aboutsummaryrefslogtreecommitdiff
path: root/sys/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys/sys')
-rw-r--r--sys/sys/jail.h41
-rw-r--r--sys/sys/proc.h17
-rw-r--r--sys/sys/syscall-hide.h3
-rw-r--r--sys/sys/syscall.h5
-rw-r--r--sys/sys/syscall.mk5
-rw-r--r--sys/sys/sysctl.h3
-rw-r--r--sys/sys/sysproto.h6
-rw-r--r--sys/sys/ucred.h5
-rw-r--r--sys/sys/unpcb.h3
9 files changed, 76 insertions, 12 deletions
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
new file mode 100644
index 000000000000..aea9bf586e38
--- /dev/null
+++ b/sys/sys/jail.h
@@ -0,0 +1,41 @@
+/*
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@FreeBSD.org> wrote this file. As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ *
+ * $Id: loran.c,v 1.15 1999/04/11 03:06:06 eivind Exp $
+ *
+ */
+
+#ifndef _SYS_JAIL_H_
+#define _SYS_JAIL_H_
+
+struct jail {
+ char *path;
+ char *hostname;
+ u_int32_t ip_number;
+};
+
+#ifdef KERNEL
+
+#ifdef MALLOC_DECLARE
+MALLOC_DECLARE(M_PRISON);
+#endif
+
+/*
+ * This structure describes a prison. It is pointed to by all struct
+ * proc's of the inmates. pr_ref keeps track of them and is used to
+ * delete the struture when the last inmate is dead.
+ */
+
+struct prison {
+ int pr_ref;
+ char pr_host[MAXHOSTNAMELEN];
+ u_int32_t pr_ip;
+};
+
+#endif /* !KERNEL */
+#endif /* !_SYS_JAIL_H_ */
diff --git a/sys/sys/proc.h b/sys/sys/proc.h
index 12b809b7520f..9030584513d4 100644
--- a/sys/sys/proc.h
+++ b/sys/sys/proc.h
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)proc.h 8.15 (Berkeley) 5/19/95
- * $Id: proc.h,v 1.79 1999/04/27 11:18:32 phk Exp $
+ * $Id: proc.h,v 1.80 1999/04/28 01:04:33 luoqi Exp $
*/
#ifndef _SYS_PROC_H_
@@ -107,6 +107,9 @@ struct pasleep {
* which might be addressable only on a processor on which the process
* is running.
*/
+
+struct jail;
+
struct proc {
TAILQ_ENTRY(proc) p_procq; /* run/sleep queue. */
LIST_ENTRY(proc) p_list; /* List of all processes. */
@@ -206,6 +209,7 @@ struct proc {
struct sysentvec *p_sysent; /* System call dispatch information. */
struct rtprio p_rtprio; /* Realtime priority. */
+ struct prison *p_prison;
/* End area that is copied on creation. */
#define p_endcopy p_addr
struct user *p_addr; /* Kernel virtual addr of u-area (PROC ONLY). */
@@ -268,6 +272,8 @@ struct proc {
#define P_NOCLDWAIT 0x400000 /* No zombies if child dies */
#define P_DEADLKTREAT 0x800000 /* lock aquisition - deadlock treatment */
+#define P_JAILED 0x1000000 /* Process is in jail */
+
/*
* MOVE TO ucred.h?
*
@@ -292,6 +298,14 @@ MALLOC_DECLARE(M_SUBPROC);
MALLOC_DECLARE(M_ZOMBIE);
#endif
+/* flags for suser_xxx() */
+#define PRISON_ROOT 1
+
+/* Handy macro to determine of p1 can mangle p2 */
+
+#define PRISON_CHECK(p1, p2) \
+ ((!(p1)->p_prison) || (p1)->p_prison == (p2)->p_prison)
+
/*
* We use process IDs <= PID_MAX; PID_MAX + 1 must also fit in a pid_t,
* as it is used to represent "no process group".
@@ -376,6 +390,7 @@ void setrunnable __P((struct proc *));
void setrunqueue __P((struct proc *));
void sleepinit __P((void));
int suser __P((struct proc *));
+int suser_xxx __P((struct ucred *cred, struct proc *proc, int flag));
void remrq __P((struct proc *));
void cpu_switch __P((struct proc *));
void unsleep __P((struct proc *));
diff --git a/sys/sys/syscall-hide.h b/sys/sys/syscall-hide.h
index e7feea16d933..cba0b9d2864c 100644
--- a/sys/sys/syscall-hide.h
+++ b/sys/sys/syscall-hide.h
@@ -2,7 +2,7 @@
* System call hiders.
*
* DO NOT EDIT-- this file is automatically generated.
- * created from Id: syscalls.master,v 1.57 1999/04/04 21:41:16 dt Exp
+ * created from Id: syscalls.master,v 1.58 1999/04/28 11:28:49 phk Exp
*/
HIDE_POSIX(fork)
@@ -251,3 +251,4 @@ HIDE_POSIX(sched_rr_get_interval)
HIDE_BSD(utrace)
HIDE_BSD(sendfile)
HIDE_BSD(kldsym)
+HIDE_BSD(jail)
diff --git a/sys/sys/syscall.h b/sys/sys/syscall.h
index f20a43d80ae0..79441f1d6d18 100644
--- a/sys/sys/syscall.h
+++ b/sys/sys/syscall.h
@@ -2,7 +2,7 @@
* System call numbers.
*
* DO NOT EDIT-- this file is automatically generated.
- * created from Id: syscalls.master,v 1.57 1999/04/04 21:41:16 dt Exp
+ * created from Id: syscalls.master,v 1.58 1999/04/28 11:28:49 phk Exp
*/
#define SYS_syscall 0
@@ -257,4 +257,5 @@
#define SYS_utrace 335
#define SYS_sendfile 336
#define SYS_kldsym 337
-#define SYS_MAXSYSCALL 338
+#define SYS_jail 338
+#define SYS_MAXSYSCALL 339
diff --git a/sys/sys/syscall.mk b/sys/sys/syscall.mk
index 732435c49c36..832bb160ed94 100644
--- a/sys/sys/syscall.mk
+++ b/sys/sys/syscall.mk
@@ -1,6 +1,6 @@
# FreeBSD system call names.
# DO NOT EDIT-- this file is automatically generated.
-# created from Id: syscalls.master,v 1.57 1999/04/04 21:41:16 dt Exp
+# created from Id: syscalls.master,v 1.58 1999/04/28 11:28:49 phk Exp
MIASM = \
syscall.o \
exit.o \
@@ -212,4 +212,5 @@ MIASM = \
sched_rr_get_interval.o \
utrace.o \
sendfile.o \
- kldsym.o
+ kldsym.o \
+ jail.o
diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h
index 003222b93508..0f949d87487a 100644
--- a/sys/sys/sysctl.h
+++ b/sys/sys/sysctl.h
@@ -34,7 +34,7 @@
* SUCH DAMAGE.
*
* @(#)sysctl.h 8.1 (Berkeley) 6/2/93
- * $Id: sysctl.h,v 1.71 1999/02/16 10:49:55 dfr Exp $
+ * $Id: sysctl.h,v 1.72 1999/02/28 17:38:28 dt Exp $
*/
#ifndef _SYS_SYSCTL_H_
@@ -79,6 +79,7 @@ struct ctlname {
#define CTLFLAG_NOLOCK 0x20000000 /* XXX Don't Lock */
#define CTLFLAG_ANYBODY 0x10000000 /* All users can set this var */
#define CTLFLAG_SECURE 0x08000000 /* Permit set only if securelevel<=0 */
+#define CTLFLAG_PRISON 0x04000000 /* Prisoned roots can fiddle */
/*
* USE THIS instead of a hardwired number from the categories below
diff --git a/sys/sys/sysproto.h b/sys/sys/sysproto.h
index 7c18bd18ba87..43666d8cee64 100644
--- a/sys/sys/sysproto.h
+++ b/sys/sys/sysproto.h
@@ -2,7 +2,7 @@
* System call prototypes.
*
* DO NOT EDIT-- this file is automatically generated.
- * created from Id: syscalls.master,v 1.57 1999/04/04 21:41:16 dt Exp
+ * created from Id: syscalls.master,v 1.58 1999/04/28 11:28:49 phk Exp
*/
#ifndef _SYS_SYSPROTO_H_
@@ -907,6 +907,9 @@ struct kldsym_args {
int cmd; char cmd_[PAD_(int)];
void * data; char data_[PAD_(void *)];
};
+struct jail_args {
+ struct jail * jail; char jail_[PAD_(struct jail *)];
+};
int nosys __P((struct proc *, struct nosys_args *));
void exit __P((struct proc *, struct rexit_args *)) __dead2;
int fork __P((struct proc *, struct fork_args *));
@@ -1116,6 +1119,7 @@ int sched_rr_get_interval __P((struct proc *, struct sched_rr_get_interval_args
int utrace __P((struct proc *, struct utrace_args *));
int sendfile __P((struct proc *, struct sendfile_args *));
int kldsym __P((struct proc *, struct kldsym_args *));
+int jail __P((struct proc *, struct jail_args *));
#ifdef COMPAT_43
diff --git a/sys/sys/ucred.h b/sys/sys/ucred.h
index d95b0d871bd7..f65dbe05f0c9 100644
--- a/sys/sys/ucred.h
+++ b/sys/sys/ucred.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)ucred.h 8.4 (Berkeley) 1/9/95
- * $Id: ucred.h,v 1.10 1999/01/31 10:05:59 bde Exp $
+ * $Id: ucred.h,v 1.11 1999/04/27 11:18:38 phk Exp $
*/
#ifndef _SYS_UCRED_H_
@@ -41,7 +41,7 @@
* Credentials.
*
* Please do not inspect cr_uid directly to determine superuserness.
- * Only the suser_xxx() function should be used for this.
+ * Only the suser()/suser_xxx() function should be used for this.
*/
struct ucred {
u_short cr_ref; /* reference count */
@@ -60,7 +60,6 @@ struct ucred *crcopy __P((struct ucred *cr));
struct ucred *crdup __P((struct ucred *cr));
void crfree __P((struct ucred *cr));
struct ucred *crget __P((void));
-int suser_xxx __P((struct ucred *cred, u_short *acflag));
int groupmember __P((gid_t gid, struct ucred *cred));
#endif /* KERNEL */
diff --git a/sys/sys/unpcb.h b/sys/sys/unpcb.h
index 14191537f059..7c3881267ef8 100644
--- a/sys/sys/unpcb.h
+++ b/sys/sys/unpcb.h
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)unpcb.h 8.1 (Berkeley) 6/2/93
- * $Id: unpcb.h,v 1.6 1997/08/16 19:16:16 wollman Exp $
+ * $Id: unpcb.h,v 1.7 1998/05/15 20:11:40 wollman Exp $
*/
#ifndef _SYS_UNPCB_H_
@@ -71,6 +71,7 @@ struct unpcb {
LIST_ENTRY(unpcb) unp_link; /* glue on list of all PCBs */
struct socket *unp_socket; /* pointer back to socket */
struct vnode *unp_vnode; /* if associated with file */
+ struct vnode *unp_rvnode; /* root vp for creating process */
ino_t unp_ino; /* fake inode number */
struct unpcb *unp_conn; /* control block of connected socket */
struct unp_head unp_refs; /* referencing socket linked list */