1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-16 10:20:30 +00:00
Commit Graph

54 Commits

Author SHA1 Message Date
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Dmitrij Tejblum
5cc4ab5323 Regenerate (padding for pread and pwrite). 1999-04-04 21:43:36 +00:00
Alan Cox
4160ccd978 Added pread and pwrite. These functions are defined by the X/Open
Threads Extension.  (Note: We use the same syscall numbers as NetBSD.)

Submitted by:	John Plevyak <jplevyak@inktomi.com>
1999-03-27 21:16:58 +00:00
Peter Wemm
de8a10f07a regenerate (+kldsym) 1998-11-11 12:57:05 +00:00
David Greenman
dd0b2081f4 Implemented zero-copy TCP/IP extensions via sendfile(2) - send a
file to a stream socket. sendfile(2) is similar to implementations in
HP-UX, Linux, and other systems, but the API is more extensive and
addresses many of the complaints that the Apache Group and others have
had with those other implementations. Thanks to Marc Slemko of the
Apache Group for helping me work out the best API for this.
Anyway, this has the "net" result of speeding up sends of files over
TCP/IP sockets by about 10X (that is to say, uses 1/10th of the CPU
cycles) when compared to a traditional read/write loop.
1998-11-05 14:28:26 +00:00
Doug Rabson
c49265d091 Regnerate. 1998-08-24 08:32:19 +00:00
Bruce Evans
414c93f3aa Updated generated files. 1998-06-08 11:08:35 +00:00
Peter Wemm
06b6493558 regen after signanosleep nuke 1998-05-14 11:29:06 +00:00
John Dyson
1f56217280 Fix the futimes/undelete/utrace conflict with other BSD's. Note that
the only common  usage of utrace (the possible problem with this
commit) is with malloc, so this should be a real problem.  Add
the various NetBSD syscalls that allow full emulation of their
development environment.
1998-05-11 03:55:28 +00:00
Peter Dufault
8a6472b723 Finish _POSIX_PRIORITY_SCHEDULING. Needs P1003_1B and
_KPOSIX_PRIORITY_SCHEDULING options to work.  Changes:

Change all "posix4" to "p1003_1b".  Misnamed files are left
as "posix4" until I'm told if I can simply delete them and add
new ones;

Add _POSIX_PRIORITY_SCHEDULING system calls for FreeBSD and Linux;

Add man pages for _POSIX_PRIORITY_SCHEDULING system calls;

Add options to LINT;

Minor fixes to P1003_1B code during testing.
1998-03-28 11:51:01 +00:00
Bruce Evans
a92ae47539 Updated generated files. 1998-02-03 17:52:21 +00:00
Poul-Henning Kamp
c5b193bfba Retire LFS.
If you want to play with it, you can find the final version of the
code in the repository the tag LFS_RETIREMENT.

If somebody makes LFS work again, adding it back is certainly
desireable, but as it is now nobody seems to care much about it,
and it has suffered considerable bitrot since its somewhat haphazard
integration.

R.I.P
1998-01-30 11:34:06 +00:00
Poul-Henning Kamp
e83f76772d Remade syscalls.master derived files. 1997-10-26 20:28:54 +00:00
Peter Wemm
921af254ca Regenerate _after_ the commit to syscalls.master 1997-09-15 02:03:45 +00:00
Poul-Henning Kamp
7822f1c624 Add a __getcwd() syscall. This is intentionally undocumented, but all
it does is to try to figure the pwd out from the vfs namecache, and
return a reversed string to it.  libc:getcwd() is responsible for
flipping it back.
1997-09-14 16:51:31 +00:00
Peter Wemm
818661c8f6 Regenerate (added poll etc) 1997-09-14 02:23:46 +00:00
Peter Wemm
217cb20cdc Regenerate 1997-08-19 05:57:04 +00:00
Bruce Evans
e747e4bcc1 Updated generated files (makesyscalls.sh changed). Only sysproto.h
really changed.
1997-06-29 17:47:32 +00:00
John Dyson
2c1011f7ef Modifications to existing files to support the initial AIO/LIO and
kernel based threading support.
1997-06-16 00:29:36 +00:00
Peter Wemm
83a6ec5e6a Regenerate 1997-06-01 08:56:12 +00:00
Peter Wemm
3a5322f2f0 regenerate 1997-05-08 14:08:49 +00:00
Doug Rabson
cea6c86c11 This is the kernel linker. To use it, you will first need to apply
the patches in freefall:/home/dfr/ld.diffs to your ld sources and set
BINFORMAT to aoutkld when linking the kernel.

Library changes and userland utilities will appear in a later commit.
1997-05-07 16:05:47 +00:00
Peter Wemm
7ec6369d7e Regenerate (added issetugid) 1997-03-31 14:55:05 +00:00
Peter Wemm
f77da2867a Regenerate 1997-03-31 12:17:45 +00:00
Peter Wemm
d050e1a8a0 Regenerate to include correct Id string 1997-02-22 12:52:35 +00:00
John Dyson
996c772f58 This is the kernel Lite/2 commit. There are some requisite userland
changes, so don't expect to be able to run the kernel as-is (very well)
without the appropriate Lite/2 userland changes.

The system boots and can mount UFS filesystems.

Untested: ext2fs, msdosfs, NFS
Known problems: Incorrect Berkeley ID strings in some files.
		Mount_std mounts will not work until the getfsent
		library routine is changed.

Reviewed by:	various people
Submitted by:	Jeffery Hsu <hsu@freebsd.org>
1997-02-10 02:22:35 +00:00
Bruce Evans
713aa001e2 Updated generated files. 1997-01-16 15:59:31 +00:00
Poul-Henning Kamp
e6c4b9ba32 Add the utrace(caddr_t addr,size_t len) syscall, that will store the
data pointed at in a ktrace file, if this process is being ktrace'ed.
I'm using this to profile malloc usage.
The advantage is that there is no context around this call, ie, no
open file or socket, so it will work in any process, and you can
decide if you want it to collect data or not.
1996-09-19 19:49:13 +00:00
Sujal Patel
c2bbab53f4 Reran makesyscalls.sh after changing select()'s first argument to 'int'. 1996-08-20 07:20:29 +00:00
Peter Wemm
bad4352830 reran makesyscalls.sh after "int len" -> "size_t len" changes. 1996-03-02 17:01:36 +00:00
Peter Wemm
e89de7b5c3 Run makesyscalls to regen the tables. 1996-02-23 18:31:34 +00:00
Poul-Henning Kamp
99cb299316 Add an option NFS_NOSERVER which saves 100K in the install kernel (or
any other kernel that uses it).  Use with option NFS.
1996-01-13 23:27:58 +00:00
Peter Wemm
81090119af (gulp!) reran makesyscalls..
sysv_ipc.c: add stub functions that either simply return (for the hooks
in kern_fork/kern_exit) or log() a messgae and call enosys() (for the
syscalls).  sysv_ipc.c will become "standard" in conf/files and has
#ifs for all the permutations.
1996-01-08 04:30:48 +00:00
Garrett Wollman
50c73f3620 Convert SYSV IPC to new-style options. (I hope I got everything...)
The LKMs will need an extra file, to come later.
1996-01-04 20:29:06 +00:00
Garrett Wollman
db6a20e23e Converted two options over to the new scheme: USER_LDT and KTRACE. 1996-01-03 21:42:35 +00:00
Peter Wemm
295ab04920 Regenerated from syscalls.master... 1995-12-15 04:46:32 +00:00
Bruce Evans
c484c256a5 Updated machine-generated files. 1995-11-12 04:29:37 +00:00
Steven Wallace
4887ee51b2 Remake generated files to reflect makesyscalls.sh changes 1995-10-07 06:29:30 +00:00
Bruce Evans
c1b0bf4649 Update machine-generated files. 1995-09-19 13:56:09 +00:00
Andrey A. Chernov
e876c909da Make setreuid/setregid active syscalls 1995-04-23 12:22:06 +00:00
Bruce Evans
b5e8ce9f12 Add and move declarations to fix all of the warnings from `gcc -Wimplicit'
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
1995-03-16 18:17:34 +00:00
David Greenman
403ef252fa Removed obsolete vtrace() remnants. 1995-03-04 03:24:45 +00:00
Søren Schmidt
1e1e0b4463 First attempt to run linux binaries. This is only the changes needed to
the generic kernel. The actual emulator is a separate LKM. (not finished
yet, sorry).
Submitted by:	sos@freebsd.org & sef@kithrup.com
1995-02-14 19:23:22 +00:00
Søren Schmidt
c1451a8a5c Updated to add errno conversion table. (intialize to zero). 1994-10-09 21:58:47 +00:00
David Greenman
7216391e49 "idle priority" support. Based on code from Henrik Vestergaard Draboel,
but substantially rewritten by me.
1994-10-02 04:48:21 +00:00
Garrett Wollman
5ea9b26376 LKM support is no longer optional. 1994-09-28 22:45:04 +00:00
Poul-Henning Kamp
fa69874a39 init_sysent.c was missing the final newline. 1994-09-26 03:27:22 +00:00
Garrett Wollman
3f31c649d1 Redo Kernel NTP PLL support, kernel side.
This code is mostly taken from the 1.1 port (which was in turn taken from
Dave Mills's kern.tar.Z example).  A few significant differences:

1) ntp_gettime() is now a MIB variable rather than a system call.  A few
fiddles are done in libc to make it behave the same.

2) mono_time does not participate in the PLL adjustments.

3) A new interface has been defined (in <machine/clock.h>) for doing
possibly machine-dependent things around the time of the clock update.
This is used in Pentium kernels to disable interrupts, set `time', and
reset the CPU cycle counter as quickly as possible to avoid jitter in
microtime().  Measurements show an apparent resolution of a bit more than
8.14usec, which is reasonable given system-call overhead.
1994-09-18 20:40:01 +00:00
Doug Rabson
3d903220e4 Added SYSV ipcs.
Obtained from: NetBSD and FreeBSD-1.1.5
1994-09-13 14:47:38 +00:00
David Greenman
60fef21477 Realtime priority scheduling support.
Added "sys/rtprio.h" with the used defines.
    Added rtprio(2) - the kernel interface.                  init_sysent.c,
                                                             kern_resource.c
                                                             syscalls.master
    Added 32 new runqueues (rtqs), with initialization.      kern_proc.c
                                                             kern_synch.c
    Realtime processes do not change nice/priority           kern_synch.c
    Added a column "rt" to ddb's ps (#ifdef RTPRIO_DEBUG)    kern_synch.c
    Realtime priorities are enherited through fork().        kern_fork.c
    Init (and children) NOT run as realtime process.         init_main.c

Submitted by:	Henrik Vestergaard Draboel
1994-09-01 05:15:50 +00:00