diff options
| author | Mike Barcroft <mike@FreeBSD.org> | 2003-04-09 02:55:18 +0000 |
|---|---|---|
| committer | Mike Barcroft <mike@FreeBSD.org> | 2003-04-09 02:55:18 +0000 |
| commit | fd7a8150fbfa35eca5fa77c068493cc6315a4eb2 (patch) | |
| tree | c6122edf636b885d1df318cda6d94636af3212f8 /sys/sys/jail.h | |
| parent | db5f2ca8df1aa9b4e549245acc5c5e4134fee404 (diff) | |
| download | src-fd7a8150fbfa35eca5fa77c068493cc6315a4eb2.tar.gz src-fd7a8150fbfa35eca5fa77c068493cc6315a4eb2.zip | |
o In struct prison, add an allprison linked list of prisons (protected
by allprison_mtx), a unique prison/jail identifier field, two path
fields (pr_path for reporting and pr_root vnode instance) to store
the chroot() point of each jail.
o Add jail_attach(2) to allow a process to bind to an existing jail.
o Add change_root() to perform the chroot operation on a specified
vnode.
o Generalize change_dir() to accept a vnode, and move namei() calls
to callers of change_dir().
o Add a new sysctl (security.jail.list) which is a group of
struct xprison instances that represent a snapshot of active jails.
Reviewed by: rwatson, tjr
Notes
Notes:
svn path=/head/; revision=113275
Diffstat (limited to 'sys/sys/jail.h')
| -rw-r--r-- | sys/sys/jail.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 016c75a6a9b8..fbc8ba93e754 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -20,9 +20,19 @@ struct jail { u_int32_t ip_number; }; +struct xprison { + int pr_version; + int pr_id; + char pr_path[MAXPATHLEN]; + char pr_host[MAXHOSTNAMELEN]; + u_int32_t pr_ip; +}; +#define XPRISON_VERSION 1 + #ifndef _KERNEL int jail(struct jail *); +int jail_attach(int); #else /* _KERNEL */ @@ -30,6 +40,8 @@ int jail(struct jail *); #include <sys/_lock.h> #include <sys/_mutex.h> +#define JAIL_MAX 999999 + #ifdef MALLOC_DECLARE MALLOC_DECLARE(M_PRISON); #endif @@ -40,13 +52,18 @@ MALLOC_DECLARE(M_PRISON); * delete the struture when the last inmate is dead. * * Lock key: + * (a) allprison_mutex * (p) locked by pr_mutex * (c) set only during creation before the structure is shared, no mutex * required to read */ struct mtx; struct prison { + LIST_ENTRY(prison) pr_list; /* (a) all prisons */ + int pr_id; /* (c) prison id */ int pr_ref; /* (p) refcount */ + char pr_path[MAXPATHLEN]; /* (c) chroot path */ + struct vnode *pr_root; /* (c) vnode to rdir */ char pr_host[MAXHOSTNAMELEN]; /* (p) jail hostname */ u_int32_t pr_ip; /* (c) ip addr host */ void *pr_linux; /* (p) linux abi */ @@ -63,6 +80,9 @@ extern int jail_set_hostname_allowed; extern int jail_socket_unixiproute_only; extern int jail_sysvipc_allowed; +LIST_HEAD(prisonlist, prison); +extern struct prisonlist allprison; + /* * Kernel support functions for jail(). */ |