diff options
author | Jamie Gritton <jamie@FreeBSD.org> | 2018-08-16 18:40:16 +0000 |
---|---|---|
committer | Jamie Gritton <jamie@FreeBSD.org> | 2018-08-16 18:40:16 +0000 |
commit | 284001a222ae071c063920aa1c1b6477f168002d (patch) | |
tree | 10ee709c397d09f7bbe58bae03f7543dbe01998b /sys/sys | |
parent | a8e44f4da0e8b8892688d88a8faea5abfff2219e (diff) | |
download | src-284001a222ae071c063920aa1c1b6477f168002d.tar.gz src-284001a222ae071c063920aa1c1b6477f168002d.zip |
Put jail(2) under COMPAT_FREEBSD11. It has been the "old" way of creating
jails since FreeBSD 7.
Along with the system call, put the various security.jail.allow_foo and
security.jail.foo_allowed sysctls partly under COMPAT_FREEBSD11 (or
BURN_BRIDGES). These sysctls had two disparate uses: on the system side,
they were global permissions for jails created via jail(2) which lacked
fine-grained permission controls; inside a jail, they're read-only
descriptions of what the current jail is allowed to do. The first use
is obsolete along with jail(2), but keep them for the second-read-only use.
Differential Revision: D14791
Notes
Notes:
svn path=/head/; revision=337922
Diffstat (limited to 'sys/sys')
-rw-r--r-- | sys/sys/jail.h | 13 | ||||
-rw-r--r-- | sys/sys/syscall.h | 2 | ||||
-rw-r--r-- | sys/sys/syscall.mk | 2 | ||||
-rw-r--r-- | sys/sys/syscallsubr.h | 2 | ||||
-rw-r--r-- | sys/sys/sysproto.h | 10 |
5 files changed, 10 insertions, 19 deletions
diff --git a/sys/sys/jail.h b/sys/sys/jail.h index ec1013cb0071..441403fc4710 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -32,6 +32,7 @@ #ifndef _SYS_JAIL_H_ #define _SYS_JAIL_H_ +#ifdef COMPAT_FREEBSD11 #ifdef _KERNEL struct jail_v0 { u_int32_t version; @@ -57,16 +58,6 @@ struct jail { * For all xprison structs, always keep the pr_version an int and * the first variable so userspace can easily distinguish them. */ -#ifndef _KERNEL -struct xprison_v1 { - int pr_version; - int pr_id; - char pr_path[MAXPATHLEN]; - char pr_host[MAXHOSTNAMELEN]; - u_int32_t pr_ip; -}; -#endif - struct xprison { int pr_version; int pr_id; @@ -91,6 +82,7 @@ struct xprison { #define PRISON_STATE_INVALID 0 #define PRISON_STATE_ALIVE 1 #define PRISON_STATE_DYING 2 +#endif /* COMPAT_FREEBSD11 */ /* * Flags for jail_set and jail_get. @@ -110,7 +102,6 @@ struct xprison { struct iovec; -int jail(struct jail *); int jail_set(struct iovec *, unsigned int, int); int jail_get(struct iovec *, unsigned int, int); int jail_attach(int); diff --git a/sys/sys/syscall.h b/sys/sys/syscall.h index 6e880f04950c..4fe59e68cfb6 100644 --- a/sys/sys/syscall.h +++ b/sys/sys/syscall.h @@ -280,7 +280,7 @@ #define SYS_utrace 335 /* 336 is freebsd4 sendfile */ #define SYS_kldsym 337 -#define SYS_jail 338 +#define SYS_freebsd11_jail 338 #define SYS_nnpfs_syscall 339 #define SYS_sigprocmask 340 #define SYS_sigsuspend 341 diff --git a/sys/sys/syscall.mk b/sys/sys/syscall.mk index 11d81fab83f3..e004109b97f5 100644 --- a/sys/sys/syscall.mk +++ b/sys/sys/syscall.mk @@ -209,7 +209,7 @@ MIASM = \ sched_rr_get_interval.o \ utrace.o \ kldsym.o \ - jail.o \ + freebsd11_jail.o \ nnpfs_syscall.o \ sigprocmask.o \ sigsuspend.o \ diff --git a/sys/sys/syscallsubr.h b/sys/sys/syscallsubr.h index 5ec4fa33f534..332da341176f 100644 --- a/sys/sys/syscallsubr.h +++ b/sys/sys/syscallsubr.h @@ -143,7 +143,6 @@ int kern_getsockname(struct thread *td, int fd, struct sockaddr **sa, int kern_getsockopt(struct thread *td, int s, int level, int name, void *optval, enum uio_seg valseg, socklen_t *valsize); int kern_ioctl(struct thread *td, int fd, u_long com, caddr_t data); -int kern_jail(struct thread *td, struct jail *j); int kern_jail_get(struct thread *td, struct uio *options, int flags); int kern_jail_set(struct thread *td, struct uio *options, int flags); int kern_kevent(struct thread *td, int fd, int nchanges, int nevents, @@ -308,5 +307,6 @@ struct freebsd11_dirent; int freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int count, long *basep, void (*func)(struct freebsd11_dirent *)); +int freebsd11_kern_jail(struct thread *td, struct jail *j); #endif /* !_SYS_SYSCALLSUBR_H_ */ diff --git a/sys/sys/sysproto.h b/sys/sys/sysproto.h index aad36e9b27f6..62e9d42fc073 100644 --- a/sys/sys/sysproto.h +++ b/sys/sys/sysproto.h @@ -849,9 +849,6 @@ struct kldsym_args { char cmd_l_[PADL_(int)]; int cmd; char cmd_r_[PADR_(int)]; char data_l_[PADL_(void *)]; void * data; char data_r_[PADR_(void *)]; }; -struct jail_args { - char jail_l_[PADL_(struct jail *)]; struct jail * jail; char jail_r_[PADR_(struct jail *)]; -}; struct nnpfs_syscall_args { char operation_l_[PADL_(int)]; int operation; char operation_r_[PADR_(int)]; char a_pathP_l_[PADL_(char *)]; char * a_pathP; char a_pathP_r_[PADR_(char *)]; @@ -1961,7 +1958,6 @@ int sys_sched_get_priority_min(struct thread *, struct sched_get_priority_min_ar int sys_sched_rr_get_interval(struct thread *, struct sched_rr_get_interval_args *); int sys_utrace(struct thread *, struct utrace_args *); int sys_kldsym(struct thread *, struct kldsym_args *); -int sys_jail(struct thread *, struct jail_args *); int sys_nnpfs_syscall(struct thread *, struct nnpfs_syscall_args *); int sys_sigprocmask(struct thread *, struct sigprocmask_args *); int sys_sigsuspend(struct thread *, struct sigsuspend_args *); @@ -2531,6 +2527,9 @@ struct freebsd11_fhstat_args { char u_fhp_l_[PADL_(const struct fhandle *)]; const struct fhandle * u_fhp; char u_fhp_r_[PADR_(const struct fhandle *)]; char sb_l_[PADL_(struct freebsd11_stat *)]; struct freebsd11_stat * sb; char sb_r_[PADR_(struct freebsd11_stat *)]; }; +struct freebsd11_jail_args { + char jail_l_[PADL_(struct jail *)]; struct jail * jail; char jail_r_[PADR_(struct jail *)]; +}; struct freebsd11_kevent_args { char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)]; char changelist_l_[PADL_(struct kevent_freebsd11 *)]; struct kevent_freebsd11 * changelist; char changelist_r_[PADR_(struct kevent_freebsd11 *)]; @@ -2579,6 +2578,7 @@ int freebsd11_nstat(struct thread *, struct freebsd11_nstat_args *); int freebsd11_nfstat(struct thread *, struct freebsd11_nfstat_args *); int freebsd11_nlstat(struct thread *, struct freebsd11_nlstat_args *); int freebsd11_fhstat(struct thread *, struct freebsd11_fhstat_args *); +int freebsd11_jail(struct thread *, struct freebsd11_jail_args *); int freebsd11_kevent(struct thread *, struct freebsd11_kevent_args *); int freebsd11_getfsstat(struct thread *, struct freebsd11_getfsstat_args *); int freebsd11_statfs(struct thread *, struct freebsd11_statfs_args *); @@ -2849,7 +2849,7 @@ int freebsd11_mknodat(struct thread *, struct freebsd11_mknodat_args *); #define SYS_AUE_utrace AUE_NULL #define SYS_AUE_freebsd4_sendfile AUE_SENDFILE #define SYS_AUE_kldsym AUE_NULL -#define SYS_AUE_jail AUE_JAIL +#define SYS_AUE_freebsd11_jail AUE_JAIL #define SYS_AUE_nnpfs_syscall AUE_NULL #define SYS_AUE_sigprocmask AUE_SIGPROCMASK #define SYS_AUE_sigsuspend AUE_SIGSUSPEND |