aboutsummaryrefslogtreecommitdiff
path: root/sys/sys
diff options
context:
space:
mode:
authorJamie Gritton <jamie@FreeBSD.org>2018-08-16 18:40:16 +0000
committerJamie Gritton <jamie@FreeBSD.org>2018-08-16 18:40:16 +0000
commit284001a222ae071c063920aa1c1b6477f168002d (patch)
tree10ee709c397d09f7bbe58bae03f7543dbe01998b /sys/sys
parenta8e44f4da0e8b8892688d88a8faea5abfff2219e (diff)
downloadsrc-284001a222ae071c063920aa1c1b6477f168002d.tar.gz
src-284001a222ae071c063920aa1c1b6477f168002d.zip
Put jail(2) under COMPAT_FREEBSD11. It has been the "old" way of creating
jails since FreeBSD 7. Along with the system call, put the various security.jail.allow_foo and security.jail.foo_allowed sysctls partly under COMPAT_FREEBSD11 (or BURN_BRIDGES). These sysctls had two disparate uses: on the system side, they were global permissions for jails created via jail(2) which lacked fine-grained permission controls; inside a jail, they're read-only descriptions of what the current jail is allowed to do. The first use is obsolete along with jail(2), but keep them for the second-read-only use. Differential Revision: D14791
Notes
Notes: svn path=/head/; revision=337922
Diffstat (limited to 'sys/sys')
-rw-r--r--sys/sys/jail.h13
-rw-r--r--sys/sys/syscall.h2
-rw-r--r--sys/sys/syscall.mk2
-rw-r--r--sys/sys/syscallsubr.h2
-rw-r--r--sys/sys/sysproto.h10
5 files changed, 10 insertions, 19 deletions
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
index ec1013cb0071..441403fc4710 100644
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -32,6 +32,7 @@
#ifndef _SYS_JAIL_H_
#define _SYS_JAIL_H_
+#ifdef COMPAT_FREEBSD11
#ifdef _KERNEL
struct jail_v0 {
u_int32_t version;
@@ -57,16 +58,6 @@ struct jail {
* For all xprison structs, always keep the pr_version an int and
* the first variable so userspace can easily distinguish them.
*/
-#ifndef _KERNEL
-struct xprison_v1 {
- int pr_version;
- int pr_id;
- char pr_path[MAXPATHLEN];
- char pr_host[MAXHOSTNAMELEN];
- u_int32_t pr_ip;
-};
-#endif
-
struct xprison {
int pr_version;
int pr_id;
@@ -91,6 +82,7 @@ struct xprison {
#define PRISON_STATE_INVALID 0
#define PRISON_STATE_ALIVE 1
#define PRISON_STATE_DYING 2
+#endif /* COMPAT_FREEBSD11 */
/*
* Flags for jail_set and jail_get.
@@ -110,7 +102,6 @@ struct xprison {
struct iovec;
-int jail(struct jail *);
int jail_set(struct iovec *, unsigned int, int);
int jail_get(struct iovec *, unsigned int, int);
int jail_attach(int);
diff --git a/sys/sys/syscall.h b/sys/sys/syscall.h
index 6e880f04950c..4fe59e68cfb6 100644
--- a/sys/sys/syscall.h
+++ b/sys/sys/syscall.h
@@ -280,7 +280,7 @@
#define SYS_utrace 335
/* 336 is freebsd4 sendfile */
#define SYS_kldsym 337
-#define SYS_jail 338
+#define SYS_freebsd11_jail 338
#define SYS_nnpfs_syscall 339
#define SYS_sigprocmask 340
#define SYS_sigsuspend 341
diff --git a/sys/sys/syscall.mk b/sys/sys/syscall.mk
index 11d81fab83f3..e004109b97f5 100644
--- a/sys/sys/syscall.mk
+++ b/sys/sys/syscall.mk
@@ -209,7 +209,7 @@ MIASM = \
sched_rr_get_interval.o \
utrace.o \
kldsym.o \
- jail.o \
+ freebsd11_jail.o \
nnpfs_syscall.o \
sigprocmask.o \
sigsuspend.o \
diff --git a/sys/sys/syscallsubr.h b/sys/sys/syscallsubr.h
index 5ec4fa33f534..332da341176f 100644
--- a/sys/sys/syscallsubr.h
+++ b/sys/sys/syscallsubr.h
@@ -143,7 +143,6 @@ int kern_getsockname(struct thread *td, int fd, struct sockaddr **sa,
int kern_getsockopt(struct thread *td, int s, int level, int name,
void *optval, enum uio_seg valseg, socklen_t *valsize);
int kern_ioctl(struct thread *td, int fd, u_long com, caddr_t data);
-int kern_jail(struct thread *td, struct jail *j);
int kern_jail_get(struct thread *td, struct uio *options, int flags);
int kern_jail_set(struct thread *td, struct uio *options, int flags);
int kern_kevent(struct thread *td, int fd, int nchanges, int nevents,
@@ -308,5 +307,6 @@ struct freebsd11_dirent;
int freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int
count, long *basep, void (*func)(struct freebsd11_dirent *));
+int freebsd11_kern_jail(struct thread *td, struct jail *j);
#endif /* !_SYS_SYSCALLSUBR_H_ */
diff --git a/sys/sys/sysproto.h b/sys/sys/sysproto.h
index aad36e9b27f6..62e9d42fc073 100644
--- a/sys/sys/sysproto.h
+++ b/sys/sys/sysproto.h
@@ -849,9 +849,6 @@ struct kldsym_args {
char cmd_l_[PADL_(int)]; int cmd; char cmd_r_[PADR_(int)];
char data_l_[PADL_(void *)]; void * data; char data_r_[PADR_(void *)];
};
-struct jail_args {
- char jail_l_[PADL_(struct jail *)]; struct jail * jail; char jail_r_[PADR_(struct jail *)];
-};
struct nnpfs_syscall_args {
char operation_l_[PADL_(int)]; int operation; char operation_r_[PADR_(int)];
char a_pathP_l_[PADL_(char *)]; char * a_pathP; char a_pathP_r_[PADR_(char *)];
@@ -1961,7 +1958,6 @@ int sys_sched_get_priority_min(struct thread *, struct sched_get_priority_min_ar
int sys_sched_rr_get_interval(struct thread *, struct sched_rr_get_interval_args *);
int sys_utrace(struct thread *, struct utrace_args *);
int sys_kldsym(struct thread *, struct kldsym_args *);
-int sys_jail(struct thread *, struct jail_args *);
int sys_nnpfs_syscall(struct thread *, struct nnpfs_syscall_args *);
int sys_sigprocmask(struct thread *, struct sigprocmask_args *);
int sys_sigsuspend(struct thread *, struct sigsuspend_args *);
@@ -2531,6 +2527,9 @@ struct freebsd11_fhstat_args {
char u_fhp_l_[PADL_(const struct fhandle *)]; const struct fhandle * u_fhp; char u_fhp_r_[PADR_(const struct fhandle *)];
char sb_l_[PADL_(struct freebsd11_stat *)]; struct freebsd11_stat * sb; char sb_r_[PADR_(struct freebsd11_stat *)];
};
+struct freebsd11_jail_args {
+ char jail_l_[PADL_(struct jail *)]; struct jail * jail; char jail_r_[PADR_(struct jail *)];
+};
struct freebsd11_kevent_args {
char fd_l_[PADL_(int)]; int fd; char fd_r_[PADR_(int)];
char changelist_l_[PADL_(struct kevent_freebsd11 *)]; struct kevent_freebsd11 * changelist; char changelist_r_[PADR_(struct kevent_freebsd11 *)];
@@ -2579,6 +2578,7 @@ int freebsd11_nstat(struct thread *, struct freebsd11_nstat_args *);
int freebsd11_nfstat(struct thread *, struct freebsd11_nfstat_args *);
int freebsd11_nlstat(struct thread *, struct freebsd11_nlstat_args *);
int freebsd11_fhstat(struct thread *, struct freebsd11_fhstat_args *);
+int freebsd11_jail(struct thread *, struct freebsd11_jail_args *);
int freebsd11_kevent(struct thread *, struct freebsd11_kevent_args *);
int freebsd11_getfsstat(struct thread *, struct freebsd11_getfsstat_args *);
int freebsd11_statfs(struct thread *, struct freebsd11_statfs_args *);
@@ -2849,7 +2849,7 @@ int freebsd11_mknodat(struct thread *, struct freebsd11_mknodat_args *);
#define SYS_AUE_utrace AUE_NULL
#define SYS_AUE_freebsd4_sendfile AUE_SENDFILE
#define SYS_AUE_kldsym AUE_NULL
-#define SYS_AUE_jail AUE_JAIL
+#define SYS_AUE_freebsd11_jail AUE_JAIL
#define SYS_AUE_nnpfs_syscall AUE_NULL
#define SYS_AUE_sigprocmask AUE_SIGPROCMASK
#define SYS_AUE_sigsuspend AUE_SIGSUSPEND