diff options
| author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2009-08-13 10:26:34 +0000 |
|---|---|---|
| committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2009-08-13 10:26:34 +0000 |
| commit | eb79e1c76e18c7b72e7f16668319010d7e03ddae (patch) | |
| tree | da85107d22a96dc6fa0f87abc22d5684fb84f53c /sys | |
| parent | 20b0cdb749a0a8e31a98f6624168d88de77b638f (diff) | |
| download | src-eb79e1c76e18c7b72e7f16668319010d7e03ddae.tar.gz src-eb79e1c76e18c7b72e7f16668319010d7e03ddae.zip | |
Make it possible to change the vnet sysctl variables on jails
with their own virtual network stack. Jails only inheriting a
network stack cannot change anything that cannot be changed from
within a prison.
Reviewed by: rwatson, zec
Approved by: re (kib)
Notes
Notes:
svn path=/head/; revision=196176
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/kern/kern_jail.c | 23 | ||||
| -rw-r--r-- | sys/kern/kern_sysctl.c | 12 | ||||
| -rw-r--r-- | sys/net/vnet.h | 18 | ||||
| -rw-r--r-- | sys/sys/jail.h | 1 | ||||
| -rw-r--r-- | sys/sys/sysctl.h | 1 |
5 files changed, 46 insertions, 9 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 282a4d8c95b3..8f185833e8a1 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -88,7 +88,11 @@ struct prison prison0 = { .pr_childmax = JAIL_MAX, .pr_hostuuid = DEFAULT_HOSTUUID, .pr_children = LIST_HEAD_INITIALIZER(&prison0.pr_children), +#ifdef VIMAGE + .pr_flags = PR_HOST|PR_VNET, +#else .pr_flags = PR_HOST, +#endif .pr_allow = PR_ALLOW_ALL, }; MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); @@ -3308,6 +3312,25 @@ getcredhostid(struct ucred *cred, unsigned long *hostid) mtx_unlock(&cred->cr_prison->pr_mtx); } +#ifdef VIMAGE +/* + * Determine whether the prison represented by cred owns + * its vnet rather than having it inherited. + * + * Returns 1 in case the prison owns the vnet, 0 otherwise. + */ +int +prison_owns_vnet(struct ucred *cred) +{ + + /* + * vnets cannot be added/removed after jail creation, + * so no need to lock here. + */ + return (cred->cr_prison->pr_flags & PR_VNET ? 1 : 0); +} +#endif + /* * Determine whether the subject represented by cred can "see" * status of a mount point. diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index bb5b6a0f3ad6..b83502c2f419 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1381,10 +1381,18 @@ sysctl_root(SYSCTL_HANDLER_ARGS) /* Is this sysctl writable by only privileged users? */ if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) { + int priv; + if (oid->oid_kind & CTLFLAG_PRISON) - error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL); + priv = PRIV_SYSCTL_WRITEJAIL; +#ifdef VIMAGE + else if ((oid->oid_kind & CTLFLAG_VNET) && + prison_owns_vnet(req->td->td_ucred)) + priv = PRIV_SYSCTL_WRITEJAIL; +#endif else - error = priv_check(req->td, PRIV_SYSCTL_WRITE); + priv = PRIV_SYSCTL_WRITE; + error = priv_check(req->td, priv); if (error) return (error); } diff --git a/sys/net/vnet.h b/sys/net/vnet.h index d441af199703..91de07a1093a 100644 --- a/sys/net/vnet.h +++ b/sys/net/vnet.h @@ -232,21 +232,25 @@ int vnet_sysctl_handle_string(SYSCTL_HANDLER_ARGS); int vnet_sysctl_handle_uint(SYSCTL_HANDLER_ARGS); #define SYSCTL_VNET_INT(parent, nbr, name, access, ptr, val, descr) \ - SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|CTLFLAG_MPSAFE|(access), \ + SYSCTL_OID(parent, nbr, name, \ + CTLTYPE_INT|CTLFLAG_MPSAFE|CTLFLAG_VNET|(access), \ ptr, val, vnet_sysctl_handle_int, "I", descr) #define SYSCTL_VNET_PROC(parent, nbr, name, access, ptr, arg, handler, \ fmt, descr) \ - SYSCTL_OID(parent, nbr, name, access, ptr, arg, handler, fmt, \ - descr) + SYSCTL_OID(parent, nbr, name, CTLFLAG_VNET|(access), ptr, arg, \ + handler, fmt, descr) #define SYSCTL_VNET_STRING(parent, nbr, name, access, arg, len, descr) \ - SYSCTL_OID(parent, nbr, name, CTLTYPE_STRING|(access), arg, \ - len, vnet_sysctl_handle_string, "A", descr) + SYSCTL_OID(parent, nbr, name, \ + CTLTYPE_STRING|CTLFLAG_VNET|(access), \ + arg, len, vnet_sysctl_handle_string, "A", descr) #define SYSCTL_VNET_STRUCT(parent, nbr, name, access, ptr, type, descr) \ - SYSCTL_OID(parent, nbr, name, CTLTYPE_OPAQUE|(access), ptr, \ + SYSCTL_OID(parent, nbr, name, \ + CTLTYPE_OPAQUE|CTLFLAG_VNET|(access), ptr, \ sizeof(struct type), vnet_sysctl_handle_opaque, "S," #type, \ descr) #define SYSCTL_VNET_UINT(parent, nbr, name, access, ptr, val, descr) \ - SYSCTL_OID(parent, nbr, name, CTLTYPE_UINT|CTLFLAG_MPSAFE|(access), \ + SYSCTL_OID(parent, nbr, name, \ + CTLTYPE_UINT|CTLFLAG_MPSAFE|CTLFLAG_VNET|(access), \ ptr, val, vnet_sysctl_handle_uint, "IU", descr) #define VNET_SYSCTL_ARG(req, arg1) do { \ if (arg1 != NULL) \ diff --git a/sys/sys/jail.h b/sys/sys/jail.h index d7457bfd4272..cb26a64ec7d2 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -341,6 +341,7 @@ void getcredhostuuid(struct ucred *, char *, size_t); void getcredhostid(struct ucred *, unsigned long *); int prison_allow(struct ucred *, unsigned); int prison_check(struct ucred *cred1, struct ucred *cred2); +int prison_owns_vnet(struct ucred *); int prison_canseemount(struct ucred *cred, struct mount *mp); void prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp); diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index 4cab1599dc90..e1ce71889eee 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -85,6 +85,7 @@ struct ctlname { #define CTLMASK_SECURE 0x00F00000 /* Secure level */ #define CTLFLAG_TUN 0x00080000 /* Tunable variable */ #define CTLFLAG_MPSAFE 0x00040000 /* Handler is MP safe */ +#define CTLFLAG_VNET 0x00020000 /* Prisons with vnet can fiddle */ #define CTLFLAG_RDTUN (CTLFLAG_RD|CTLFLAG_TUN) /* |