NULL;
|
|
|
|
} else if (ip6s <= ip6a) {
|
|
|
|
/* Inherit the parent's address(es). */
|
|
|
|
bcopy(ppr->pr_ip6, ip6,
|
|
|
|
ip6s * sizeof(*ip6));
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* There's no room for the parent's
|
|
|
|
* address list.
|
|
|
|
*/
|
|
|
|
ip6a = ip6s;
|
|
|
|
free(ip6, M_PRISON);
|
|
|
|
ip6 = malloc(ip6a * sizeof(*ip6),
|
|
|
|
M_PRISON, M_NOWAIT);
|
|
|
|
if (ip6 != NULL)
|
|
|
|
bcopy(ppr->pr_ip6, ip6,
|
|
|
|
ip6s * sizeof(*ip6));
|
|
|
|
else {
|
|
|
|
prison_deref(pr, created
|
|
|
|
? PD_LOCKED |
|
|
|
|
PD_LIST_XLOCKED
|
|
|
|
: PD_DEREF | PD_LOCKED |
|
|
|
|
PD_LIST_XLOCKED);
|
|
|
|
if (root != NULL) {
|
|
|
|
vfslocked =
|
|
|
|
VFS_LOCK_GIANT(
|
|
|
|
root->v_mount);
|
|
|
|
vrele(root);
|
|
|
|
VFS_UNLOCK_GIANT(
|
|
|
|
vfslocked);
|
|
|
|
}
|
|
|
|
ip6 = malloc(ip6a *
|
|
|
|
sizeof(*ip6), M_PRISON,
|
|
|
|
M_WAITOK);
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else if (ip6s > 0) {
|
|
|
|
/*
|
|
|
|
* Make sure the new set of IP addresses is a
|
|
|
|
* subset of the parent's list.
|
|
|
|
*/
|
|
|
|
for (ij = 0; ij < ppr->pr_ip6s; ij++)
|
|
|
|
if (IN6_ARE_ADDR_EQUAL(&ip6[0],
|
|
|
|
&ppr->pr_ip6[ij]))
|
|
|
|
break;
|
|
|
|
if (ij == ppr->pr_ip6s) {
|
|
|
|
error = EPERM;
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
|
|
|
if (ip6s > 1) {
|
|
|
|
for (ii = ij = 1; ii < ip6s; ii++) {
|
|
|
|
if (IN6_ARE_ADDR_EQUAL(&ip6[ii],
|
|
|
|
&ppr->pr_ip6[0]))
|
|
|
|
continue;
|
|
|
|
for (; ij < ppr->pr_ip6s; ij++)
|
|
|
|
if (IN6_ARE_ADDR_EQUAL(
|
|
|
|
&ip6[ii],
|
|
|
|
&ppr->pr_ip6[ij]))
|
|
|
|
break;
|
|
|
|
if (ij == ppr->pr_ip6s)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (ij == ppr->pr_ip6s) {
|
|
|
|
error = EPERM;
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (ip6s > 0) {
|
|
|
|
/* Check for conflicting IP addresses. */
|
|
|
|
FOREACH_PRISON_DESCENDANT(&prison0, tpr, descend) {
|
|
|
|
if (tpr == pr || tpr->pr_uref == 0) {
|
|
|
|
descend = 0;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (!(tpr->pr_flags & PR_IP6_USER))
|
|
|
|
continue;
|
|
|
|
descend = 0;
|
|
|
|
if (tpr->pr_ip6 == NULL ||
|
|
|
|
(ip6s == 1 && tpr->pr_ip6s == 1))
|
|
|
|
continue;
|
|
|
|
for (ii = 0; ii < ip6s; ii++) {
|
2009-04-29 21:14:15 +00:00
|
|
|
if (_prison_check_ip6(tpr,
|
|
|
|
&ip6[ii]) == 0) {
|
2009-05-27 14:11:23 +00:00
|
|
|
error = EADDRINUSE;
|
2009-04-29 21:14:15 +00:00
|
|
|
vfs_opterror(opts,
|
|
|
|
"IPv6 addresses clash");
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
}
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
#endif
|
2009-05-27 14:11:23 +00:00
|
|
|
onamelen = namelen = 0;
|
|
|
|
if (name != NULL) {
|
2009-04-29 21:14:15 +00:00
|
|
|
/* Give a default name of the jid. */
|
|
|
|
if (name[0] == '\0')
|
|
|
|
snprintf(name = numbuf, sizeof(numbuf), "%d", jid);
|
|
|
|
else if (strtoul(name, &p, 10) != jid && *p == '\0') {
|
|
|
|
error = EINVAL;
|
|
|
|
vfs_opterror(opts, "name cannot be numeric");
|
2009-05-27 14:11:23 +00:00
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
2009-05-27 14:11:23 +00:00
|
|
|
* Make sure the name isn't too long for the prison or its
|
|
|
|
* children.
|
2009-04-29 21:14:15 +00:00
|
|
|
*/
|
2009-05-27 14:11:23 +00:00
|
|
|
onamelen = strlen(pr->pr_name);
|
|
|
|
namelen = strlen(name);
|
|
|
|
if (strlen(ppr->pr_name) + namelen + 2 > sizeof(pr->pr_name)) {
|
|
|
|
error = ENAMETOOLONG;
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
|
|
|
FOREACH_PRISON_DESCENDANT(pr, tpr, descend) {
|
|
|
|
if (strlen(tpr->pr_name) + (namelen - onamelen) >=
|
|
|
|
sizeof(pr->pr_name)) {
|
|
|
|
error = ENAMETOOLONG;
|
|
|
|
goto done_deref_locked;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (pr_allow & ~ppr->pr_allow) {
|
|
|
|
error = EPERM;
|
|
|
|
goto done_deref_locked;
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/* Set the parameters of the prison. */
|
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
redo_ip4 = 0;
|
|
|
|
if (ch_flags & PR_IP4_USER) {
|
|
|
|
if (pr_flags & PR_IP4_USER) {
|
|
|
|
/* Some restriction set. */
|
|
|
|
pr->pr_flags |= PR_IP4;
|
|
|
|
if (ip4s >= 0) {
|
|
|
|
free(pr->pr_ip4, M_PRISON);
|
|
|
|
pr->pr_ip4s = ip4s;
|
|
|
|
pr->pr_ip4 = ip4;
|
|
|
|
ip4 = NULL;
|
|
|
|
}
|
|
|
|
} else if (ppr->pr_flags & PR_IP4) {
|
|
|
|
/* This restriction cleared, but keep inherited. */
|
|
|
|
free(pr->pr_ip4, M_PRISON);
|
|
|
|
pr->pr_ip4s = ip4s;
|
|
|
|
pr->pr_ip4 = ip4;
|
|
|
|
ip4 = NULL;
|
|
|
|
} else {
|
|
|
|
/* Restriction cleared, now unrestricted. */
|
|
|
|
pr->pr_flags &= ~PR_IP4;
|
|
|
|
free(pr->pr_ip4, M_PRISON);
|
|
|
|
pr->pr_ip4s = 0;
|
|
|
|
}
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
|
|
|
|
if (prison_restrict_ip4(tpr, NULL)) {
|
|
|
|
redo_ip4 = 1;
|
|
|
|
descend = 0;
|
|
|
|
}
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
2009-05-27 14:11:23 +00:00
|
|
|
redo_ip6 = 0;
|
|
|
|
if (ch_flags & PR_IP6_USER) {
|
|
|
|
if (pr_flags & PR_IP6_USER) {
|
|
|
|
/* Some restriction set. */
|
|
|
|
pr->pr_flags |= PR_IP6;
|
|
|
|
if (ip6s >= 0) {
|
|
|
|
free(pr->pr_ip6, M_PRISON);
|
|
|
|
pr->pr_ip6s = ip6s;
|
|
|
|
pr->pr_ip6 = ip6;
|
|
|
|
ip6 = NULL;
|
|
|
|
}
|
|
|
|
} else if (ppr->pr_flags & PR_IP6) {
|
|
|
|
/* This restriction cleared, but keep inherited. */
|
|
|
|
free(pr->pr_ip6, M_PRISON);
|
|
|
|
pr->pr_ip6s = ip6s;
|
|
|
|
pr->pr_ip6 = ip6;
|
|
|
|
ip6 = NULL;
|
|
|
|
} else {
|
|
|
|
/* Restriction cleared, now unrestricted. */
|
|
|
|
pr->pr_flags &= ~PR_IP6;
|
|
|
|
free(pr->pr_ip6, M_PRISON);
|
|
|
|
pr->pr_ip6s = 0;
|
|
|
|
}
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
|
|
|
|
if (prison_restrict_ip6(tpr, NULL)) {
|
|
|
|
redo_ip6 = 1;
|
|
|
|
descend = 0;
|
|
|
|
}
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
#endif
|
2009-05-27 14:11:23 +00:00
|
|
|
if (gotslevel) {
|
2009-04-29 21:14:15 +00:00
|
|
|
pr->pr_securelevel = slevel;
|
2009-05-27 14:11:23 +00:00
|
|
|
/* Set all child jails to be at least this level. */
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend)
|
|
|
|
if (tpr->pr_securelevel < slevel)
|
|
|
|
tpr->pr_securelevel = slevel;
|
|
|
|
}
|
|
|
|
if (gotenforce) {
|
|
|
|
pr->pr_enforce_statfs = enforce;
|
|
|
|
/* Pass this restriction on to the children. */
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend)
|
|
|
|
if (tpr->pr_enforce_statfs < enforce)
|
|
|
|
tpr->pr_enforce_statfs = enforce;
|
|
|
|
}
|
|
|
|
if (name != NULL) {
|
|
|
|
if (ppr == &prison0)
|
|
|
|
strlcpy(pr->pr_name, name, sizeof(pr->pr_name));
|
|
|
|
else
|
|
|
|
snprintf(pr->pr_name, sizeof(pr->pr_name), "%s.%s",
|
|
|
|
ppr->pr_name, name);
|
|
|
|
/* Change this component of child names. */
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
|
|
|
|
bcopy(tpr->pr_name + onamelen, tpr->pr_name + namelen,
|
|
|
|
strlen(tpr->pr_name + onamelen) + 1);
|
|
|
|
bcopy(pr->pr_name, tpr->pr_name, namelen);
|
|
|
|
}
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (path != NULL) {
|
2009-05-27 14:11:23 +00:00
|
|
|
/* Try to keep a real-rooted full pathname. */
|
|
|
|
if (path[0] == '/' && strcmp(mypr->pr_path, "/"))
|
|
|
|
snprintf(pr->pr_path, sizeof(pr->pr_path), "%s%s",
|
|
|
|
mypr->pr_path, path);
|
|
|
|
else
|
|
|
|
strlcpy(pr->pr_path, path, sizeof(pr->pr_path));
|
2009-04-29 21:14:15 +00:00
|
|
|
pr->pr_root = root;
|
|
|
|
}
|
2009-05-29 21:27:12 +00:00
|
|
|
if (PR_HOST & ch_flags & ~pr_flags) {
|
|
|
|
if (pr->pr_flags & PR_HOST) {
|
|
|
|
/*
|
|
|
|
* Copy the parent's host info. As with pr_ip4 above,
|
|
|
|
* the lack of a lock on the parent is not a problem;
|
|
|
|
* it is always set with allprison_lock at least
|
|
|
|
* shared, and is held exclusively here.
|
|
|
|
*/
|
|
|
|
strlcpy(pr->pr_host, pr->pr_parent->pr_host,
|
|
|
|
sizeof(pr->pr_host));
|
|
|
|
strlcpy(pr->pr_domain, pr->pr_parent->pr_domain,
|
|
|
|
sizeof(pr->pr_domain));
|
|
|
|
strlcpy(pr->pr_uuid, pr->pr_parent->pr_uuid,
|
|
|
|
sizeof(pr->pr_uuid));
|
|
|
|
pr->pr_hostid = pr->pr_parent->pr_hostid;
|
|
|
|
}
|
|
|
|
} else if (host != NULL || domain != NULL || uuid != NULL || gothid) {
|
|
|
|
/* Set this prison, and any descendants without PR_HOST. */
|
|
|
|
if (host != NULL)
|
|
|
|
strlcpy(pr->pr_host, host, sizeof(pr->pr_host));
|
|
|
|
if (domain != NULL)
|
|
|
|
strlcpy(pr->pr_domain, domain, sizeof(pr->pr_domain));
|
|
|
|
if (uuid != NULL)
|
|
|
|
strlcpy(pr->pr_uuid, uuid, sizeof(pr->pr_uuid));
|
|
|
|
if (gothid)
|
|
|
|
pr->pr_hostid = hid;
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
|
|
|
|
if (tpr->pr_flags & PR_HOST)
|
|
|
|
descend = 0;
|
|
|
|
else {
|
|
|
|
if (host != NULL)
|
|
|
|
strlcpy(tpr->pr_host, pr->pr_host,
|
|
|
|
sizeof(tpr->pr_host));
|
|
|
|
if (domain != NULL)
|
|
|
|
strlcpy(tpr->pr_domain, pr->pr_domain,
|
|
|
|
sizeof(tpr->pr_domain));
|
|
|
|
if (uuid != NULL)
|
|
|
|
strlcpy(tpr->pr_uuid, pr->pr_uuid,
|
|
|
|
sizeof(tpr->pr_uuid));
|
|
|
|
if (gothid)
|
|
|
|
tpr->pr_hostid = hid;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
if ((tallow = ch_allow & ~pr_allow)) {
|
|
|
|
/* Clear allow bits in all children. */
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend)
|
|
|
|
tpr->pr_allow &= ~tallow;
|
|
|
|
}
|
|
|
|
pr->pr_allow = (pr->pr_allow & ~ch_allow) | pr_allow;
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
|
|
|
* Persistent prisons get an extra reference, and prisons losing their
|
|
|
|
* persist flag lose that reference. Only do this for existing prisons
|
|
|
|
* for now, so new ones will remain unseen until after the module
|
|
|
|
* handlers have completed.
|
|
|
|
*/
|
|
|
|
if (!created && (ch_flags & PR_PERSIST & (pr_flags ^ pr->pr_flags))) {
|
|
|
|
if (pr_flags & PR_PERSIST) {
|
|
|
|
pr->pr_ref++;
|
|
|
|
pr->pr_uref++;
|
|
|
|
} else {
|
|
|
|
pr->pr_ref--;
|
|
|
|
pr->pr_uref--;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
pr->pr_flags = (pr->pr_flags & ~ch_flags) | pr_flags;
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/* Locks may have prevented a complete restriction of child IP
|
|
|
|
* addresses. If so, allocate some more memory and try again.
|
|
|
|
*/
|
|
|
|
#ifdef INET
|
|
|
|
while (redo_ip4) {
|
|
|
|
ip4s = pr->pr_ip4s;
|
|
|
|
ip4 = malloc(ip4s * sizeof(*ip4), M_PRISON, M_WAITOK);
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
redo_ip4 = 0;
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
|
|
|
|
if (prison_restrict_ip4(tpr, ip4)) {
|
|
|
|
if (ip4 != NULL)
|
|
|
|
ip4 = NULL;
|
|
|
|
else
|
|
|
|
redo_ip4 = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
while (redo_ip6) {
|
|
|
|
ip6s = pr->pr_ip6s;
|
|
|
|
ip6 = malloc(ip6s * sizeof(*ip6), M_PRISON, M_WAITOK);
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
redo_ip6 = 0;
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
|
|
|
|
if (prison_restrict_ip6(tpr, ip6)) {
|
|
|
|
if (ip6 != NULL)
|
|
|
|
ip6 = NULL;
|
|
|
|
else
|
|
|
|
redo_ip6 = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/* Let the modules do their work. */
|
|
|
|
sx_downgrade(&allprison_lock);
|
|
|
|
if (created) {
|
|
|
|
error = osd_jail_call(pr, PR_METHOD_CREATE, opts);
|
|
|
|
if (error) {
|
|
|
|
prison_deref(pr, PD_LIST_SLOCKED);
|
|
|
|
goto done_errmsg;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
error = osd_jail_call(pr, PR_METHOD_SET, opts);
|
|
|
|
if (error) {
|
|
|
|
prison_deref(pr, created
|
|
|
|
? PD_LIST_SLOCKED
|
|
|
|
: PD_DEREF | PD_LIST_SLOCKED);
|
|
|
|
goto done_errmsg;
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/* Attach this process to the prison if requested. */
|
|
|
|
if (flags & JAIL_ATTACH) {
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
error = do_jail_attach(td, pr);
|
|
|
|
if (error) {
|
|
|
|
vfs_opterror(opts, "attach failed");
|
|
|
|
if (!created)
|
|
|
|
prison_deref(pr, PD_DEREF);
|
|
|
|
goto done_errmsg;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now that it is all there, drop the temporary reference from existing
|
|
|
|
* prisons. Or add a reference to newly created persistent prisons
|
|
|
|
* (which was not done earlier so that the prison would not be publicly
|
|
|
|
* visible).
|
|
|
|
*/
|
|
|
|
if (!created) {
|
|
|
|
prison_deref(pr, (flags & JAIL_ATTACH)
|
|
|
|
? PD_DEREF
|
|
|
|
: PD_DEREF | PD_LIST_SLOCKED);
|
|
|
|
} else {
|
|
|
|
if (pr_flags & PR_PERSIST) {
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
pr->pr_ref++;
|
|
|
|
pr->pr_uref++;
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
}
|
|
|
|
if (!(flags & JAIL_ATTACH))
|
|
|
|
sx_sunlock(&allprison_lock);
|
|
|
|
}
|
|
|
|
td->td_retval[0] = pr->pr_id;
|
|
|
|
goto done_errmsg;
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
done_deref_locked:
|
|
|
|
prison_deref(pr, created
|
|
|
|
? PD_LOCKED | PD_LIST_XLOCKED
|
|
|
|
: PD_DEREF | PD_LOCKED | PD_LIST_XLOCKED);
|
|
|
|
goto done_releroot;
|
2009-04-29 21:14:15 +00:00
|
|
|
done_unlock_list:
|
|
|
|
sx_xunlock(&allprison_lock);
|
|
|
|
done_releroot:
|
|
|
|
if (root != NULL) {
|
|
|
|
vfslocked = VFS_LOCK_GIANT(root->v_mount);
|
|
|
|
vrele(root);
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
}
|
|
|
|
done_errmsg:
|
|
|
|
if (error) {
|
|
|
|
vfs_getopt(opts, "errmsg", (void **)&errmsg, &errmsg_len);
|
|
|
|
if (errmsg_len > 0) {
|
|
|
|
errmsg_pos = 2 * vfs_getopt_pos(opts, "errmsg") + 1;
|
|
|
|
if (errmsg_pos > 0) {
|
|
|
|
if (optuio->uio_segflg == UIO_SYSSPACE)
|
|
|
|
bcopy(errmsg,
|
|
|
|
optuio->uio_iov[errmsg_pos].iov_base,
|
|
|
|
errmsg_len);
|
|
|
|
else
|
|
|
|
copyout(errmsg,
|
|
|
|
optuio->uio_iov[errmsg_pos].iov_base,
|
|
|
|
errmsg_len);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
done_free:
|
|
|
|
#ifdef INET
|
|
|
|
free(ip4, M_PRISON);
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
free(ip6, M_PRISON);
|
|
|
|
#endif
|
|
|
|
vfs_freeopts(opts);
|
|
|
|
return (error);
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* struct jail_get_args {
|
|
|
|
* struct iovec *iovp;
|
|
|
|
* unsigned int iovcnt;
|
|
|
|
* int flags;
|
|
|
|
* };
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
jail_get(struct thread *td, struct jail_get_args *uap)
|
|
|
|
{
|
|
|
|
struct uio *auio;
|
|
|
|
int error;
|
|
|
|
|
|
|
|
/* Check that we have an even number of iovecs. */
|
|
|
|
if (uap->iovcnt & 1)
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
return (EINVAL);
|
2009-04-29 21:14:15 +00:00
|
|
|
|
|
|
|
error = copyinuio(uap->iovp, uap->iovcnt, &auio);
|
|
|
|
if (error)
|
|
|
|
return (error);
|
|
|
|
error = kern_jail_get(td, auio, uap->flags);
|
|
|
|
if (error == 0)
|
|
|
|
error = copyout(auio->uio_iov, uap->iovp,
|
|
|
|
uap->iovcnt * sizeof (struct iovec));
|
|
|
|
free(auio, M_IOV);
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2009-04-29 21:14:15 +00:00
|
|
|
kern_jail_get(struct thread *td, struct uio *optuio, int flags)
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
{
|
2009-05-27 14:11:23 +00:00
|
|
|
struct prison *pr, *mypr;
|
2009-04-29 21:14:15 +00:00
|
|
|
struct vfsopt *opt;
|
|
|
|
struct vfsoptlist *opts;
|
|
|
|
char *errmsg, *name;
|
2009-05-27 14:11:23 +00:00
|
|
|
int error, errmsg_len, errmsg_pos, fi, i, jid, len, locked, pos;
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
if (flags & ~JAIL_GET_MASK)
|
|
|
|
return (EINVAL);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/* Get the parameter list. */
|
|
|
|
error = vfs_buildopts(optuio, &opts);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
if (error)
|
2001-10-11 23:39:43 +00:00
|
|
|
return (error);
|
2009-04-29 21:14:15 +00:00
|
|
|
errmsg_pos = vfs_getopt_pos(opts, "errmsg");
|
2009-05-27 14:11:23 +00:00
|
|
|
mypr = td->td_ucred->cr_prison;
|
2009-05-23 16:13:26 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
|
|
|
* Find the prison specified by one of: lastjid, jid, name.
|
|
|
|
*/
|
|
|
|
sx_slock(&allprison_lock);
|
|
|
|
error = vfs_copyopt(opts, "lastjid", &jid, sizeof(jid));
|
|
|
|
if (error == 0) {
|
|
|
|
TAILQ_FOREACH(pr, &allprison, pr_list) {
|
2009-05-27 14:11:23 +00:00
|
|
|
if (pr->pr_id > jid && prison_ischild(mypr, pr)) {
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
if (pr->pr_ref > 0 &&
|
|
|
|
(pr->pr_uref > 0 || (flags & JAIL_DYING)))
|
|
|
|
break;
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (pr != NULL)
|
|
|
|
goto found_prison;
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "no jail after %d", jid);
|
|
|
|
goto done_unlock_list;
|
|
|
|
} else if (error != ENOENT)
|
|
|
|
goto done_unlock_list;
|
|
|
|
|
|
|
|
error = vfs_copyopt(opts, "jid", &jid, sizeof(jid));
|
|
|
|
if (error == 0) {
|
|
|
|
if (jid != 0) {
|
2009-05-27 14:11:23 +00:00
|
|
|
pr = prison_find_child(mypr, jid);
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr != NULL) {
|
|
|
|
if (pr->pr_uref == 0 && !(flags & JAIL_DYING)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "jail %d is dying",
|
|
|
|
jid);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
goto found_prison;
|
|
|
|
}
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "jail %d not found", jid);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
} else if (error != ENOENT)
|
|
|
|
goto done_unlock_list;
|
|
|
|
|
|
|
|
error = vfs_getopt(opts, "name", (void **)&name, &len);
|
|
|
|
if (error == 0) {
|
|
|
|
if (len == 0 || name[len - 1] != '\0') {
|
|
|
|
error = EINVAL;
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
pr = prison_find_name(mypr, name);
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr != NULL) {
|
|
|
|
if (pr->pr_uref == 0 && !(flags & JAIL_DYING)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "jail \"%s\" is dying",
|
|
|
|
name);
|
|
|
|
goto done_unlock_list;
|
|
|
|
}
|
|
|
|
goto found_prison;
|
|
|
|
}
|
|
|
|
error = ENOENT;
|
|
|
|
vfs_opterror(opts, "jail \"%s\" not found", name);
|
|
|
|
goto done_unlock_list;
|
|
|
|
} else if (error != ENOENT)
|
|
|
|
goto done_unlock_list;
|
|
|
|
|
|
|
|
vfs_opterror(opts, "no jail specified");
|
|
|
|
error = ENOENT;
|
|
|
|
goto done_unlock_list;
|
|
|
|
|
|
|
|
found_prison:
|
|
|
|
/* Get the parameters of the prison. */
|
|
|
|
pr->pr_ref++;
|
|
|
|
locked = PD_LOCKED;
|
|
|
|
td->td_retval[0] = pr->pr_id;
|
|
|
|
error = vfs_setopt(opts, "jid", &pr->pr_id, sizeof(pr->pr_id));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
2009-05-27 14:11:23 +00:00
|
|
|
i = (pr->pr_parent == mypr) ? 0 : pr->pr_parent->pr_id;
|
|
|
|
error = vfs_setopt(opts, "parent", &i, sizeof(i));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
error = vfs_setopts(opts, "name", prison_name(mypr, pr));
|
2009-04-29 21:14:15 +00:00
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
2009-05-27 14:11:23 +00:00
|
|
|
error = vfs_setopt(opts, "cpuset.id", &pr->pr_cpuset->cs_id,
|
2009-04-29 21:14:15 +00:00
|
|
|
sizeof(pr->pr_cpuset->cs_id));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
2009-05-27 14:11:23 +00:00
|
|
|
error = vfs_setopts(opts, "path", prison_path(mypr, pr));
|
2009-04-29 21:14:15 +00:00
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
#ifdef INET
|
|
|
|
error = vfs_setopt_part(opts, "ip4.addr", pr->pr_ip4,
|
|
|
|
pr->pr_ip4s * sizeof(*pr->pr_ip4));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
error = vfs_setopt_part(opts, "ip6.addr", pr->pr_ip6,
|
|
|
|
pr->pr_ip6s * sizeof(*pr->pr_ip6));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
#endif
|
|
|
|
error = vfs_setopt(opts, "securelevel", &pr->pr_securelevel,
|
|
|
|
sizeof(pr->pr_securelevel));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
error = vfs_setopts(opts, "host.hostname", pr->pr_host);
|
2009-05-29 21:27:12 +00:00
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
error = vfs_setopts(opts, "host.domainname", pr->pr_domain);
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
error = vfs_setopts(opts, "host.hostuuid", pr->pr_uuid);
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
#ifdef COMPAT_IA32
|
|
|
|
if (td->td_proc->p_sysent->sv_flags & SV_IA32) {
|
|
|
|
uint32_t hid32 = pr->pr_hostid;
|
|
|
|
|
|
|
|
error = vfs_setopt(opts, "host.hostid", &hid32, sizeof(hid32));
|
|
|
|
} else
|
|
|
|
#endif
|
|
|
|
error = vfs_setopt(opts, "host.hostid", &pr->pr_hostid,
|
|
|
|
sizeof(pr->pr_hostid));
|
2009-04-29 21:14:15 +00:00
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
2009-05-27 14:11:23 +00:00
|
|
|
error = vfs_setopt(opts, "enforce_statfs", &pr->pr_enforce_statfs,
|
|
|
|
sizeof(pr->pr_enforce_statfs));
|
2009-04-29 21:14:15 +00:00
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
2009-05-27 14:11:23 +00:00
|
|
|
for (fi = 0; fi < sizeof(pr_flag_names) / sizeof(pr_flag_names[0]);
|
|
|
|
fi++) {
|
|
|
|
if (pr_flag_names[fi] == NULL)
|
|
|
|
continue;
|
|
|
|
i = (pr->pr_flags & (1 << fi)) ? 1 : 0;
|
|
|
|
error = vfs_setopt(opts, pr_flag_names[fi], &i, sizeof(i));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
i = !i;
|
|
|
|
error = vfs_setopt(opts, pr_flag_nonames[fi], &i, sizeof(i));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
}
|
|
|
|
for (fi = 0; fi < sizeof(pr_allow_names) / sizeof(pr_allow_names[0]);
|
|
|
|
fi++) {
|
|
|
|
if (pr_allow_names[fi] == NULL)
|
|
|
|
continue;
|
|
|
|
i = (pr->pr_allow & (1 << fi)) ? 1 : 0;
|
|
|
|
error = vfs_setopt(opts, pr_allow_names[fi], &i, sizeof(i));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
i = !i;
|
|
|
|
error = vfs_setopt(opts, pr_allow_nonames[fi], &i, sizeof(i));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
i = (pr->pr_uref == 0);
|
|
|
|
error = vfs_setopt(opts, "dying", &i, sizeof(i));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
i = !i;
|
|
|
|
error = vfs_setopt(opts, "nodying", &i, sizeof(i));
|
|
|
|
if (error != 0 && error != ENOENT)
|
|
|
|
goto done_deref;
|
|
|
|
|
|
|
|
/* Get the module parameters. */
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
locked = 0;
|
|
|
|
error = osd_jail_call(pr, PR_METHOD_GET, opts);
|
2001-10-11 23:39:43 +00:00
|
|
|
if (error)
|
2009-04-29 21:14:15 +00:00
|
|
|
goto done_deref;
|
|
|
|
prison_deref(pr, PD_DEREF | PD_LIST_SLOCKED);
|
|
|
|
|
|
|
|
/* By now, all parameters should have been noted. */
|
|
|
|
TAILQ_FOREACH(opt, opts, link) {
|
|
|
|
if (!opt->seen && strcmp(opt->name, "errmsg")) {
|
|
|
|
error = EINVAL;
|
|
|
|
vfs_opterror(opts, "unknown parameter: %s", opt->name);
|
|
|
|
goto done_errmsg;
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
|
|
|
|
/* Write the fetched parameters back to userspace. */
|
|
|
|
error = 0;
|
|
|
|
TAILQ_FOREACH(opt, opts, link) {
|
|
|
|
if (opt->pos >= 0 && opt->pos != errmsg_pos) {
|
|
|
|
pos = 2 * opt->pos + 1;
|
|
|
|
optuio->uio_iov[pos].iov_len = opt->len;
|
|
|
|
if (opt->value != NULL) {
|
|
|
|
if (optuio->uio_segflg == UIO_SYSSPACE) {
|
|
|
|
bcopy(opt->value,
|
|
|
|
optuio->uio_iov[pos].iov_base,
|
|
|
|
opt->len);
|
|
|
|
} else {
|
|
|
|
error = copyout(opt->value,
|
|
|
|
optuio->uio_iov[pos].iov_base,
|
|
|
|
opt->len);
|
|
|
|
if (error)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
goto done_errmsg;
|
|
|
|
|
|
|
|
done_deref:
|
|
|
|
prison_deref(pr, locked | PD_DEREF | PD_LIST_SLOCKED);
|
|
|
|
goto done_errmsg;
|
|
|
|
|
|
|
|
done_unlock_list:
|
|
|
|
sx_sunlock(&allprison_lock);
|
|
|
|
done_errmsg:
|
|
|
|
if (error && errmsg_pos >= 0) {
|
|
|
|
vfs_getopt(opts, "errmsg", (void **)&errmsg, &errmsg_len);
|
|
|
|
errmsg_pos = 2 * errmsg_pos + 1;
|
|
|
|
if (errmsg_len > 0) {
|
|
|
|
if (optuio->uio_segflg == UIO_SYSSPACE)
|
|
|
|
bcopy(errmsg,
|
|
|
|
optuio->uio_iov[errmsg_pos].iov_base,
|
|
|
|
errmsg_len);
|
|
|
|
else
|
|
|
|
copyout(errmsg,
|
|
|
|
optuio->uio_iov[errmsg_pos].iov_base,
|
|
|
|
errmsg_len);
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
vfs_freeopts(opts);
|
|
|
|
return (error);
|
|
|
|
}
|
2003-04-09 02:55:18 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
|
|
|
* struct jail_remove_args {
|
|
|
|
* int jid;
|
|
|
|
* };
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
jail_remove(struct thread *td, struct jail_remove_args *uap)
|
|
|
|
{
|
2009-05-27 14:11:23 +00:00
|
|
|
struct prison *pr, *cpr, *lpr, *tpr;
|
|
|
|
int descend, error;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
error = priv_check(td, PRIV_JAIL_REMOVE);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
if (error)
|
2009-04-29 21:14:15 +00:00
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2007-04-05 23:19:13 +00:00
|
|
|
sx_xlock(&allprison_lock);
|
2009-05-27 14:11:23 +00:00
|
|
|
pr = prison_find_child(td->td_ucred->cr_prison, uap->jid);
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr == NULL) {
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
sx_xunlock(&allprison_lock);
|
2009-04-29 21:14:15 +00:00
|
|
|
return (EINVAL);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/* Remove all descendants of this prison, then remove this prison. */
|
|
|
|
pr->pr_ref++;
|
|
|
|
pr->pr_flags |= PR_REMOVE;
|
|
|
|
if (!LIST_EMPTY(&pr->pr_children)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
lpr = NULL;
|
|
|
|
FOREACH_PRISON_DESCENDANT(pr, cpr, descend) {
|
|
|
|
mtx_lock(&cpr->pr_mtx);
|
|
|
|
if (cpr->pr_ref > 0) {
|
|
|
|
tpr = cpr;
|
|
|
|
cpr->pr_ref++;
|
|
|
|
cpr->pr_flags |= PR_REMOVE;
|
|
|
|
} else {
|
|
|
|
/* Already removed - do not do it again. */
|
|
|
|
tpr = NULL;
|
|
|
|
}
|
|
|
|
mtx_unlock(&cpr->pr_mtx);
|
|
|
|
if (lpr != NULL) {
|
|
|
|
mtx_lock(&lpr->pr_mtx);
|
|
|
|
prison_remove_one(lpr);
|
|
|
|
sx_xlock(&allprison_lock);
|
|
|
|
}
|
|
|
|
lpr = tpr;
|
|
|
|
}
|
|
|
|
if (lpr != NULL) {
|
|
|
|
mtx_lock(&lpr->pr_mtx);
|
|
|
|
prison_remove_one(lpr);
|
|
|
|
sx_xlock(&allprison_lock);
|
|
|
|
}
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
}
|
|
|
|
prison_remove_one(pr);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
prison_remove_one(struct prison *pr)
|
|
|
|
{
|
|
|
|
struct proc *p;
|
|
|
|
int deuref;
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/* If the prison was persistent, it is not anymore. */
|
|
|
|
deuref = 0;
|
|
|
|
if (pr->pr_flags & PR_PERSIST) {
|
|
|
|
pr->pr_ref--;
|
|
|
|
deuref = PD_DEUREF;
|
|
|
|
pr->pr_flags &= ~PR_PERSIST;
|
2008-06-19 21:41:57 +00:00
|
|
|
}
|
2003-04-09 02:55:18 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/*
|
|
|
|
* jail_remove added a reference. If that's the only one, remove
|
|
|
|
* the prison now.
|
|
|
|
*/
|
|
|
|
KASSERT(pr->pr_ref > 0,
|
|
|
|
("prison_remove_one removing a dead prison (jid=%d)", pr->pr_id));
|
|
|
|
if (pr->pr_ref == 1) {
|
2009-04-29 21:14:15 +00:00
|
|
|
prison_deref(pr,
|
|
|
|
deuref | PD_DEREF | PD_LOCKED | PD_LIST_XLOCKED);
|
2009-05-27 14:11:23 +00:00
|
|
|
return;
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
|
|
|
|
2003-04-09 02:55:18 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
2008-11-17 20:49:29 +00:00
|
|
|
sx_xunlock(&allprison_lock);
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
|
|
|
* Kill all processes unfortunate enough to be attached to this prison.
|
|
|
|
*/
|
|
|
|
sx_slock(&allproc_lock);
|
|
|
|
LIST_FOREACH(p, &allproc, p_list) {
|
|
|
|
PROC_LOCK(p);
|
|
|
|
if (p->p_state != PRS_NEW && p->p_ucred &&
|
|
|
|
p->p_ucred->cr_prison == pr)
|
|
|
|
psignal(p, SIGKILL);
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
}
|
|
|
|
sx_sunlock(&allproc_lock);
|
2009-05-27 14:11:23 +00:00
|
|
|
/* Remove the temporary reference added by jail_remove. */
|
2009-04-29 21:14:15 +00:00
|
|
|
prison_deref(pr, deuref | PD_DEREF);
|
2003-04-09 02:55:18 +00:00
|
|
|
}
|
|
|
|
|
2009-03-27 13:13:59 +00:00
|
|
|
|
2003-04-09 02:55:18 +00:00
|
|
|
/*
|
2003-04-28 18:32:19 +00:00
|
|
|
* struct jail_attach_args {
|
|
|
|
* int jid;
|
|
|
|
* };
|
2003-04-09 02:55:18 +00:00
|
|
|
*/
|
|
|
|
int
|
2003-04-28 18:32:19 +00:00
|
|
|
jail_attach(struct thread *td, struct jail_attach_args *uap)
|
2003-04-09 02:55:18 +00:00
|
|
|
{
|
|
|
|
struct prison *pr;
|
2009-04-29 21:14:15 +00:00
|
|
|
int error;
|
2007-03-07 21:24:51 +00:00
|
|
|
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
error = priv_check(td, PRIV_JAIL_ATTACH);
|
2004-02-19 21:03:20 +00:00
|
|
|
if (error)
|
|
|
|
return (error);
|
2003-04-09 02:55:18 +00:00
|
|
|
|
2007-04-05 23:19:13 +00:00
|
|
|
sx_slock(&allprison_lock);
|
2009-05-27 14:11:23 +00:00
|
|
|
pr = prison_find_child(td->td_ucred->cr_prison, uap->jid);
|
2003-04-09 02:55:18 +00:00
|
|
|
if (pr == NULL) {
|
2007-04-05 23:19:13 +00:00
|
|
|
sx_sunlock(&allprison_lock);
|
2003-04-09 02:55:18 +00:00
|
|
|
return (EINVAL);
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Do not allow a process to attach to a prison that is not
|
2009-04-29 21:14:15 +00:00
|
|
|
* considered to be "alive".
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_uref == 0) {
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
sx_sunlock(&allprison_lock);
|
|
|
|
return (EINVAL);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
|
|
|
|
return (do_jail_attach(td, pr));
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
do_jail_attach(struct thread *td, struct prison *pr)
|
|
|
|
{
|
2009-05-27 14:11:23 +00:00
|
|
|
struct prison *ppr;
|
2009-04-29 21:14:15 +00:00
|
|
|
struct proc *p;
|
|
|
|
struct ucred *newcred, *oldcred;
|
|
|
|
int vfslocked, error;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* XXX: Note that there is a slight race here if two threads
|
|
|
|
* in the same privileged process attempt to attach to two
|
|
|
|
* different jails at the same time. It is important for
|
|
|
|
* user processes not to do this, or they might end up with
|
|
|
|
* a process root from one prison, but attached to the jail
|
|
|
|
* of another.
|
|
|
|
*/
|
2003-04-09 02:55:18 +00:00
|
|
|
pr->pr_ref++;
|
2009-04-29 21:14:15 +00:00
|
|
|
pr->pr_uref++;
|
2003-04-09 02:55:18 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
|
|
|
|
/* Let modules do whatever they need to prepare for attaching. */
|
|
|
|
error = osd_jail_call(pr, PR_METHOD_ATTACH, td);
|
|
|
|
if (error) {
|
|
|
|
prison_deref(pr, PD_DEREF | PD_DEUREF | PD_LIST_SLOCKED);
|
|
|
|
return (error);
|
|
|
|
}
|
2007-04-05 23:19:13 +00:00
|
|
|
sx_sunlock(&allprison_lock);
|
2003-04-09 02:55:18 +00:00
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
|
|
|
* Reparent the newly attached process to this jail.
|
|
|
|
*/
|
2009-05-27 14:11:23 +00:00
|
|
|
ppr = td->td_ucred->cr_prison;
|
2009-04-29 21:14:15 +00:00
|
|
|
p = td->td_proc;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
error = cpuset_setproc_update_set(p, pr->pr_cpuset);
|
|
|
|
if (error)
|
2009-04-29 21:14:15 +00:00
|
|
|
goto e_revert_osd;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2005-09-28 00:30:56 +00:00
|
|
|
vfslocked = VFS_LOCK_GIANT(pr->pr_root->v_mount);
|
2008-01-10 01:10:58 +00:00
|
|
|
vn_lock(pr->pr_root, LK_EXCLUSIVE | LK_RETRY);
|
2003-04-09 02:55:18 +00:00
|
|
|
if ((error = change_dir(pr->pr_root, td)) != 0)
|
|
|
|
goto e_unlock;
|
|
|
|
#ifdef MAC
|
2007-10-24 19:04:04 +00:00
|
|
|
if ((error = mac_vnode_check_chroot(td->td_ucred, pr->pr_root)))
|
2003-04-09 02:55:18 +00:00
|
|
|
goto e_unlock;
|
|
|
|
#endif
|
2008-01-13 14:44:15 +00:00
|
|
|
VOP_UNLOCK(pr->pr_root, 0);
|
2009-04-29 21:14:15 +00:00
|
|
|
if ((error = change_root(pr->pr_root, td)))
|
|
|
|
goto e_unlock_giant;
|
2005-09-28 00:30:56 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2003-04-09 02:55:18 +00:00
|
|
|
|
2001-10-11 23:39:43 +00:00
|
|
|
newcred = crget();
|
|
|
|
PROC_LOCK(p);
|
|
|
|
oldcred = p->p_ucred;
|
2003-04-09 02:55:18 +00:00
|
|
|
setsugid(p);
|
2001-10-11 23:39:43 +00:00
|
|
|
crcopy(newcred, oldcred);
|
2003-04-17 22:26:53 +00:00
|
|
|
newcred->cr_prison = pr;
|
2001-10-11 23:39:43 +00:00
|
|
|
p->p_ucred = newcred;
|
|
|
|
PROC_UNLOCK(p);
|
|
|
|
crfree(oldcred);
|
2009-05-27 14:11:23 +00:00
|
|
|
prison_deref(ppr, PD_DEREF | PD_DEUREF);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
return (0);
|
2009-04-29 21:14:15 +00:00
|
|
|
e_unlock:
|
2008-01-13 14:44:15 +00:00
|
|
|
VOP_UNLOCK(pr->pr_root, 0);
|
2009-04-29 21:14:15 +00:00
|
|
|
e_unlock_giant:
|
2005-09-28 00:30:56 +00:00
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
2009-04-29 21:14:15 +00:00
|
|
|
e_revert_osd:
|
|
|
|
/* Tell modules this thread is still in its old jail after all. */
|
2009-05-27 14:11:23 +00:00
|
|
|
(void)osd_jail_call(ppr, PR_METHOD_ATTACH, td);
|
2009-04-29 21:14:15 +00:00
|
|
|
prison_deref(pr, PD_DEREF | PD_DEUREF);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
|
2003-04-09 02:55:18 +00:00
|
|
|
/*
|
|
|
|
* Returns a locked prison instance, or NULL on failure.
|
|
|
|
*/
|
2007-04-05 21:34:54 +00:00
|
|
|
struct prison *
|
2003-04-09 02:55:18 +00:00
|
|
|
prison_find(int prid)
|
|
|
|
{
|
|
|
|
struct prison *pr;
|
|
|
|
|
2007-04-05 23:19:13 +00:00
|
|
|
sx_assert(&allprison_lock, SX_LOCKED);
|
2009-04-29 21:14:15 +00:00
|
|
|
TAILQ_FOREACH(pr, &allprison, pr_list) {
|
2003-04-09 02:55:18 +00:00
|
|
|
if (pr->pr_id == prid) {
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ref > 0)
|
|
|
|
return (pr);
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2003-04-09 02:55:18 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
2009-05-27 14:11:23 +00:00
|
|
|
* Find a prison that is a descendant of mypr. Returns a locked prison or NULL.
|
|
|
|
*/
|
|
|
|
struct prison *
|
|
|
|
prison_find_child(struct prison *mypr, int prid)
|
|
|
|
{
|
|
|
|
struct prison *pr;
|
|
|
|
int descend;
|
|
|
|
|
|
|
|
sx_assert(&allprison_lock, SX_LOCKED);
|
|
|
|
FOREACH_PRISON_DESCENDANT(mypr, pr, descend) {
|
|
|
|
if (pr->pr_id == prid) {
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
if (pr->pr_ref > 0)
|
|
|
|
return (pr);
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return (NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Look for the name relative to mypr. Returns a locked prison or NULL.
|
2009-04-29 21:14:15 +00:00
|
|
|
*/
|
|
|
|
struct prison *
|
2009-05-27 14:11:23 +00:00
|
|
|
prison_find_name(struct prison *mypr, const char *name)
|
2009-04-29 21:14:15 +00:00
|
|
|
{
|
|
|
|
struct prison *pr, *deadpr;
|
2009-05-27 14:11:23 +00:00
|
|
|
size_t mylen;
|
|
|
|
int descend;
|
2009-04-29 21:14:15 +00:00
|
|
|
|
|
|
|
sx_assert(&allprison_lock, SX_LOCKED);
|
2009-05-27 14:11:23 +00:00
|
|
|
mylen = (mypr == &prison0) ? 0 : strlen(mypr->pr_name) + 1;
|
2009-04-29 21:14:15 +00:00
|
|
|
again:
|
|
|
|
deadpr = NULL;
|
2009-05-27 14:11:23 +00:00
|
|
|
FOREACH_PRISON_DESCENDANT(mypr, pr, descend) {
|
|
|
|
if (!strcmp(pr->pr_name + mylen, name)) {
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
if (pr->pr_ref > 0) {
|
|
|
|
if (pr->pr_uref > 0)
|
|
|
|
return (pr);
|
|
|
|
deadpr = pr;
|
|
|
|
}
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
}
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
/* There was no valid prison - perhaps there was a dying one. */
|
2009-04-29 21:14:15 +00:00
|
|
|
if (deadpr != NULL) {
|
|
|
|
mtx_lock(&deadpr->pr_mtx);
|
|
|
|
if (deadpr->pr_ref == 0) {
|
|
|
|
mtx_unlock(&deadpr->pr_mtx);
|
|
|
|
goto again;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return (deadpr);
|
|
|
|
}
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/*
|
|
|
|
* See if a prison has the specific flag set.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_flag(struct ucred *cred, unsigned flag)
|
|
|
|
{
|
|
|
|
|
|
|
|
/* This is an atomic read, so no locking is necessary. */
|
|
|
|
return (cred->cr_prison->pr_flags & flag);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
prison_allow(struct ucred *cred, unsigned flag)
|
|
|
|
{
|
|
|
|
|
|
|
|
/* This is an atomic read, so no locking is necessary. */
|
|
|
|
return (cred->cr_prison->pr_allow & flag);
|
|
|
|
}
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
|
|
|
* Remove a prison reference. If that was the last reference, remove the
|
|
|
|
* prison itself - but not in this context in case there are locks held.
|
|
|
|
*/
|
2001-02-21 06:39:57 +00:00
|
|
|
void
|
Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
2008-11-17 20:49:29 +00:00
|
|
|
prison_free_locked(struct prison *pr)
|
2001-02-21 06:39:57 +00:00
|
|
|
{
|
|
|
|
|
Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
2008-11-17 20:49:29 +00:00
|
|
|
mtx_assert(&pr->pr_mtx, MA_OWNED);
|
2001-02-21 06:39:57 +00:00
|
|
|
pr->pr_ref--;
|
|
|
|
if (pr->pr_ref == 0) {
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2004-01-23 20:44:26 +00:00
|
|
|
TASK_INIT(&pr->pr_task, 0, prison_complete, pr);
|
2005-04-05 08:51:45 +00:00
|
|
|
taskqueue_enqueue(taskqueue_thread, &pr->pr_task);
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
return;
|
2001-02-21 06:39:57 +00:00
|
|
|
}
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2001-02-21 06:39:57 +00:00
|
|
|
}
|
|
|
|
|
Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
2008-11-17 20:49:29 +00:00
|
|
|
void
|
|
|
|
prison_free(struct prison *pr)
|
|
|
|
{
|
|
|
|
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
prison_free_locked(pr);
|
|
|
|
}
|
|
|
|
|
2004-01-23 20:44:26 +00:00
|
|
|
static void
|
|
|
|
prison_complete(void *context, int pending)
|
|
|
|
{
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
prison_deref((struct prison *)context, 0);
|
|
|
|
}
|
2004-01-23 20:44:26 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
/*
|
|
|
|
* Remove a prison reference (usually). This internal version assumes no
|
|
|
|
* mutexes are held, except perhaps the prison itself. If there are no more
|
|
|
|
* references, release and delist the prison. On completion, the prison lock
|
|
|
|
* and the allprison lock are both unlocked.
|
|
|
|
*/
|
|
|
|
static void
|
|
|
|
prison_deref(struct prison *pr, int flags)
|
|
|
|
{
|
2009-05-27 14:11:23 +00:00
|
|
|
struct prison *ppr, *tpr;
|
2009-04-29 21:14:15 +00:00
|
|
|
int vfslocked;
|
Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
2008-11-17 20:49:29 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
if (!(flags & PD_LOCKED))
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-27 14:11:23 +00:00
|
|
|
/* Decrement the user references in a separate loop. */
|
2009-04-29 21:14:15 +00:00
|
|
|
if (flags & PD_DEUREF) {
|
2009-05-27 14:11:23 +00:00
|
|
|
for (tpr = pr;; tpr = tpr->pr_parent) {
|
|
|
|
if (tpr != pr)
|
|
|
|
mtx_lock(&tpr->pr_mtx);
|
|
|
|
if (--tpr->pr_uref > 0)
|
|
|
|
break;
|
|
|
|
KASSERT(tpr != &prison0, ("prison0 pr_uref=0"));
|
|
|
|
mtx_unlock(&tpr->pr_mtx);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
/* Done if there were only user references to remove. */
|
|
|
|
if (!(flags & PD_DEREF)) {
|
2009-05-27 14:11:23 +00:00
|
|
|
mtx_unlock(&tpr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
if (flags & PD_LIST_SLOCKED)
|
|
|
|
sx_sunlock(&allprison_lock);
|
|
|
|
else if (flags & PD_LIST_XLOCKED)
|
|
|
|
sx_xunlock(&allprison_lock);
|
|
|
|
return;
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
if (tpr != pr) {
|
|
|
|
mtx_unlock(&tpr->pr_mtx);
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
for (;;) {
|
|
|
|
if (flags & PD_DEREF)
|
|
|
|
pr->pr_ref--;
|
|
|
|
/* If the prison still has references, nothing else to do. */
|
|
|
|
if (pr->pr_ref > 0) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
if (flags & PD_LIST_SLOCKED)
|
|
|
|
sx_sunlock(&allprison_lock);
|
|
|
|
else if (flags & PD_LIST_XLOCKED)
|
|
|
|
sx_xunlock(&allprison_lock);
|
|
|
|
return;
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
2007-04-08 10:46:23 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
if (flags & PD_LIST_SLOCKED) {
|
|
|
|
if (!sx_try_upgrade(&allprison_lock)) {
|
|
|
|
sx_sunlock(&allprison_lock);
|
|
|
|
sx_xlock(&allprison_lock);
|
|
|
|
}
|
|
|
|
} else if (!(flags & PD_LIST_XLOCKED))
|
|
|
|
sx_xlock(&allprison_lock);
|
2004-01-23 20:44:26 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
TAILQ_REMOVE(&allprison, pr, pr_list);
|
|
|
|
LIST_REMOVE(pr, pr_sibling);
|
|
|
|
ppr = pr->pr_parent;
|
|
|
|
for (tpr = ppr; tpr != NULL; tpr = tpr->pr_parent)
|
|
|
|
tpr->pr_prisoncount--;
|
|
|
|
sx_downgrade(&allprison_lock);
|
|
|
|
|
|
|
|
if (pr->pr_root != NULL) {
|
|
|
|
vfslocked = VFS_LOCK_GIANT(pr->pr_root->v_mount);
|
|
|
|
vrele(pr->pr_root);
|
|
|
|
VFS_UNLOCK_GIANT(vfslocked);
|
|
|
|
}
|
|
|
|
mtx_destroy(&pr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
free(pr->pr_ip4, M_PRISON);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
2009-04-29 21:14:15 +00:00
|
|
|
#ifdef INET6
|
2009-05-27 14:11:23 +00:00
|
|
|
free(pr->pr_ip6, M_PRISON);
|
2009-04-29 21:14:15 +00:00
|
|
|
#endif
|
2009-05-27 14:11:23 +00:00
|
|
|
if (pr->pr_cpuset != NULL)
|
|
|
|
cpuset_rel(pr->pr_cpuset);
|
|
|
|
osd_jail_exit(pr);
|
|
|
|
free(pr, M_PRISON);
|
|
|
|
|
|
|
|
/* Removing a prison frees a reference on its parent. */
|
|
|
|
pr = ppr;
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
flags = PD_DEREF | PD_LIST_SLOCKED;
|
|
|
|
}
|
2004-01-23 20:44:26 +00:00
|
|
|
}
|
|
|
|
|
2001-02-21 06:39:57 +00:00
|
|
|
void
|
Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
2008-11-17 20:49:29 +00:00
|
|
|
prison_hold_locked(struct prison *pr)
|
2001-02-21 06:39:57 +00:00
|
|
|
{
|
|
|
|
|
Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
2008-11-17 20:49:29 +00:00
|
|
|
mtx_assert(&pr->pr_mtx, MA_OWNED);
|
2007-04-08 10:46:23 +00:00
|
|
|
KASSERT(pr->pr_ref > 0,
|
2009-04-29 18:41:08 +00:00
|
|
|
("Trying to hold dead prison (jid=%d).", pr->pr_id));
|
2001-02-21 06:39:57 +00:00
|
|
|
pr->pr_ref++;
|
Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
2008-11-17 20:49:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
prison_hold(struct prison *pr)
|
|
|
|
{
|
|
|
|
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
prison_hold_locked(pr);
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
}
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
void
|
|
|
|
prison_proc_hold(struct prison *pr)
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
{
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
KASSERT(pr->pr_uref > 0,
|
|
|
|
("Cannot add a process to a non-alive prison (jid=%d)", pr->pr_id));
|
|
|
|
pr->pr_uref++;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2001-02-21 06:39:57 +00:00
|
|
|
}
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
void
|
|
|
|
prison_proc_free(struct prison *pr)
|
|
|
|
{
|
|
|
|
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
KASSERT(pr->pr_uref > 0,
|
|
|
|
("Trying to kill a process in a dead prison (jid=%d)", pr->pr_id));
|
|
|
|
prison_deref(pr, PD_DEUREF | PD_LOCKED);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
/*
|
|
|
|
* Restrict a prison's IP address list with its parent's, possibly replacing
|
|
|
|
* it. Return true if the replacement buffer was used (or would have been).
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
prison_restrict_ip4(struct prison *pr, struct in_addr *newip4)
|
|
|
|
{
|
|
|
|
int ii, ij, used;
|
|
|
|
struct prison *ppr;
|
|
|
|
|
|
|
|
ppr = pr->pr_parent;
|
|
|
|
if (!(pr->pr_flags & PR_IP4_USER)) {
|
|
|
|
/* This has no user settings, so just copy the parent's list. */
|
|
|
|
if (pr->pr_ip4s < ppr->pr_ip4s) {
|
|
|
|
/*
|
|
|
|
* There's no room for the parent's list. Use the
|
|
|
|
* new list buffer, which is assumed to be big enough
|
|
|
|
* (if it was passed). If there's no buffer, try to
|
|
|
|
* allocate one.
|
|
|
|
*/
|
|
|
|
used = 1;
|
|
|
|
if (newip4 == NULL) {
|
|
|
|
newip4 = malloc(ppr->pr_ip4s * sizeof(*newip4),
|
|
|
|
M_PRISON, M_NOWAIT);
|
|
|
|
if (newip4 != NULL)
|
|
|
|
used = 0;
|
|
|
|
}
|
|
|
|
if (newip4 != NULL) {
|
|
|
|
bcopy(ppr->pr_ip4, newip4,
|
|
|
|
ppr->pr_ip4s * sizeof(*newip4));
|
|
|
|
free(pr->pr_ip4, M_PRISON);
|
|
|
|
pr->pr_ip4 = newip4;
|
|
|
|
pr->pr_ip4s = ppr->pr_ip4s;
|
|
|
|
pr->pr_flags |= PR_IP4;
|
|
|
|
}
|
|
|
|
return (used);
|
|
|
|
}
|
|
|
|
pr->pr_ip4s = ppr->pr_ip4s;
|
|
|
|
if (pr->pr_ip4s > 0)
|
|
|
|
bcopy(ppr->pr_ip4, pr->pr_ip4,
|
|
|
|
pr->pr_ip4s * sizeof(*newip4));
|
|
|
|
else if (pr->pr_ip4 != NULL) {
|
|
|
|
free(pr->pr_ip4, M_PRISON);
|
|
|
|
pr->pr_ip4 = NULL;
|
|
|
|
}
|
|
|
|
pr->pr_flags =
|
|
|
|
(pr->pr_flags & ~PR_IP4) | (ppr->pr_flags & PR_IP4);
|
|
|
|
} else if (pr->pr_ip4s > 0 && (ppr->pr_flags & PR_IP4)) {
|
|
|
|
/* Remove addresses that aren't in the parent. */
|
|
|
|
for (ij = 0; ij < ppr->pr_ip4s; ij++)
|
|
|
|
if (pr->pr_ip4[0].s_addr == ppr->pr_ip4[ij].s_addr)
|
|
|
|
break;
|
|
|
|
if (ij < ppr->pr_ip4s)
|
|
|
|
ii = 1;
|
|
|
|
else {
|
|
|
|
bcopy(pr->pr_ip4 + 1, pr->pr_ip4,
|
|
|
|
--pr->pr_ip4s * sizeof(*pr->pr_ip4));
|
|
|
|
ii = 0;
|
|
|
|
}
|
|
|
|
for (ij = 1; ii < pr->pr_ip4s; ) {
|
|
|
|
if (pr->pr_ip4[ii].s_addr == ppr->pr_ip4[0].s_addr) {
|
|
|
|
ii++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
switch (ij >= ppr->pr_ip4s ? -1 :
|
|
|
|
qcmp_v4(&pr->pr_ip4[ii], &ppr->pr_ip4[ij])) {
|
|
|
|
case -1:
|
|
|
|
bcopy(pr->pr_ip4 + ii + 1, pr->pr_ip4 + ii,
|
|
|
|
(--pr->pr_ip4s - ii) * sizeof(*pr->pr_ip4));
|
|
|
|
break;
|
|
|
|
case 0:
|
|
|
|
ii++;
|
|
|
|
ij++;
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
ij++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (pr->pr_ip4s == 0) {
|
|
|
|
free(pr->pr_ip4, M_PRISON);
|
|
|
|
pr->pr_ip4 = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
|
|
|
* Pass back primary IPv4 address of this jail.
|
|
|
|
*
|
2009-05-27 14:11:23 +00:00
|
|
|
* If not restricted return success but do not alter the address. Caller has
|
|
|
|
* to make sure to initialize it correctly (e.g. INADDR_ANY).
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*
|
2009-02-05 14:06:09 +00:00
|
|
|
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
|
|
|
|
* Address returned in NBO.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
int
|
2009-01-25 10:11:58 +00:00
|
|
|
prison_get_ip4(struct ucred *cred, struct in_addr *ia)
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct prison *pr;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP4))
|
|
|
|
return (0);
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP4)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ip4 == NULL) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-02-05 14:06:09 +00:00
|
|
|
return (EAFNOSUPPORT);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
ia->s_addr = pr->pr_ip4[0].s_addr;
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return true if pr1 and pr2 have the same IPv4 address restrictions.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_equal_ip4(struct prison *pr1, struct prison *pr2)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (pr1 == pr2)
|
|
|
|
return (1);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* jail_set maintains an exclusive hold on allprison_lock while it
|
|
|
|
* changes the IP addresses, so only a shared hold is needed. This is
|
|
|
|
* easier than locking the two prisons which would require finding the
|
|
|
|
* proper locking order and end up needing allprison_lock anyway.
|
|
|
|
*/
|
|
|
|
sx_slock(&allprison_lock);
|
|
|
|
while (pr1 != &prison0 && !(pr1->pr_flags & PR_IP4_USER))
|
|
|
|
pr1 = pr1->pr_parent;
|
|
|
|
while (pr2 != &prison0 && !(pr2->pr_flags & PR_IP4_USER))
|
|
|
|
pr2 = pr2->pr_parent;
|
|
|
|
sx_sunlock(&allprison_lock);
|
|
|
|
return (pr1 == pr2);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Make sure our (source) address is set to something meaningful to this
|
|
|
|
* jail.
|
|
|
|
*
|
2009-05-27 14:11:23 +00:00
|
|
|
* Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
|
|
|
|
* EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
|
|
|
|
* doesn't allow IPv4. Address passed in in NBO and returned in NBO.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_local_ip4(struct ucred *cred, struct in_addr *ia)
|
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct prison *pr;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
struct in_addr ia0;
|
2009-04-29 21:14:15 +00:00
|
|
|
int error;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP4))
|
|
|
|
return (0);
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP4)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ip4 == NULL) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-02-05 14:06:09 +00:00
|
|
|
return (EAFNOSUPPORT);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
ia0.s_addr = ntohl(ia->s_addr);
|
|
|
|
if (ia0.s_addr == INADDR_LOOPBACK) {
|
2009-04-29 21:14:15 +00:00
|
|
|
ia->s_addr = pr->pr_ip4[0].s_addr;
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
return (0);
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-02-05 14:06:09 +00:00
|
|
|
if (ia0.s_addr == INADDR_ANY) {
|
|
|
|
/*
|
|
|
|
* In case there is only 1 IPv4 address, bind directly.
|
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ip4s == 1)
|
|
|
|
ia->s_addr = pr->pr_ip4[0].s_addr;
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2001-08-03 18:21:06 +00:00
|
|
|
return (0);
|
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
error = _prison_check_ip4(pr, ia);
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Rewrite destination address in case we will connect to loopback address.
|
|
|
|
*
|
2009-02-05 14:06:09 +00:00
|
|
|
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
|
|
|
|
* Address passed in in NBO and returned in NBO.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_remote_ip4(struct ucred *cred, struct in_addr *ia)
|
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct prison *pr;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP4))
|
|
|
|
return (0);
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP4)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ip4 == NULL) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-02-05 14:06:09 +00:00
|
|
|
return (EAFNOSUPPORT);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
2009-02-05 14:06:09 +00:00
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
if (ntohl(ia->s_addr) == INADDR_LOOPBACK) {
|
2009-04-29 21:14:15 +00:00
|
|
|
ia->s_addr = pr->pr_ip4[0].s_addr;
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return success because nothing had to be changed.
|
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
2009-02-05 14:06:09 +00:00
|
|
|
* Check if given address belongs to the jail referenced by cred/prison.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*
|
2009-05-27 14:11:23 +00:00
|
|
|
* Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
|
|
|
|
* EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
|
|
|
|
* doesn't allow IPv4. Address passed in in NBO.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
_prison_check_ip4(struct prison *pr, struct in_addr *ia)
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
{
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
int i, a, z, d;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check the primary IP.
|
|
|
|
*/
|
|
|
|
if (pr->pr_ip4[0].s_addr == ia->s_addr)
|
2009-02-05 14:06:09 +00:00
|
|
|
return (0);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* All the other IPs are sorted so we can do a binary search.
|
|
|
|
*/
|
|
|
|
a = 0;
|
|
|
|
z = pr->pr_ip4s - 2;
|
|
|
|
while (a <= z) {
|
|
|
|
i = (a + z) / 2;
|
|
|
|
d = qcmp_v4(&pr->pr_ip4[i+1], ia);
|
|
|
|
if (d > 0)
|
|
|
|
z = i - 1;
|
|
|
|
else if (d < 0)
|
|
|
|
a = i + 1;
|
|
|
|
else
|
2009-02-05 14:06:09 +00:00
|
|
|
return (0);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-02-05 14:06:09 +00:00
|
|
|
|
|
|
|
return (EADDRNOTAVAIL);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
prison_check_ip4(struct ucred *cred, struct in_addr *ia)
|
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct prison *pr;
|
|
|
|
int error;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
KASSERT(ia != NULL, ("%s: ia is NULL", __func__));
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP4))
|
|
|
|
return (0);
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP4)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ip4 == NULL) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-02-05 14:06:09 +00:00
|
|
|
return (EAFNOSUPPORT);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
error = _prison_check_ip4(pr, ia);
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef INET6
|
2009-05-27 14:11:23 +00:00
|
|
|
static int
|
|
|
|
prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6)
|
|
|
|
{
|
|
|
|
int ii, ij, used;
|
|
|
|
struct prison *ppr;
|
|
|
|
|
|
|
|
ppr = pr->pr_parent;
|
|
|
|
if (!(pr->pr_flags & PR_IP6_USER)) {
|
|
|
|
/* This has no user settings, so just copy the parent's list. */
|
|
|
|
if (pr->pr_ip6s < ppr->pr_ip6s) {
|
|
|
|
/*
|
|
|
|
* There's no room for the parent's list. Use the
|
|
|
|
* new list buffer, which is assumed to be big enough
|
|
|
|
* (if it was passed). If there's no buffer, try to
|
|
|
|
* allocate one.
|
|
|
|
*/
|
|
|
|
used = 1;
|
|
|
|
if (newip6 == NULL) {
|
|
|
|
newip6 = malloc(ppr->pr_ip6s * sizeof(*newip6),
|
|
|
|
M_PRISON, M_NOWAIT);
|
|
|
|
if (newip6 != NULL)
|
|
|
|
used = 0;
|
|
|
|
}
|
|
|
|
if (newip6 != NULL) {
|
|
|
|
bcopy(ppr->pr_ip6, newip6,
|
|
|
|
ppr->pr_ip6s * sizeof(*newip6));
|
|
|
|
free(pr->pr_ip6, M_PRISON);
|
|
|
|
pr->pr_ip6 = newip6;
|
|
|
|
pr->pr_ip6s = ppr->pr_ip6s;
|
|
|
|
pr->pr_flags |= PR_IP6;
|
|
|
|
}
|
|
|
|
return (used);
|
|
|
|
}
|
|
|
|
pr->pr_ip6s = ppr->pr_ip6s;
|
|
|
|
if (pr->pr_ip6s > 0)
|
|
|
|
bcopy(ppr->pr_ip6, pr->pr_ip6,
|
|
|
|
pr->pr_ip6s * sizeof(*newip6));
|
|
|
|
else if (pr->pr_ip6 != NULL) {
|
|
|
|
free(pr->pr_ip6, M_PRISON);
|
|
|
|
pr->pr_ip6 = NULL;
|
|
|
|
}
|
|
|
|
pr->pr_flags =
|
|
|
|
(pr->pr_flags & ~PR_IP6) | (ppr->pr_flags & PR_IP6);
|
|
|
|
} else if (pr->pr_ip6s > 0 && (ppr->pr_flags & PR_IP6)) {
|
|
|
|
/* Remove addresses that aren't in the parent. */
|
|
|
|
for (ij = 0; ij < ppr->pr_ip6s; ij++)
|
|
|
|
if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0],
|
|
|
|
&ppr->pr_ip6[ij]))
|
|
|
|
break;
|
|
|
|
if (ij < ppr->pr_ip6s)
|
|
|
|
ii = 1;
|
|
|
|
else {
|
|
|
|
bcopy(pr->pr_ip6 + 1, pr->pr_ip6,
|
|
|
|
--pr->pr_ip6s * sizeof(*pr->pr_ip6));
|
|
|
|
ii = 0;
|
|
|
|
}
|
|
|
|
for (ij = 1; ii < pr->pr_ip6s; ) {
|
|
|
|
if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[ii],
|
|
|
|
&ppr->pr_ip6[0])) {
|
|
|
|
ii++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
switch (ij >= ppr->pr_ip4s ? -1 :
|
|
|
|
qcmp_v6(&pr->pr_ip6[ii], &ppr->pr_ip6[ij])) {
|
|
|
|
case -1:
|
|
|
|
bcopy(pr->pr_ip6 + ii + 1, pr->pr_ip6 + ii,
|
|
|
|
(--pr->pr_ip6s - ii) * sizeof(*pr->pr_ip6));
|
|
|
|
break;
|
|
|
|
case 0:
|
|
|
|
ii++;
|
|
|
|
ij++;
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
ij++;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (pr->pr_ip6s == 0) {
|
|
|
|
free(pr->pr_ip6, M_PRISON);
|
|
|
|
pr->pr_ip6 = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
|
|
|
* Pass back primary IPv6 address for this jail.
|
|
|
|
*
|
2009-05-27 14:11:23 +00:00
|
|
|
* If not restricted return success but do not alter the address. Caller has
|
|
|
|
* to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT).
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*
|
2009-02-05 14:06:09 +00:00
|
|
|
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
|
|
|
int
|
2009-01-25 10:11:58 +00:00
|
|
|
prison_get_ip6(struct ucred *cred, struct in6_addr *ia6)
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct prison *pr;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP6))
|
|
|
|
return (0);
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP6)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ip6 == NULL) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-02-05 14:06:09 +00:00
|
|
|
return (EAFNOSUPPORT);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
2009-02-05 14:06:09 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/*
|
|
|
|
* Return true if pr1 and pr2 have the same IPv6 address restrictions.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_equal_ip6(struct prison *pr1, struct prison *pr2)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (pr1 == pr2)
|
|
|
|
return (1);
|
|
|
|
|
|
|
|
sx_slock(&allprison_lock);
|
|
|
|
while (pr1 != &prison0 && !(pr1->pr_flags & PR_IP6_USER))
|
|
|
|
pr1 = pr1->pr_parent;
|
|
|
|
while (pr2 != &prison0 && !(pr2->pr_flags & PR_IP6_USER))
|
|
|
|
pr2 = pr2->pr_parent;
|
|
|
|
sx_sunlock(&allprison_lock);
|
|
|
|
return (pr1 == pr2);
|
|
|
|
}
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
|
|
|
* Make sure our (source) address is set to something meaningful to this jail.
|
|
|
|
*
|
|
|
|
* v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0)
|
|
|
|
* when needed while binding.
|
|
|
|
*
|
2009-05-27 14:11:23 +00:00
|
|
|
* Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
|
|
|
|
* EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
|
|
|
|
* doesn't allow IPv6.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
|
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct prison *pr;
|
|
|
|
int error;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP6))
|
|
|
|
return (0);
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP6)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ip6 == NULL) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-02-05 14:06:09 +00:00
|
|
|
return (EAFNOSUPPORT);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
2009-02-05 14:06:09 +00:00
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
if (IN6_IS_ADDR_LOOPBACK(ia6)) {
|
2009-04-29 21:14:15 +00:00
|
|
|
bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
2009-02-05 14:06:09 +00:00
|
|
|
if (IN6_IS_ADDR_UNSPECIFIED(ia6)) {
|
|
|
|
/*
|
|
|
|
* In case there is only 1 IPv6 address, and v6only is true,
|
|
|
|
* then bind directly.
|
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
if (v6only != 0 && pr->pr_ip6s == 1)
|
|
|
|
bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
return (0);
|
|
|
|
}
|
2009-02-05 14:06:09 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
error = _prison_check_ip6(pr, ia6);
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Rewrite destination address in case we will connect to loopback address.
|
|
|
|
*
|
2009-02-05 14:06:09 +00:00
|
|
|
* Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6)
|
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct prison *pr;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP6))
|
|
|
|
return (0);
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP6)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ip6 == NULL) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-02-05 14:06:09 +00:00
|
|
|
return (EAFNOSUPPORT);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
2009-02-05 14:06:09 +00:00
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
if (IN6_IS_ADDR_LOOPBACK(ia6)) {
|
2009-04-29 21:14:15 +00:00
|
|
|
bcopy(&pr->pr_ip6[0], ia6, sizeof(struct in6_addr));
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return success because nothing had to be changed.
|
|
|
|
*/
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2009-02-05 14:06:09 +00:00
|
|
|
* Check if given address belongs to the jail referenced by cred/prison.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*
|
2009-05-27 14:11:23 +00:00
|
|
|
* Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
|
|
|
|
* EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
|
|
|
|
* doesn't allow IPv6.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
_prison_check_ip6(struct prison *pr, struct in6_addr *ia6)
|
|
|
|
{
|
|
|
|
int i, a, z, d;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check the primary IP.
|
|
|
|
*/
|
|
|
|
if (IN6_ARE_ADDR_EQUAL(&pr->pr_ip6[0], ia6))
|
2009-02-05 14:06:09 +00:00
|
|
|
return (0);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* All the other IPs are sorted so we can do a binary search.
|
|
|
|
*/
|
|
|
|
a = 0;
|
|
|
|
z = pr->pr_ip6s - 2;
|
|
|
|
while (a <= z) {
|
|
|
|
i = (a + z) / 2;
|
|
|
|
d = qcmp_v6(&pr->pr_ip6[i+1], ia6);
|
|
|
|
if (d > 0)
|
|
|
|
z = i - 1;
|
|
|
|
else if (d < 0)
|
|
|
|
a = i + 1;
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
else
|
2009-02-05 14:06:09 +00:00
|
|
|
return (0);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
}
|
2009-02-05 14:06:09 +00:00
|
|
|
|
|
|
|
return (EADDRNOTAVAIL);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
}
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
int
|
|
|
|
prison_check_ip6(struct ucred *cred, struct in6_addr *ia6)
|
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct prison *pr;
|
|
|
|
int error;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
KASSERT(ia6 != NULL, ("%s: ia6 is NULL", __func__));
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP6))
|
|
|
|
return (0);
|
2009-04-29 21:14:15 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_flags & PR_IP6)) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
if (pr->pr_ip6 == NULL) {
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-02-05 14:06:09 +00:00
|
|
|
return (EAFNOSUPPORT);
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
error = _prison_check_ip6(pr, ia6);
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
return (error);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2009-02-05 14:15:18 +00:00
|
|
|
/*
|
|
|
|
* Check if a jail supports the given address family.
|
|
|
|
*
|
|
|
|
* Returns 0 if not jailed or the address family is supported, EAFNOSUPPORT
|
|
|
|
* if not.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_check_af(struct ucred *cred, int af)
|
|
|
|
{
|
2009-05-27 14:11:23 +00:00
|
|
|
struct prison *pr;
|
2009-02-05 14:15:18 +00:00
|
|
|
int error;
|
|
|
|
|
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-02-05 14:15:18 +00:00
|
|
|
error = 0;
|
|
|
|
switch (af)
|
|
|
|
{
|
|
|
|
#ifdef INET
|
|
|
|
case AF_INET:
|
2009-05-27 14:11:23 +00:00
|
|
|
if (pr->pr_flags & PR_IP4)
|
|
|
|
{
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
if ((pr->pr_flags & PR_IP4) && pr->pr_ip4 == NULL)
|
|
|
|
error = EAFNOSUPPORT;
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
}
|
2009-02-05 14:15:18 +00:00
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
case AF_INET6:
|
2009-05-27 14:11:23 +00:00
|
|
|
if (pr->pr_flags & PR_IP6)
|
|
|
|
{
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
if ((pr->pr_flags & PR_IP6) && pr->pr_ip6 == NULL)
|
|
|
|
error = EAFNOSUPPORT;
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
}
|
2009-02-05 14:15:18 +00:00
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
case AF_LOCAL:
|
|
|
|
case AF_ROUTE:
|
|
|
|
break;
|
|
|
|
default:
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(pr->pr_allow & PR_ALLOW_SOCKET_AF))
|
2009-02-05 14:15:18 +00:00
|
|
|
error = EAFNOSUPPORT;
|
|
|
|
}
|
|
|
|
return (error);
|
|
|
|
}
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
/*
|
|
|
|
* Check if given address belongs to the jail referenced by cred (wrapper to
|
|
|
|
* prison_check_ip[46]).
|
|
|
|
*
|
2009-05-27 14:11:23 +00:00
|
|
|
* Returns 0 if jail doesn't restrict the address family or if address belongs
|
|
|
|
* to jail, EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if
|
|
|
|
* the jail doesn't allow the address family. IPv4 Address passed in in NBO.
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
*/
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
int
|
2001-02-21 06:39:57 +00:00
|
|
|
prison_if(struct ucred *cred, struct sockaddr *sa)
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
{
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2003-04-28 18:32:19 +00:00
|
|
|
struct sockaddr_in *sai;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
struct sockaddr_in6 *sai6;
|
|
|
|
#endif
|
2009-02-05 14:06:09 +00:00
|
|
|
int error;
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
KASSERT(cred != NULL, ("%s: cred is NULL", __func__));
|
|
|
|
KASSERT(sa != NULL, ("%s: sa is NULL", __func__));
|
|
|
|
|
2009-02-05 14:06:09 +00:00
|
|
|
error = 0;
|
|
|
|
switch (sa->sa_family)
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
{
|
|
|
|
#ifdef INET
|
|
|
|
case AF_INET:
|
|
|
|
sai = (struct sockaddr_in *)sa;
|
2009-02-05 14:06:09 +00:00
|
|
|
error = prison_check_ip4(cred, &sai->sin_addr);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
case AF_INET6:
|
|
|
|
sai6 = (struct sockaddr_in6 *)sa;
|
2009-02-05 14:06:09 +00:00
|
|
|
error = prison_check_ip6(cred, &sai6->sin6_addr);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
default:
|
2009-05-27 14:11:23 +00:00
|
|
|
if (!(cred->cr_prison->pr_allow & PR_ALLOW_SOCKET_AF))
|
2009-02-05 14:06:09 +00:00
|
|
|
error = EAFNOSUPPORT;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-02-05 14:06:09 +00:00
|
|
|
return (error);
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
}
|
2001-02-21 06:39:57 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Return 0 if jails permit p1 to frob p2, otherwise ESRCH.
|
|
|
|
*/
|
|
|
|
int
|
2003-04-28 18:32:19 +00:00
|
|
|
prison_check(struct ucred *cred1, struct ucred *cred2)
|
2001-02-21 06:39:57 +00:00
|
|
|
{
|
|
|
|
|
2009-05-08 14:11:06 +00:00
|
|
|
#ifdef VIMAGE
|
|
|
|
if (cred2->cr_vimage->v_procg != cred1->cr_vimage->v_procg)
|
|
|
|
return (ESRCH);
|
|
|
|
#endif
|
2009-05-27 14:11:23 +00:00
|
|
|
return ((cred1->cr_prison == cred2->cr_prison ||
|
|
|
|
prison_ischild(cred1->cr_prison, cred2->cr_prison)) ? 0 : ESRCH);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return 1 if p2 is a child of p1, otherwise 0.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_ischild(struct prison *pr1, struct prison *pr2)
|
|
|
|
{
|
2001-02-21 06:39:57 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
for (pr2 = pr2->pr_parent; pr2 != NULL; pr2 = pr2->pr_parent)
|
|
|
|
if (pr1 == pr2)
|
|
|
|
return (1);
|
2001-02-21 06:39:57 +00:00
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return 1 if the passed credential is in a jail, otherwise 0.
|
|
|
|
*/
|
|
|
|
int
|
2003-04-28 18:32:19 +00:00
|
|
|
jailed(struct ucred *cred)
|
2001-02-21 06:39:57 +00:00
|
|
|
{
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
return (cred->cr_prison != &prison0);
|
2001-02-21 06:39:57 +00:00
|
|
|
}
|
2002-02-27 14:58:32 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Return the correct hostname for the passed credential.
|
|
|
|
*/
|
2002-02-27 16:43:20 +00:00
|
|
|
void
|
2003-04-28 18:32:19 +00:00
|
|
|
getcredhostname(struct ucred *cred, char *buf, size_t size)
|
2002-02-27 14:58:32 +00:00
|
|
|
{
|
2009-05-29 21:27:12 +00:00
|
|
|
struct prison *pr;
|
2002-02-27 14:58:32 +00:00
|
|
|
|
2009-05-29 21:27:12 +00:00
|
|
|
pr = (cred != NULL) ? cred->cr_prison : &prison0;
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
strlcpy(buf, pr->pr_host, size);
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2002-02-27 14:58:32 +00:00
|
|
|
}
|
2003-04-09 02:55:18 +00:00
|
|
|
|
2004-02-14 18:31:11 +00:00
|
|
|
/*
|
2005-06-09 18:49:19 +00:00
|
|
|
* Determine whether the subject represented by cred can "see"
|
|
|
|
* status of a mount point.
|
|
|
|
* Returns: 0 for permitted, ENOENT otherwise.
|
|
|
|
* XXX: This function should be called cr_canseemount() and should be
|
|
|
|
* placed in kern_prot.c.
|
2004-02-14 18:31:11 +00:00
|
|
|
*/
|
|
|
|
int
|
2005-06-09 18:49:19 +00:00
|
|
|
prison_canseemount(struct ucred *cred, struct mount *mp)
|
2004-02-14 18:31:11 +00:00
|
|
|
{
|
2005-06-09 18:49:19 +00:00
|
|
|
struct prison *pr;
|
|
|
|
struct statfs *sp;
|
|
|
|
size_t len;
|
2004-02-14 18:31:11 +00:00
|
|
|
|
2005-06-09 18:49:19 +00:00
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (pr->pr_enforce_statfs == 0)
|
|
|
|
return (0);
|
2005-06-09 18:49:19 +00:00
|
|
|
if (pr->pr_root->v_mount == mp)
|
|
|
|
return (0);
|
2009-05-27 14:11:23 +00:00
|
|
|
if (pr->pr_enforce_statfs == 2)
|
2005-06-09 18:49:19 +00:00
|
|
|
return (ENOENT);
|
|
|
|
/*
|
|
|
|
* If jail's chroot directory is set to "/" we should be able to see
|
|
|
|
* all mount-points from inside a jail.
|
|
|
|
* This is ugly check, but this is the only situation when jail's
|
|
|
|
* directory ends with '/'.
|
|
|
|
*/
|
|
|
|
if (strcmp(pr->pr_path, "/") == 0)
|
|
|
|
return (0);
|
|
|
|
len = strlen(pr->pr_path);
|
|
|
|
sp = &mp->mnt_stat;
|
|
|
|
if (strncmp(pr->pr_path, sp->f_mntonname, len) != 0)
|
|
|
|
return (ENOENT);
|
|
|
|
/*
|
|
|
|
* Be sure that we don't have situation where jail's root directory
|
|
|
|
* is "/some/path" and mount point is "/some/pathpath".
|
|
|
|
*/
|
|
|
|
if (sp->f_mntonname[len] != '\0' && sp->f_mntonname[len] != '/')
|
|
|
|
return (ENOENT);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp)
|
|
|
|
{
|
|
|
|
char jpath[MAXPATHLEN];
|
|
|
|
struct prison *pr;
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
pr = cred->cr_prison;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (pr->pr_enforce_statfs == 0)
|
|
|
|
return;
|
2005-06-09 18:49:19 +00:00
|
|
|
if (prison_canseemount(cred, mp) != 0) {
|
|
|
|
bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
|
|
|
|
strlcpy(sp->f_mntonname, "[restricted]",
|
|
|
|
sizeof(sp->f_mntonname));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (pr->pr_root->v_mount == mp) {
|
|
|
|
/*
|
|
|
|
* Clear current buffer data, so we are sure nothing from
|
|
|
|
* the valid path left there.
|
|
|
|
*/
|
|
|
|
bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
|
|
|
|
*sp->f_mntonname = '/';
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* If jail's chroot directory is set to "/" we should be able to see
|
|
|
|
* all mount-points from inside a jail.
|
|
|
|
*/
|
|
|
|
if (strcmp(pr->pr_path, "/") == 0)
|
|
|
|
return;
|
|
|
|
len = strlen(pr->pr_path);
|
|
|
|
strlcpy(jpath, sp->f_mntonname + len, sizeof(jpath));
|
|
|
|
/*
|
|
|
|
* Clear current buffer data, so we are sure nothing from
|
|
|
|
* the valid path left there.
|
|
|
|
*/
|
|
|
|
bzero(sp->f_mntonname, sizeof(sp->f_mntonname));
|
|
|
|
if (*jpath == '\0') {
|
|
|
|
/* Should never happen. */
|
|
|
|
*sp->f_mntonname = '/';
|
|
|
|
} else {
|
|
|
|
strlcpy(sp->f_mntonname, jpath, sizeof(sp->f_mntonname));
|
2004-02-14 18:31:11 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
/*
|
|
|
|
* Check with permission for a specific privilege is granted within jail. We
|
|
|
|
* have a specific list of accepted privileges; the rest are denied.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
prison_priv_check(struct ucred *cred, int priv)
|
|
|
|
{
|
|
|
|
|
|
|
|
if (!jailed(cred))
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
switch (priv) {
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allow ktrace privileges for root in jail.
|
|
|
|
*/
|
|
|
|
case PRIV_KTRACE:
|
|
|
|
|
2007-02-19 13:10:29 +00:00
|
|
|
#if 0
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
/*
|
|
|
|
* Allow jailed processes to configure audit identity and
|
|
|
|
* submit audit records (login, etc). In the future we may
|
|
|
|
* want to further refine the relationship between audit and
|
|
|
|
* jail.
|
|
|
|
*/
|
|
|
|
case PRIV_AUDIT_GETAUDIT:
|
|
|
|
case PRIV_AUDIT_SETAUDIT:
|
|
|
|
case PRIV_AUDIT_SUBMIT:
|
2007-02-19 13:10:29 +00:00
|
|
|
#endif
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Allow jailed processes to manipulate process UNIX
|
|
|
|
* credentials in any way they see fit.
|
|
|
|
*/
|
|
|
|
case PRIV_CRED_SETUID:
|
|
|
|
case PRIV_CRED_SETEUID:
|
|
|
|
case PRIV_CRED_SETGID:
|
|
|
|
case PRIV_CRED_SETEGID:
|
|
|
|
case PRIV_CRED_SETGROUPS:
|
|
|
|
case PRIV_CRED_SETREUID:
|
|
|
|
case PRIV_CRED_SETREGID:
|
|
|
|
case PRIV_CRED_SETRESUID:
|
|
|
|
case PRIV_CRED_SETRESGID:
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Jail implements visibility constraints already, so allow
|
|
|
|
* jailed root to override uid/gid-based constraints.
|
|
|
|
*/
|
|
|
|
case PRIV_SEEOTHERGIDS:
|
|
|
|
case PRIV_SEEOTHERUIDS:
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Jail implements inter-process debugging limits already, so
|
|
|
|
* allow jailed root various debugging privileges.
|
|
|
|
*/
|
|
|
|
case PRIV_DEBUG_DIFFCRED:
|
|
|
|
case PRIV_DEBUG_SUGID:
|
|
|
|
case PRIV_DEBUG_UNPRIV:
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allow jail to set various resource limits and login
|
|
|
|
* properties, and for now, exceed process resource limits.
|
|
|
|
*/
|
|
|
|
case PRIV_PROC_LIMIT:
|
|
|
|
case PRIV_PROC_SETLOGIN:
|
|
|
|
case PRIV_PROC_SETRLIMIT:
|
|
|
|
|
|
|
|
/*
|
|
|
|
* System V and POSIX IPC privileges are granted in jail.
|
|
|
|
*/
|
|
|
|
case PRIV_IPC_READ:
|
|
|
|
case PRIV_IPC_WRITE:
|
|
|
|
case PRIV_IPC_ADMIN:
|
|
|
|
case PRIV_IPC_MSGSIZE:
|
|
|
|
case PRIV_MQ_ADMIN:
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/*
|
|
|
|
* Jail operations within a jail work on child jails.
|
|
|
|
*/
|
|
|
|
case PRIV_JAIL_ATTACH:
|
|
|
|
case PRIV_JAIL_SET:
|
|
|
|
case PRIV_JAIL_REMOVE:
|
|
|
|
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
/*
|
|
|
|
* Jail implements its own inter-process limits, so allow
|
|
|
|
* root processes in jail to change scheduling on other
|
|
|
|
* processes in the same jail. Likewise for signalling.
|
|
|
|
*/
|
|
|
|
case PRIV_SCHED_DIFFCRED:
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
case PRIV_SCHED_CPUSET:
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
case PRIV_SIGNAL_DIFFCRED:
|
|
|
|
case PRIV_SIGNAL_SUGID:
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allow jailed processes to write to sysctls marked as jail
|
|
|
|
* writable.
|
|
|
|
*/
|
|
|
|
case PRIV_SYSCTL_WRITEJAIL:
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Allow root in jail to manage a variety of quota
|
2007-02-19 13:26:39 +00:00
|
|
|
* properties. These should likely be conditional on a
|
|
|
|
* configuration option.
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
*/
|
2007-02-19 13:33:10 +00:00
|
|
|
case PRIV_VFS_GETQUOTA:
|
|
|
|
case PRIV_VFS_SETQUOTA:
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Since Jail relies on chroot() to implement file system
|
|
|
|
* protections, grant many VFS privileges to root in jail.
|
|
|
|
* Be careful to exclude mount-related and NFS-related
|
|
|
|
* privileges.
|
|
|
|
*/
|
|
|
|
case PRIV_VFS_READ:
|
|
|
|
case PRIV_VFS_WRITE:
|
|
|
|
case PRIV_VFS_ADMIN:
|
|
|
|
case PRIV_VFS_EXEC:
|
|
|
|
case PRIV_VFS_LOOKUP:
|
|
|
|
case PRIV_VFS_BLOCKRESERVE: /* XXXRW: Slightly surprising. */
|
|
|
|
case PRIV_VFS_CHFLAGS_DEV:
|
|
|
|
case PRIV_VFS_CHOWN:
|
|
|
|
case PRIV_VFS_CHROOT:
|
2007-03-01 20:47:42 +00:00
|
|
|
case PRIV_VFS_RETAINSUGID:
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
case PRIV_VFS_FCHROOT:
|
|
|
|
case PRIV_VFS_LINK:
|
|
|
|
case PRIV_VFS_SETGID:
|
2007-10-21 22:50:11 +00:00
|
|
|
case PRIV_VFS_STAT:
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
case PRIV_VFS_STICKYFILE:
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Depending on the global setting, allow privilege of
|
|
|
|
* setting system flags.
|
|
|
|
*/
|
|
|
|
case PRIV_VFS_SYSFLAGS:
|
2009-05-27 14:11:23 +00:00
|
|
|
if (cred->cr_prison->pr_allow & PR_ALLOW_CHFLAGS)
|
2007-04-05 21:03:05 +00:00
|
|
|
return (0);
|
|
|
|
else
|
|
|
|
return (EPERM);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Depending on the global setting, allow privilege of
|
|
|
|
* mounting/unmounting file systems.
|
|
|
|
*/
|
|
|
|
case PRIV_VFS_MOUNT:
|
|
|
|
case PRIV_VFS_UNMOUNT:
|
|
|
|
case PRIV_VFS_MOUNT_NONUSER:
|
2007-04-13 23:54:22 +00:00
|
|
|
case PRIV_VFS_MOUNT_OWNER:
|
2009-05-27 14:11:23 +00:00
|
|
|
if (cred->cr_prison->pr_allow & PR_ALLOW_MOUNT)
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
return (0);
|
|
|
|
else
|
|
|
|
return (EPERM);
|
|
|
|
|
|
|
|
/*
|
2007-04-10 15:59:49 +00:00
|
|
|
* Allow jailed root to bind reserved ports and reuse in-use
|
|
|
|
* ports.
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
*/
|
|
|
|
case PRIV_NETINET_RESERVEDPORT:
|
2007-04-10 15:59:49 +00:00
|
|
|
case PRIV_NETINET_REUSEPORT:
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
return (0);
|
|
|
|
|
2008-01-24 08:25:59 +00:00
|
|
|
/*
|
|
|
|
* Allow jailed root to set certian IPv4/6 (option) headers.
|
|
|
|
*/
|
|
|
|
case PRIV_NETINET_SETHDROPTS:
|
|
|
|
return (0);
|
|
|
|
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
/*
|
|
|
|
* Conditionally allow creating raw sockets in jail.
|
|
|
|
*/
|
|
|
|
case PRIV_NETINET_RAW:
|
2009-05-27 14:11:23 +00:00
|
|
|
if (cred->cr_prison->pr_allow & PR_ALLOW_RAW_SOCKETS)
|
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
|
|
|
return (0);
|
|
|
|
else
|
|
|
|
return (EPERM);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Since jail implements its own visibility limits on netstat
|
|
|
|
* sysctls, allow getcred. This allows identd to work in
|
|
|
|
* jail.
|
|
|
|
*/
|
|
|
|
case PRIV_NETINET_GETCRED:
|
|
|
|
return (0);
|
|
|
|
|
|
|
|
default:
|
|
|
|
/*
|
|
|
|
* In all remaining cases, deny the privilege request. This
|
|
|
|
* includes almost all network privileges, many system
|
|
|
|
* configuration privileges.
|
|
|
|
*/
|
|
|
|
return (EPERM);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
/*
|
|
|
|
* Return the part of pr2's name that is relative to pr1, or the whole name
|
|
|
|
* if it does not directly follow.
|
|
|
|
*/
|
|
|
|
|
|
|
|
char *
|
|
|
|
prison_name(struct prison *pr1, struct prison *pr2)
|
|
|
|
{
|
|
|
|
char *name;
|
|
|
|
|
|
|
|
/* Jails see themselves as "0" (if they see themselves at all). */
|
|
|
|
if (pr1 == pr2)
|
|
|
|
return "0";
|
|
|
|
name = pr2->pr_name;
|
|
|
|
if (prison_ischild(pr1, pr2)) {
|
|
|
|
/*
|
|
|
|
* pr1 isn't locked (and allprison_lock may not be either)
|
|
|
|
* so its length can't be counted on. But the number of dots
|
|
|
|
* can be counted on - and counted.
|
|
|
|
*/
|
|
|
|
for (; pr1 != &prison0; pr1 = pr1->pr_parent)
|
|
|
|
name = strchr(name, '.') + 1;
|
|
|
|
}
|
|
|
|
return (name);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Return the part of pr2's path that is relative to pr1, or the whole path
|
|
|
|
* if it does not directly follow.
|
|
|
|
*/
|
|
|
|
static char *
|
|
|
|
prison_path(struct prison *pr1, struct prison *pr2)
|
|
|
|
{
|
|
|
|
char *path1, *path2;
|
|
|
|
int len1;
|
|
|
|
|
|
|
|
path1 = pr1->pr_path;
|
|
|
|
path2 = pr2->pr_path;
|
|
|
|
if (!strcmp(path1, "/"))
|
|
|
|
return (path2);
|
|
|
|
len1 = strlen(path1);
|
|
|
|
if (strncmp(path1, path2, len1))
|
|
|
|
return (path2);
|
|
|
|
if (path2[len1] == '\0')
|
|
|
|
return "/";
|
|
|
|
if (path2[len1] == '/')
|
|
|
|
return (path2 + len1);
|
|
|
|
return (path2);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Jail-related sysctls.
|
|
|
|
*/
|
|
|
|
SYSCTL_NODE(_security, OID_AUTO, jail, CTLFLAG_RW, 0,
|
|
|
|
"Jails");
|
|
|
|
|
2003-04-09 02:55:18 +00:00
|
|
|
static int
|
|
|
|
sysctl_jail_list(SYSCTL_HANDLER_ARGS)
|
|
|
|
{
|
2009-04-29 21:14:15 +00:00
|
|
|
struct xprison *xp;
|
2009-05-27 14:11:23 +00:00
|
|
|
struct prison *pr, *cpr;
|
2009-04-29 21:14:15 +00:00
|
|
|
#ifdef INET
|
|
|
|
struct in_addr *ip4 = NULL;
|
|
|
|
int ip4s = 0;
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
struct in_addr *ip6 = NULL;
|
|
|
|
int ip6s = 0;
|
|
|
|
#endif
|
2009-05-27 14:11:23 +00:00
|
|
|
int descend, error;
|
2003-04-09 02:55:18 +00:00
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
xp = malloc(sizeof(*xp), M_TEMP, M_WAITOK);
|
2009-05-27 14:11:23 +00:00
|
|
|
pr = req->td->td_ucred->cr_prison;
|
2009-04-29 21:14:15 +00:00
|
|
|
error = 0;
|
2007-04-05 23:19:13 +00:00
|
|
|
sx_slock(&allprison_lock);
|
2009-05-27 14:11:23 +00:00
|
|
|
FOREACH_PRISON_DESCENDANT(pr, cpr, descend) {
|
|
|
|
#if defined(INET) || defined(INET6)
|
2009-04-29 21:14:15 +00:00
|
|
|
again:
|
2009-05-27 14:11:23 +00:00
|
|
|
#endif
|
|
|
|
mtx_lock(&cpr->pr_mtx);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
if (cpr->pr_ip4s > 0) {
|
|
|
|
if (ip4s < cpr->pr_ip4s) {
|
|
|
|
ip4s = cpr->pr_ip4s;
|
|
|
|
mtx_unlock(&cpr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
ip4 = realloc(ip4, ip4s *
|
|
|
|
sizeof(struct in_addr), M_TEMP, M_WAITOK);
|
|
|
|
goto again;
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
bcopy(cpr->pr_ip4, ip4,
|
|
|
|
cpr->pr_ip4s * sizeof(struct in_addr));
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
2009-05-27 14:11:23 +00:00
|
|
|
if (cpr->pr_ip6s > 0) {
|
|
|
|
if (ip6s < cpr->pr_ip6s) {
|
|
|
|
ip6s = cpr->pr_ip6s;
|
|
|
|
mtx_unlock(&cpr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
ip6 = realloc(ip6, ip6s *
|
|
|
|
sizeof(struct in6_addr), M_TEMP, M_WAITOK);
|
|
|
|
goto again;
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
bcopy(cpr->pr_ip6, ip6,
|
|
|
|
cpr->pr_ip6s * sizeof(struct in6_addr));
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
2009-05-27 14:11:23 +00:00
|
|
|
if (cpr->pr_ref == 0) {
|
|
|
|
mtx_unlock(&cpr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
bzero(xp, sizeof(*xp));
|
2003-04-09 02:55:18 +00:00
|
|
|
xp->pr_version = XPRISON_VERSION;
|
2009-05-27 14:11:23 +00:00
|
|
|
xp->pr_id = cpr->pr_id;
|
|
|
|
xp->pr_state = cpr->pr_uref > 0
|
2009-04-29 21:14:15 +00:00
|
|
|
? PRISON_STATE_ALIVE : PRISON_STATE_DYING;
|
2009-05-27 14:11:23 +00:00
|
|
|
strlcpy(xp->pr_path, prison_path(pr, cpr), sizeof(xp->pr_path));
|
|
|
|
strlcpy(xp->pr_host, cpr->pr_host, sizeof(xp->pr_host));
|
|
|
|
strlcpy(xp->pr_name, prison_name(pr, cpr), sizeof(xp->pr_name));
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2009-05-27 14:11:23 +00:00
|
|
|
xp->pr_ip4s = cpr->pr_ip4s;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
2009-05-27 14:11:23 +00:00
|
|
|
xp->pr_ip6s = cpr->pr_ip6s;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
2009-05-27 14:11:23 +00:00
|
|
|
mtx_unlock(&cpr->pr_mtx);
|
2009-04-29 21:14:15 +00:00
|
|
|
error = SYSCTL_OUT(req, xp, sizeof(*xp));
|
|
|
|
if (error)
|
|
|
|
break;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2009-04-29 21:14:15 +00:00
|
|
|
if (xp->pr_ip4s > 0) {
|
|
|
|
error = SYSCTL_OUT(req, ip4,
|
|
|
|
xp->pr_ip4s * sizeof(struct in_addr));
|
|
|
|
if (error)
|
|
|
|
break;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
2009-04-29 21:14:15 +00:00
|
|
|
if (xp->pr_ip6s > 0) {
|
|
|
|
error = SYSCTL_OUT(req, ip6,
|
|
|
|
xp->pr_ip6s * sizeof(struct in6_addr));
|
|
|
|
if (error)
|
|
|
|
break;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
|
|
|
#endif
|
2003-04-09 02:55:18 +00:00
|
|
|
}
|
2007-04-05 23:19:13 +00:00
|
|
|
sx_sunlock(&allprison_lock);
|
2009-04-29 21:14:15 +00:00
|
|
|
free(xp, M_TEMP);
|
|
|
|
#ifdef INET
|
|
|
|
free(ip4, M_TEMP);
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
free(ip6, M_TEMP);
|
|
|
|
#endif
|
2007-03-09 05:22:10 +00:00
|
|
|
return (error);
|
2003-04-09 02:55:18 +00:00
|
|
|
}
|
|
|
|
|
Mark most often used sysctl's as MPSAFE.
After running a `make buildkernel', I noticed most of the Giant locks in
sysctl are only caused by a very small amount of sysctl's:
- sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like
sysctl.oidfmt.
- kern.ident, kern.osrelease, kern.version, etc. These are just constant
strings.
- kern.arandom, used by the stack protector. It is already protected by
arc4_mtx.
I also saw the following sysctl's show up. Not as often as the ones
above, but still quite often:
- security.jail.jailed. Also mark security.jail.list as MPSAFE. They
don't need locking or already use allprison_lock.
- kern.devname, used by devname(3), ttyname(3), etc.
This seems to reduce Giant locking inside sysctl by ~75% in my primitive
test setup.
2009-01-28 19:58:05 +00:00
|
|
|
SYSCTL_OID(_security_jail, OID_AUTO, list,
|
|
|
|
CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
|
|
|
|
sysctl_jail_list, "S", "List of active jails");
|
2004-02-19 14:29:14 +00:00
|
|
|
|
|
|
|
static int
|
|
|
|
sysctl_jail_jailed(SYSCTL_HANDLER_ARGS)
|
|
|
|
{
|
|
|
|
int error, injail;
|
|
|
|
|
|
|
|
injail = jailed(req->td->td_ucred);
|
|
|
|
error = SYSCTL_OUT(req, &injail, sizeof(injail));
|
|
|
|
|
|
|
|
return (error);
|
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
|
Mark most often used sysctl's as MPSAFE.
After running a `make buildkernel', I noticed most of the Giant locks in
sysctl are only caused by a very small amount of sysctl's:
- sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like
sysctl.oidfmt.
- kern.ident, kern.osrelease, kern.version, etc. These are just constant
strings.
- kern.arandom, used by the stack protector. It is already protected by
arc4_mtx.
I also saw the following sysctl's show up. Not as often as the ones
above, but still quite often:
- security.jail.jailed. Also mark security.jail.list as MPSAFE. They
don't need locking or already use allprison_lock.
- kern.devname, used by devname(3), ttyname(3), etc.
This seems to reduce Giant locking inside sysctl by ~75% in my primitive
test setup.
2009-01-28 19:58:05 +00:00
|
|
|
SYSCTL_PROC(_security_jail, OID_AUTO, jailed,
|
|
|
|
CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
|
|
|
|
sysctl_jail_jailed, "I", "Process in jail?");
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
#if defined(INET) || defined(INET6)
|
2009-06-09 22:09:29 +00:00
|
|
|
SYSCTL_UINT(_security_jail, OID_AUTO, jail_max_af_ips, CTLFLAG_RW,
|
2009-05-27 14:11:23 +00:00
|
|
|
&jail_max_af_ips, 0,
|
|
|
|
"Number of IP addresses a jail may have at most per address family");
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Default parameters for jail(2) compatability. For historical reasons,
|
|
|
|
* the sysctl names have varying similarity to the parameter names. Prisons
|
|
|
|
* just see their own parameters, and can't change them.
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
sysctl_jail_default_allow(SYSCTL_HANDLER_ARGS)
|
|
|
|
{
|
|
|
|
struct prison *pr;
|
|
|
|
int allow, error, i;
|
|
|
|
|
|
|
|
pr = req->td->td_ucred->cr_prison;
|
|
|
|
allow = (pr == &prison0) ? jail_default_allow : pr->pr_allow;
|
|
|
|
|
|
|
|
/* Get the current flag value, and convert it to a boolean. */
|
|
|
|
i = (allow & arg2) ? 1 : 0;
|
|
|
|
if (arg1 != NULL)
|
|
|
|
i = !i;
|
|
|
|
error = sysctl_handle_int(oidp, &i, 0, req);
|
|
|
|
if (error || !req->newptr)
|
|
|
|
return (error);
|
|
|
|
i = i ? arg2 : 0;
|
|
|
|
if (arg1 != NULL)
|
|
|
|
i ^= arg2;
|
|
|
|
/*
|
|
|
|
* The sysctls don't have CTLFLAGS_PRISON, so assume prison0
|
|
|
|
* for writing.
|
|
|
|
*/
|
|
|
|
mtx_lock(&prison0.pr_mtx);
|
|
|
|
jail_default_allow = (jail_default_allow & ~arg2) | i;
|
|
|
|
mtx_unlock(&prison0.pr_mtx);
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
SYSCTL_PROC(_security_jail, OID_AUTO, set_hostname_allowed,
|
|
|
|
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
|
|
|
NULL, PR_ALLOW_SET_HOSTNAME, sysctl_jail_default_allow, "I",
|
|
|
|
"Processes in jail can set their hostnames");
|
|
|
|
SYSCTL_PROC(_security_jail, OID_AUTO, socket_unixiproute_only,
|
|
|
|
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
|
|
|
(void *)1, PR_ALLOW_SOCKET_AF, sysctl_jail_default_allow, "I",
|
|
|
|
"Processes in jail are limited to creating UNIX/IP/route sockets only");
|
|
|
|
SYSCTL_PROC(_security_jail, OID_AUTO, sysvipc_allowed,
|
|
|
|
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
|
|
|
NULL, PR_ALLOW_SYSVIPC, sysctl_jail_default_allow, "I",
|
|
|
|
"Processes in jail can use System V IPC primitives");
|
|
|
|
SYSCTL_PROC(_security_jail, OID_AUTO, allow_raw_sockets,
|
|
|
|
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
|
|
|
NULL, PR_ALLOW_RAW_SOCKETS, sysctl_jail_default_allow, "I",
|
|
|
|
"Prison root can create raw sockets");
|
|
|
|
SYSCTL_PROC(_security_jail, OID_AUTO, chflags_allowed,
|
|
|
|
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
|
|
|
NULL, PR_ALLOW_CHFLAGS, sysctl_jail_default_allow, "I",
|
|
|
|
"Processes in jail can alter system file flags");
|
|
|
|
SYSCTL_PROC(_security_jail, OID_AUTO, mount_allowed,
|
|
|
|
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
|
|
|
NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I",
|
|
|
|
"Processes in jail can mount/unmount jail-friendly file systems");
|
|
|
|
|
|
|
|
static int
|
|
|
|
sysctl_jail_default_level(SYSCTL_HANDLER_ARGS)
|
|
|
|
{
|
|
|
|
struct prison *pr;
|
|
|
|
int level, error;
|
|
|
|
|
|
|
|
pr = req->td->td_ucred->cr_prison;
|
|
|
|
level = (pr == &prison0) ? *(int *)arg1 : *(int *)((char *)pr + arg2);
|
|
|
|
error = sysctl_handle_int(oidp, &level, 0, req);
|
|
|
|
if (error || !req->newptr)
|
|
|
|
return (error);
|
|
|
|
*(int *)arg1 = level;
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
SYSCTL_PROC(_security_jail, OID_AUTO, enforce_statfs,
|
|
|
|
CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
|
|
|
|
&jail_default_enforce_statfs, offsetof(struct prison, pr_enforce_statfs),
|
|
|
|
sysctl_jail_default_level, "I",
|
|
|
|
"Processes in jail cannot see all mounted file systems");
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Nodes to describe jail parameters. Maximum length of string parameters
|
|
|
|
* is returned in the string itself, and the other parameters exist merely
|
|
|
|
* to make themselves and their types known.
|
|
|
|
*/
|
|
|
|
SYSCTL_NODE(_security_jail, OID_AUTO, param, CTLFLAG_RW, 0,
|
|
|
|
"Jail parameters");
|
|
|
|
|
|
|
|
int
|
|
|
|
sysctl_jail_param(SYSCTL_HANDLER_ARGS)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
long l;
|
|
|
|
size_t s;
|
|
|
|
char numbuf[12];
|
|
|
|
|
|
|
|
switch (oidp->oid_kind & CTLTYPE)
|
|
|
|
{
|
|
|
|
case CTLTYPE_LONG:
|
|
|
|
case CTLTYPE_ULONG:
|
|
|
|
l = 0;
|
|
|
|
#ifdef SCTL_MASK32
|
|
|
|
if (!(req->flags & SCTL_MASK32))
|
|
|
|
#endif
|
|
|
|
return (SYSCTL_OUT(req, &l, sizeof(l)));
|
|
|
|
case CTLTYPE_INT:
|
|
|
|
case CTLTYPE_UINT:
|
|
|
|
i = 0;
|
|
|
|
return (SYSCTL_OUT(req, &i, sizeof(i)));
|
|
|
|
case CTLTYPE_STRING:
|
|
|
|
snprintf(numbuf, sizeof(numbuf), "%d", arg2);
|
|
|
|
return
|
|
|
|
(sysctl_handle_string(oidp, numbuf, sizeof(numbuf), req));
|
|
|
|
case CTLTYPE_STRUCT:
|
|
|
|
s = (size_t)arg2;
|
|
|
|
return (SYSCTL_OUT(req, &s, sizeof(s)));
|
|
|
|
}
|
|
|
|
return (0);
|
|
|
|
}
|
|
|
|
|
|
|
|
SYSCTL_JAIL_PARAM(, jid, CTLTYPE_INT | CTLFLAG_RDTUN, "I", "Jail ID");
|
|
|
|
SYSCTL_JAIL_PARAM(, parent, CTLTYPE_INT | CTLFLAG_RD, "I", "Jail parent ID");
|
|
|
|
SYSCTL_JAIL_PARAM_STRING(, name, CTLFLAG_RW, MAXHOSTNAMELEN, "Jail name");
|
|
|
|
SYSCTL_JAIL_PARAM_STRING(, path, CTLFLAG_RDTUN, MAXPATHLEN, "Jail root path");
|
|
|
|
SYSCTL_JAIL_PARAM(, securelevel, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"I", "Jail secure level");
|
|
|
|
SYSCTL_JAIL_PARAM(, enforce_statfs, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"I", "Jail cannot see all mounted file systems");
|
|
|
|
SYSCTL_JAIL_PARAM(, persist, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"B", "Jail persistence");
|
|
|
|
SYSCTL_JAIL_PARAM(, dying, CTLTYPE_INT | CTLFLAG_RD,
|
|
|
|
"B", "Jail is in the process of shutting down");
|
|
|
|
|
|
|
|
SYSCTL_JAIL_PARAM_NODE(host, "Jail host info");
|
2009-05-29 21:27:12 +00:00
|
|
|
SYSCTL_JAIL_PARAM(, nohost, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"BN", "Jail w/ no host info");
|
2009-05-27 14:11:23 +00:00
|
|
|
SYSCTL_JAIL_PARAM_STRING(_host, hostname, CTLFLAG_RW, MAXHOSTNAMELEN,
|
|
|
|
"Jail hostname");
|
2009-05-29 21:27:12 +00:00
|
|
|
SYSCTL_JAIL_PARAM_STRING(_host, domainname, CTLFLAG_RW, MAXHOSTNAMELEN,
|
|
|
|
"Jail NIS domainname");
|
|
|
|
SYSCTL_JAIL_PARAM_STRING(_host, hostuuid, CTLFLAG_RW, HOSTUUIDLEN,
|
|
|
|
"Jail host UUID");
|
|
|
|
SYSCTL_JAIL_PARAM(_host, hostid, CTLTYPE_ULONG | CTLFLAG_RW,
|
|
|
|
"LU", "Jail host ID");
|
2009-05-27 14:11:23 +00:00
|
|
|
|
|
|
|
SYSCTL_JAIL_PARAM_NODE(cpuset, "Jail cpuset");
|
|
|
|
SYSCTL_JAIL_PARAM(_cpuset, id, CTLTYPE_INT | CTLFLAG_RD, "I", "Jail cpuset ID");
|
|
|
|
|
|
|
|
#ifdef INET
|
|
|
|
SYSCTL_JAIL_PARAM_NODE(ip4, "Jail IPv4 address virtualization");
|
|
|
|
SYSCTL_JAIL_PARAM(, noip4, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"BN", "Jail w/ no IP address virtualization");
|
|
|
|
SYSCTL_JAIL_PARAM_STRUCT(_ip4, addr, CTLFLAG_RW, sizeof(struct in_addr),
|
|
|
|
"S,in_addr,a", "Jail IPv4 addresses");
|
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
SYSCTL_JAIL_PARAM_NODE(ip6, "Jail IPv6 address virtualization");
|
|
|
|
SYSCTL_JAIL_PARAM(, noip6, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"BN", "Jail w/ no IP address virtualization");
|
|
|
|
SYSCTL_JAIL_PARAM_STRUCT(_ip6, addr, CTLFLAG_RW, sizeof(struct in6_addr),
|
|
|
|
"S,in6_addr,a", "Jail IPv6 addresses");
|
|
|
|
#endif
|
|
|
|
|
|
|
|
SYSCTL_JAIL_PARAM_NODE(allow, "Jail permission flags");
|
|
|
|
SYSCTL_JAIL_PARAM(_allow, set_hostname, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"B", "Jail may set hostname");
|
|
|
|
SYSCTL_JAIL_PARAM(_allow, sysvipc, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"B", "Jail may use SYSV IPC");
|
|
|
|
SYSCTL_JAIL_PARAM(_allow, raw_sockets, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"B", "Jail may create raw sockets");
|
|
|
|
SYSCTL_JAIL_PARAM(_allow, chflags, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"B", "Jail may alter system file flags");
|
|
|
|
SYSCTL_JAIL_PARAM(_allow, mount, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"B", "Jail may mount/unmount jail-friendly file systems");
|
|
|
|
SYSCTL_JAIL_PARAM(_allow, quotas, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"B", "Jail may set file quotas");
|
|
|
|
SYSCTL_JAIL_PARAM(_allow, jails, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"B", "Jail may create child jails");
|
|
|
|
SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW,
|
|
|
|
"B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route");
|
|
|
|
|
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef DDB
|
2009-04-29 21:14:15 +00:00
|
|
|
|
|
|
|
static void
|
|
|
|
db_show_prison(struct prison *pr)
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
{
|
2009-05-27 14:11:23 +00:00
|
|
|
int fi;
|
2009-04-29 21:14:15 +00:00
|
|
|
#if defined(INET) || defined(INET6)
|
|
|
|
int ii;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
|
|
|
char ip6buf[INET6_ADDRSTRLEN];
|
|
|
|
#endif
|
|
|
|
|
2009-04-29 21:14:15 +00:00
|
|
|
db_printf("prison %p:\n", pr);
|
|
|
|
db_printf(" jid = %d\n", pr->pr_id);
|
|
|
|
db_printf(" name = %s\n", pr->pr_name);
|
2009-05-27 14:11:23 +00:00
|
|
|
db_printf(" parent = %p\n", pr->pr_parent);
|
2009-04-29 21:14:15 +00:00
|
|
|
db_printf(" ref = %d\n", pr->pr_ref);
|
|
|
|
db_printf(" uref = %d\n", pr->pr_uref);
|
|
|
|
db_printf(" path = %s\n", pr->pr_path);
|
|
|
|
db_printf(" cpuset = %d\n", pr->pr_cpuset
|
|
|
|
? pr->pr_cpuset->cs_id : -1);
|
|
|
|
db_printf(" root = %p\n", pr->pr_root);
|
|
|
|
db_printf(" securelevel = %d\n", pr->pr_securelevel);
|
2009-05-27 14:11:23 +00:00
|
|
|
db_printf(" child = %p\n", LIST_FIRST(&pr->pr_children));
|
|
|
|
db_printf(" sibling = %p\n", LIST_NEXT(pr, pr_sibling));
|
2009-04-29 21:14:15 +00:00
|
|
|
db_printf(" flags = %x", pr->pr_flags);
|
2009-05-27 14:11:23 +00:00
|
|
|
for (fi = 0; fi < sizeof(pr_flag_names) / sizeof(pr_flag_names[0]);
|
|
|
|
fi++)
|
|
|
|
if (pr_flag_names[fi] != NULL && (pr->pr_flags & (1 << fi)))
|
|
|
|
db_printf(" %s", pr_flag_names[fi]);
|
|
|
|
db_printf(" allow = %x", pr->pr_allow);
|
|
|
|
for (fi = 0; fi < sizeof(pr_allow_names) / sizeof(pr_allow_names[0]);
|
|
|
|
fi++)
|
|
|
|
if (pr_allow_names[fi] != NULL && (pr->pr_allow & (1 << fi)))
|
|
|
|
db_printf(" %s", pr_allow_names[fi]);
|
2009-04-29 21:14:15 +00:00
|
|
|
db_printf("\n");
|
2009-05-27 14:11:23 +00:00
|
|
|
db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs);
|
2009-04-29 21:14:15 +00:00
|
|
|
db_printf(" host.hostname = %s\n", pr->pr_host);
|
2009-05-29 21:27:12 +00:00
|
|
|
db_printf(" host.domainname = %s\n", pr->pr_domain);
|
|
|
|
db_printf(" host.hostuuid = %s\n", pr->pr_uuid);
|
|
|
|
db_printf(" host.hostid = %lu\n", pr->pr_hostid);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#ifdef INET
|
2009-04-29 21:14:15 +00:00
|
|
|
db_printf(" ip4s = %d\n", pr->pr_ip4s);
|
|
|
|
for (ii = 0; ii < pr->pr_ip4s; ii++)
|
|
|
|
db_printf(" %s %s\n",
|
|
|
|
ii == 0 ? "ip4 =" : " ",
|
|
|
|
inet_ntoa(pr->pr_ip4[ii]));
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif
|
|
|
|
#ifdef INET6
|
2009-04-29 21:14:15 +00:00
|
|
|
db_printf(" ip6s = %d\n", pr->pr_ip6s);
|
|
|
|
for (ii = 0; ii < pr->pr_ip6s; ii++)
|
|
|
|
db_printf(" %s %s\n",
|
|
|
|
ii == 0 ? "ip6 =" : " ",
|
|
|
|
ip6_sprintf(ip6buf, &pr->pr_ip6[ii]));
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
DB_SHOW_COMMAND(prison, db_show_prison_command)
|
|
|
|
{
|
|
|
|
struct prison *pr;
|
|
|
|
|
|
|
|
if (!have_addr) {
|
2009-05-27 14:11:23 +00:00
|
|
|
/*
|
|
|
|
* Show all prisons in the list, and prison0 which is not
|
|
|
|
* listed.
|
|
|
|
*/
|
|
|
|
db_show_prison(&prison0);
|
|
|
|
if (!db_pager_quit) {
|
|
|
|
TAILQ_FOREACH(pr, &allprison, pr_list) {
|
|
|
|
db_show_prison(pr);
|
|
|
|
if (db_pager_quit)
|
|
|
|
break;
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
}
|
|
|
|
return;
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
|
2009-05-27 14:11:23 +00:00
|
|
|
if (addr == 0)
|
|
|
|
pr = &prison0;
|
|
|
|
else {
|
|
|
|
/* Look for a prison with the ID and with references. */
|
2009-04-29 21:14:15 +00:00
|
|
|
TAILQ_FOREACH(pr, &allprison, pr_list)
|
2009-05-27 14:11:23 +00:00
|
|
|
if (pr->pr_id == addr && pr->pr_ref > 0)
|
2009-04-29 21:14:15 +00:00
|
|
|
break;
|
2009-05-27 14:11:23 +00:00
|
|
|
if (pr == NULL)
|
|
|
|
/* Look again, without requiring a reference. */
|
|
|
|
TAILQ_FOREACH(pr, &allprison, pr_list)
|
|
|
|
if (pr->pr_id == addr)
|
|
|
|
break;
|
|
|
|
if (pr == NULL)
|
|
|
|
/* Assume address points to a valid prison. */
|
|
|
|
pr = (struct prison *)addr;
|
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
db_show_prison(pr);
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
}
|
2009-04-29 21:14:15 +00:00
|
|
|
|
MFp4:
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
|
|
|
#endif /* DDB */
|