PERFORCE change 99434 for review
Alex Lyashkov
als at FreeBSD.org
Sat Jun 17 15:53:36 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=99434
Change 99434 by als at als_head on 2006/06/17 15:53:03
Initial import jail2 into PerForce. With additionaly to last published fixed build world and implementated per jail file handle limit.
Affected files ...
.. //depot/projects/jail2/sys/amd64/amd64/dump_machdep.c#2 edit
.. //depot/projects/jail2/sys/amd64/amd64/minidump_machdep.c#2 edit
.. //depot/projects/jail2/sys/arm/arm/dump_machdep.c#2 edit
.. //depot/projects/jail2/sys/compat/linprocfs/linprocfs.c#2 edit
.. //depot/projects/jail2/sys/compat/linux/linux_mib.c#2 edit
.. //depot/projects/jail2/sys/compat/linux/linux_misc.c#2 edit
.. //depot/projects/jail2/sys/compat/linux/linux_stats.c#2 edit
.. //depot/projects/jail2/sys/compat/svr4/svr4_stat.c#2 edit
.. //depot/projects/jail2/sys/conf/NOTES#2 edit
.. //depot/projects/jail2/sys/conf/files#2 edit
.. //depot/projects/jail2/sys/conf/options#2 edit
.. //depot/projects/jail2/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c#2 edit
.. //depot/projects/jail2/sys/contrib/ipfilter/netinet/ip_nat.c#2 edit
.. //depot/projects/jail2/sys/ddb/db_command.c#2 edit
.. //depot/projects/jail2/sys/ddb/db_ps.c#2 edit
.. //depot/projects/jail2/sys/dev/firewire/firewire.c#2 edit
.. //depot/projects/jail2/sys/dev/hwpmc/hwpmc_mod.c#2 edit
.. //depot/projects/jail2/sys/dev/syscons/daemon/daemon_saver.c#2 edit
.. //depot/projects/jail2/sys/fs/procfs/procfs_status.c#2 edit
.. //depot/projects/jail2/sys/geom/vinum/geom_vinum_drive.c#2 edit
.. //depot/projects/jail2/sys/i386/i386/dump_machdep.c#2 edit
.. //depot/projects/jail2/sys/i386/i386/minidump_machdep.c#2 edit
.. //depot/projects/jail2/sys/i386/i386/pmap.c#2 edit
.. //depot/projects/jail2/sys/i386/ibcs2/ibcs2_socksys.c#2 edit
.. //depot/projects/jail2/sys/i386/ibcs2/ibcs2_stat.c#2 edit
.. //depot/projects/jail2/sys/i386/ibcs2/ibcs2_sysvec.c#2 edit
.. //depot/projects/jail2/sys/i386/ibcs2/ibcs2_xenix.c#2 edit
.. //depot/projects/jail2/sys/ia64/ia64/dump_machdep.c#2 edit
.. //depot/projects/jail2/sys/isofs/cd9660/cd9660_rrip.c#2 edit
.. //depot/projects/jail2/sys/kern/imgact_elf.c#2 edit
.. //depot/projects/jail2/sys/kern/init_main.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_descrip.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_exec.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_exit.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_fork.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_jail.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_jail2_common.c#1 add
.. //depot/projects/jail2/sys/kern/kern_jail2_disk.c#1 add
.. //depot/projects/jail2/sys/kern/kern_jail2_network.c#1 add
.. //depot/projects/jail2/sys/kern/kern_jail2_resource.c#1 add
.. //depot/projects/jail2/sys/kern/kern_ktrace.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_linker.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_mib.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_proc.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_prot.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_resource.c#2 edit
.. //depot/projects/jail2/sys/kern/kern_sig.c#2 edit
.. //depot/projects/jail2/sys/kern/sysv_ipc.c#2 edit
.. //depot/projects/jail2/sys/kern/sysv_msg.c#2 edit
.. //depot/projects/jail2/sys/kern/sysv_sem.c#2 edit
.. //depot/projects/jail2/sys/kern/sysv_shm.c#2 edit
.. //depot/projects/jail2/sys/kern/uipc_socket.c#2 edit
.. //depot/projects/jail2/sys/kern/uipc_usrreq.c#3 edit
.. //depot/projects/jail2/sys/kern/vfs_mount.c#2 edit
.. //depot/projects/jail2/sys/kern/vfs_syscalls.c#2 edit
.. //depot/projects/jail2/sys/net/if.c#2 edit
.. //depot/projects/jail2/sys/net/if.c.new#1 add
.. //depot/projects/jail2/sys/net/rtsock.c#2 edit
.. //depot/projects/jail2/sys/net/rtsock.c.new#1 add
.. //depot/projects/jail2/sys/net80211/ieee80211_ioctl.c#2 edit
.. //depot/projects/jail2/sys/netinet/in_pcb.c#2 edit
.. //depot/projects/jail2/sys/netinet/ip_fw2.c#2 edit
.. //depot/projects/jail2/sys/netinet/raw_ip.c#2 edit
.. //depot/projects/jail2/sys/netinet/tcp_usrreq.c#2 edit
.. //depot/projects/jail2/sys/netinet/udp_usrreq.c#2 edit
.. //depot/projects/jail2/sys/netinet6/icmp6.c#2 edit
.. //depot/projects/jail2/sys/netinet6/in6.c#2 edit
.. //depot/projects/jail2/sys/netinet6/in6_ifattach.c#2 edit
.. //depot/projects/jail2/sys/netinet6/in6_pcb.c#2 edit
.. //depot/projects/jail2/sys/nfsclient/bootp_subr.c#2 edit
.. //depot/projects/jail2/sys/nfsclient/nfs_vfsops.c#2 edit
.. //depot/projects/jail2/sys/sparc64/sparc64/dump_machdep.c#2 edit
.. //depot/projects/jail2/sys/sys/ipc.h#2 edit
.. //depot/projects/jail2/sys/sys/jail.h#2 edit
.. //depot/projects/jail2/sys/sys/jail2.h#1 add
.. //depot/projects/jail2/sys/sys/jail2_disks.h#1 add
.. //depot/projects/jail2/sys/sys/jail2_file.h#1 add
.. //depot/projects/jail2/sys/sys/jail2_flags.h#1 add
.. //depot/projects/jail2/sys/sys/jail2_ipc.h#1 add
.. //depot/projects/jail2/sys/sys/jail2_limits.h#1 add
.. //depot/projects/jail2/sys/sys/jail2_network.h#1 add
.. //depot/projects/jail2/sys/sys/jail2_task.h#1 add
.. //depot/projects/jail2/sys/sys/kernel.h#2 edit
.. //depot/projects/jail2/sys/sys/resourcevar.h#2 edit
.. //depot/projects/jail2/sys/sys/systm.h#2 edit
.. //depot/projects/jail2/sys/ufs/ufs/dinode.h#2 edit
.. //depot/projects/jail2/sys/ufs/ufs/ufs_vnops.c#2 edit
.. //depot/projects/jail2/sys/vm/vm_object.c#2 edit
.. //depot/projects/jail2/sys/vm/vm_pageout.c#2 edit
Differences ...
==== //depot/projects/jail2/sys/amd64/amd64/dump_machdep.c#2 (text+ko) ====
@@ -39,6 +39,10 @@
#include <machine/elf.h>
#include <machine/md_var.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
CTASSERT(sizeof(struct kerneldumpheader) == 512);
int do_minidump = 1;
@@ -118,7 +122,7 @@
kdh->dumplength = htod64(dumplen);
kdh->dumptime = htod64(time_second);
kdh->blocksize = htod32(blksz);
- strncpy(kdh->hostname, hostname, sizeof(kdh->hostname));
+ strncpy(kdh->hostname, hostname(), sizeof(kdh->hostname));
strncpy(kdh->versionstring, version, sizeof(kdh->versionstring));
if (panicstr != NULL)
strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
==== //depot/projects/jail2/sys/amd64/amd64/minidump_machdep.c#2 (text) ====
@@ -42,6 +42,10 @@
#include <machine/vmparam.h>
#include <machine/minidump.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
CTASSERT(sizeof(struct kerneldumpheader) == 512);
/*
@@ -94,7 +98,7 @@
kdh->dumplength = htod64(dumplen);
kdh->dumptime = htod64(time_second);
kdh->blocksize = htod32(blksz);
- strncpy(kdh->hostname, hostname, sizeof(kdh->hostname));
+ strncpy(kdh->hostname, hostname(), sizeof(kdh->hostname));
strncpy(kdh->versionstring, version, sizeof(kdh->versionstring));
if (panicstr != NULL)
strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
==== //depot/projects/jail2/sys/arm/arm/dump_machdep.c#2 (text+ko) ====
@@ -41,6 +41,10 @@
#include <machine/pcb.h>
#include <machine/armreg.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
CTASSERT(sizeof(struct kerneldumpheader) == 512);
/*
@@ -116,7 +120,7 @@
kdh->dumplength = htod64(dumplen);
kdh->dumptime = htod64(time_second);
kdh->blocksize = htod32(blksz);
- strncpy(kdh->hostname, hostname, sizeof(kdh->hostname));
+ strncpy(kdh->hostname, hostname(), sizeof(kdh->hostname));
strncpy(kdh->versionstring, version, sizeof(kdh->versionstring));
if (panicstr != NULL)
strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
==== //depot/projects/jail2/sys/compat/linprocfs/linprocfs.c#2 (text+ko) ====
@@ -48,7 +48,6 @@
#include <sys/conf.h>
#include <sys/exec.h>
#include <sys/filedesc.h>
-#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/linker.h>
#include <sys/lock.h>
@@ -68,6 +67,10 @@
#include <sys/vmmeter.h>
#include <sys/vnode.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <net/if.h>
#include <vm/vm.h>
@@ -688,8 +691,11 @@
struct vnode *rvp;
char *fullpath = "unknown";
char *freepath = NULL;
-
+#ifdef JAIL
rvp = jailed(p->p_ucred) ? p->p_fd->fd_jdir : p->p_fd->fd_rdir;
+#else
+ rvp = p->p_fd->fd_rdir;
+#endif
vn_fullpath(td, rvp, &fullpath, &freepath);
sbuf_printf(sb, "%s", fullpath);
if (freepath)
==== //depot/projects/jail2/sys/compat/linux/linux_mib.c#2 (text+ko) ====
@@ -35,10 +35,13 @@
#include <sys/sysctl.h>
#include <sys/proc.h>
#include <sys/malloc.h>
-#include <sys/jail.h>
#include <sys/lock.h>
#include <sys/mutex.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include "opt_compat.h"
#ifdef COMPAT_LINUX32
@@ -123,12 +126,14 @@
0, 0, linux_sysctl_oss_version, "I",
"Linux OSS version");
+#ifdef JAIL
/*
* Returns holding the prison mutex if return non-NULL.
*/
static struct prison *
linux_get_prison(struct thread *td)
{
+
register struct prison *pr;
register struct linux_prison *lpr;
@@ -137,7 +142,7 @@
return (NULL);
pr = td->td_ucred->cr_prison;
mtx_lock(&pr->pr_mtx);
- if (pr->pr_linux == NULL) {
+ if (jailed(td->td_ucred)) {
/*
* If we don't have a linux prison structure yet, allocate
* one. We have to handle the race where another thread
@@ -153,16 +158,19 @@
free(lpr, M_PRISON);
}
return (pr);
+
}
+#endif
void
linux_get_osname(struct thread *td, char *dst)
{
+#ifdef JAIL
register struct prison *pr;
register struct linux_prison *lpr;
pr = td->td_ucred->cr_prison;
- if (pr != NULL) {
+ if (jailed(td->td_ucred)) {
mtx_lock(&pr->pr_mtx);
if (pr->pr_linux != NULL) {
lpr = (struct linux_prison *)pr->pr_linux;
@@ -174,7 +182,7 @@
}
mtx_unlock(&pr->pr_mtx);
}
-
+#endif
mtx_lock(&osname_lock);
bcopy(linux_osname, dst, LINUX_MAX_UTSNAME);
mtx_unlock(&osname_lock);
@@ -183,6 +191,7 @@
int
linux_set_osname(struct thread *td, char *osname)
{
+#ifdef JAIL
struct prison *pr;
struct linux_prison *lpr;
@@ -196,6 +205,11 @@
strcpy(linux_osname, osname);
mtx_unlock(&osname_lock);
}
+#else
+ mtx_lock(&osname_lock);
+ strcpy(linux_osname, osname);
+ mtx_unlock(&osname_lock);
+#endif
return (0);
}
@@ -203,11 +217,12 @@
void
linux_get_osrelease(struct thread *td, char *dst)
{
+#ifdef JAIL
register struct prison *pr;
struct linux_prison *lpr;
pr = td->td_ucred->cr_prison;
- if (pr != NULL) {
+ if (jailed(td->td_ucred)) {
mtx_lock(&pr->pr_mtx);
if (pr->pr_linux != NULL) {
lpr = (struct linux_prison *)pr->pr_linux;
@@ -220,7 +235,7 @@
}
mtx_unlock(&pr->pr_mtx);
}
-
+#endif
mtx_lock(&osname_lock);
bcopy(linux_osrelease, dst, LINUX_MAX_UTSNAME);
mtx_unlock(&osname_lock);
@@ -229,6 +244,7 @@
int
linux_set_osrelease(struct thread *td, char *osrelease)
{
+#ifdef JAIL
struct prison *pr;
struct linux_prison *lpr;
@@ -242,6 +258,11 @@
strcpy(linux_osrelease, osrelease);
mtx_unlock(&osname_lock);
}
+#else
+ mtx_lock(&osname_lock);
+ strcpy(linux_osrelease, osrelease);
+ mtx_unlock(&osname_lock);
+#endif
return (0);
}
@@ -249,12 +270,14 @@
int
linux_get_oss_version(struct thread *td)
{
+ int version;
+#ifdef JAIL
register struct prison *pr;
register struct linux_prison *lpr;
- int version;
+
pr = td->td_ucred->cr_prison;
- if (pr != NULL) {
+ if (jailed(td->td_ucred)) {
mtx_lock(&pr->pr_mtx);
if (pr->pr_linux != NULL) {
lpr = (struct linux_prison *)pr->pr_linux;
@@ -266,7 +289,7 @@
}
mtx_unlock(&pr->pr_mtx);
}
-
+#endif
mtx_lock(&osname_lock);
version = linux_oss_version;
mtx_unlock(&osname_lock);
@@ -276,6 +299,7 @@
int
linux_set_oss_version(struct thread *td, int oss_version)
{
+#ifdef JAIL
struct prison *pr;
struct linux_prison *lpr;
@@ -289,6 +313,11 @@
linux_oss_version = oss_version;
mtx_unlock(&osname_lock);
}
+#else
+ mtx_lock(&osname_lock);
+ linux_oss_version = oss_version;
+ mtx_unlock(&osname_lock);
+#endif
return (0);
}
==== //depot/projects/jail2/sys/compat/linux/linux_misc.c#2 (text+ko) ====
@@ -39,7 +39,6 @@
#if defined(__i386__)
#include <sys/imgact_aout.h>
#endif
-#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/limits.h>
#include <sys/lock.h>
@@ -63,6 +62,10 @@
#include <sys/vnode.h>
#include <sys/wait.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <vm/vm.h>
#include <vm/pmap.h>
#include <vm/vm_kern.h>
@@ -699,7 +702,11 @@
bzero(&utsname, sizeof(utsname));
strlcpy(utsname.sysname, osname, LINUX_MAX_UTSNAME);
+#ifdef JAIL
getcredhostname(td->td_ucred, utsname.nodename, LINUX_MAX_UTSNAME);
+#else
+ strlcpy(utsname.nodename, hostname, LINUX_MAX_UTSNAME);
+#endif
strlcpy(utsname.release, osrelease, LINUX_MAX_UTSNAME);
strlcpy(utsname.version, version, LINUX_MAX_UTSNAME);
for (p = utsname.version; *p != '\0'; ++p)
==== //depot/projects/jail2/sys/compat/linux/linux_stats.c#2 (text+ko) ====
@@ -37,7 +37,6 @@
#include <sys/file.h>
#include <sys/filedesc.h>
#include <sys/proc.h>
-#include <sys/jail.h>
#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mount.h>
@@ -49,6 +48,10 @@
#include <sys/conf.h>
#include <sys/fcntl.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#ifdef COMPAT_LINUX32
#include <machine/../linux32/linux.h>
#include <machine/../linux32/linux32_proto.h>
==== //depot/projects/jail2/sys/compat/svr4/svr4_stat.c#2 (text+ko) ====
@@ -34,7 +34,6 @@
#include <sys/proc.h>
#include <sys/stat.h>
#include <sys/filedesc.h>
-#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/unistd.h>
@@ -44,6 +43,10 @@
#include <sys/sysproto.h>
#include <sys/un.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <vm/vm.h>
#include <netinet/in.h>
@@ -397,7 +400,11 @@
memset(&sut, 0, sizeof(sut));
strlcpy(sut.sysname, ostype, sizeof(sut.sysname));
+#ifdef JAIL
getcredhostname(td->td_ucred, sut.nodename, sizeof(sut.nodename));
+#else
+ strlcpy(sut.nodename, hostname(), sizeof(sut.nodename));
+#endif
strlcpy(sut.release, osrelease, sizeof(sut.release));
strlcpy(sut.version, version, sizeof(sut.version));
strlcpy(sut.machine, machine, sizeof(sut.machine));
@@ -426,7 +433,12 @@
break;
case SVR4_SI_HOSTNAME:
- str = hostname;
+ /* XXXX */
+#ifdef JAIL
+ str = td->td_ucred->cr_prison->pr_host;
+#else
+ str = hostname();
+#endif
break;
case SVR4_SI_RELEASE:
==== //depot/projects/jail2/sys/conf/NOTES#2 (text+ko) ====
@@ -281,7 +281,9 @@
options SYSVSHM
options SYSVSEM
options SYSVMSG
-
+#
+# Enable Jail
+options JAIL
#####################################################################
# DEBUGGING OPTIONS
==== //depot/projects/jail2/sys/conf/files#2 (text+ko) ====
@@ -1283,6 +1283,10 @@
kern/kern_idle.c standard
kern/kern_intr.c standard
kern/kern_jail.c standard
+kern/kern_jail2_common.c optional jail
+kern/kern_jail2_network.c optional jail
+kern/kern_jail2_resource.c optional jail
+kern/kern_jail2_disk.c optional jail
kern/kern_kse.c standard
kern/kern_kthread.c standard
kern/kern_ktr.c optional ktr
==== //depot/projects/jail2/sys/conf/options#2 (text+ko) ====
@@ -723,3 +723,6 @@
# XFS
XFS
+
+# JAIL
+JAIL opt_global.h
==== //depot/projects/jail2/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c#2 (text+ko) ====
@@ -107,6 +107,10 @@
#endif
extern int ip_optcopy __P((struct ip *, struct ip *));
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#if (__FreeBSD_version > 460000)
extern int path_mtu_discovery;
#endif
@@ -460,7 +464,7 @@
friostat_t fio;
#if (BSD >= 199306) && defined(_KERNEL)
- if ((securelevel >= 3) && (mode & FWRITE))
+ if ((securelevel() >= 3) && (mode & FWRITE))
return EPERM;
#endif
==== //depot/projects/jail2/sys/contrib/ipfilter/netinet/ip_nat.c#2 (text+ko) ====
@@ -104,6 +104,10 @@
#endif
/* END OF INCLUDES */
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#undef SOCKADDR_IN
#define SOCKADDR_IN struct sockaddr_in
@@ -622,7 +626,7 @@
ipnat_t natd;
#if (BSD >= 199306) && defined(_KERNEL)
- if ((securelevel >= 3) && (mode & FWRITE))
+ if ((securelevel() >= 3) && (mode & FWRITE))
return EPERM;
#endif
==== //depot/projects/jail2/sys/ddb/db_command.c#2 (text+ko) ====
@@ -564,7 +564,7 @@
* since we're in DDB.
*/
/* sx_slock(&allproc_lock); */
- LIST_FOREACH(p, &allproc, p_list)
+ FOREACH_PROC_IN_SYSTEM(p)
if (p->p_pid == pid)
break;
/* sx_sunlock(&allproc_lock); */
==== //depot/projects/jail2/sys/ddb/db_ps.c#2 (text+ko) ====
@@ -32,7 +32,6 @@
#include <sys/param.h>
#include <sys/cons.h>
-#include <sys/jail.h>
#include <sys/kdb.h>
#include <sys/linker_set.h>
#include <sys/proc.h>
@@ -42,6 +41,10 @@
#include <vm/vm_param.h>
#include <vm/pmap.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <ddb/ddb.h>
static void dumpthread(volatile struct proc *p, volatile struct thread *td,
@@ -179,8 +182,10 @@
/* Cheated here and didn't compare pgid's. */
if (p->p_flag & P_CONTROLT)
strlcat(state, "+", sizeof(state));
+#ifdef JAIL
if (cred != NULL && jailed(cred))
strlcat(state, "J", sizeof(state));
+#endif
db_printf(" %-6.6s ", state);
if (p->p_flag & P_HADTHREADS)
#ifdef __LP64__
==== //depot/projects/jail2/sys/dev/firewire/firewire.c#2 (text+ko) ====
@@ -66,6 +66,10 @@
#include <dev/firewire/iec68113.h>
#endif
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
struct crom_src_buf {
struct crom_src src;
struct crom_chunk root;
@@ -649,7 +653,7 @@
crom_add_simple_text(src, root, &buf->vendor, "FreeBSD Project");
crom_add_entry(root, CSRKEY_HW, __FreeBSD_version);
#endif
- crom_add_simple_text(src, root, &buf->hw, hostname);
+ crom_add_simple_text(src, root, &buf->hw, hostname());
}
/*
==== //depot/projects/jail2/sys/dev/hwpmc/hwpmc_mod.c#2 (text+ko) ====
@@ -30,7 +30,6 @@
#include <sys/param.h>
#include <sys/eventhandler.h>
-#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/kthread.h>
#include <sys/limits.h>
@@ -53,6 +52,10 @@
#include <sys/systm.h>
#include <sys/vnode.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <sys/linker.h> /* needs to be after <sys/malloc.h> */
#include <machine/atomic.h>
@@ -2783,8 +2786,11 @@
KASSERT(td == curthread,
("[pmc,%d] td != curthread", __LINE__));
-
+#ifdef JAIL
if (suser(td) || jailed(td->td_ucred)) {
+#else
+ if (suser(td)) {
+#endif
error = EPERM;
break;
}
@@ -2920,9 +2926,13 @@
*/
if (PMC_IS_SYSTEM_MODE(mode)) {
+#ifdef JAIL
if (jailed(curthread->td_ucred))
error = EPERM;
else if (suser(curthread) &&
+#else
+ if (suser(curthread) &&
+#endif
(pmc_unprivileged_syspmcs == 0))
error = EPERM;
}
==== //depot/projects/jail2/sys/dev/syscons/daemon/daemon_saver.c#2 (text+ko) ====
@@ -37,6 +37,10 @@
#include <sys/consio.h>
#include <sys/fbio.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <machine/pc/display.h>
#include <dev/fb/fbreg.h>
@@ -350,10 +354,12 @@
static int
daemon_init(video_adapter_t *adp)
{
- messagelen = strlen(hostname) + 3 + strlen(ostype) + 1 +
+ messagelen = strlen(hostname()) + 3 + strlen(ostype) + 1 +
strlen(osrelease);
+
message = malloc(messagelen + 1, M_DEVBUF, M_WAITOK);
- sprintf(message, "%s - %s %s", hostname, ostype, osrelease);
+ sprintf(message, "%s - %s %s", hostname(), ostype, osrelease);
+
blanked = 0;
switch (adp->va_mode) {
case M_PC98_80x25:
@@ -364,7 +370,6 @@
attr_mask = ~0;
break;
}
-
return 0;
}
==== //depot/projects/jail2/sys/fs/procfs/procfs_status.c#2 (text+ko) ====
@@ -43,7 +43,6 @@
#include <sys/exec.h>
#include <sys/lock.h>
#include <sys/mutex.h>
-#include <sys/jail.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/sx.h>
@@ -53,6 +52,10 @@
#include <sys/sysent.h>
#include <sys/tty.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <vm/vm.h>
#include <vm/pmap.h>
#include <vm/vm_param.h>
@@ -155,7 +158,8 @@
for (i = 0; i < cr->cr_ngroups; i++) {
sbuf_printf(sb, ",%lu", (u_long)cr->cr_groups[i]);
}
-
+
+#ifdef JAIL
if (jailed(p->p_ucred)) {
mtx_lock(&p->p_ucred->cr_prison->pr_mtx);
sbuf_printf(sb, " %s", p->p_ucred->cr_prison->pr_host);
@@ -163,6 +167,9 @@
} else {
sbuf_printf(sb, " -");
}
+#else
+ sbuf_printf(sb, " -");
+#endif
PROC_UNLOCK(p);
sbuf_printf(sb, "\n");
==== //depot/projects/jail2/sys/geom/vinum/geom_vinum_drive.c#2 (text+ko) ====
@@ -42,6 +42,10 @@
#include <sys/systm.h>
#include <sys/time.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <geom/geom.h>
#include <geom/vinum/geom_vinum_var.h>
#include <geom/vinum/geom_vinum.h>
@@ -61,8 +65,8 @@
vhdr = g_malloc(sizeof(*vhdr), M_WAITOK | M_ZERO);
vhdr->magic = GV_MAGIC;
vhdr->config_length = GV_CFG_LEN;
-
- bcopy(hostname, vhdr->label.sysname, GV_HOSTNAME_LEN);
+
+ bcopy(hostname(), vhdr->label.sysname, GV_HOSTNAME_LEN);
strncpy(vhdr->label.name, d->name, GV_MAXDRIVENAME);
microtime(&vhdr->label.date_of_birth);
==== //depot/projects/jail2/sys/i386/i386/dump_machdep.c#2 (text+ko) ====
@@ -39,6 +39,10 @@
#include <machine/elf.h>
#include <machine/md_var.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
CTASSERT(sizeof(struct kerneldumpheader) == 512);
int do_minidump = 1;
@@ -118,7 +122,7 @@
kdh->dumplength = htod64(dumplen);
kdh->dumptime = htod64(time_second);
kdh->blocksize = htod32(blksz);
- strncpy(kdh->hostname, hostname, sizeof(kdh->hostname));
+ strncpy(kdh->hostname, hostname(), sizeof(kdh->hostname));
strncpy(kdh->versionstring, version, sizeof(kdh->versionstring));
if (panicstr != NULL)
strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
==== //depot/projects/jail2/sys/i386/i386/minidump_machdep.c#2 (text) ====
@@ -42,6 +42,10 @@
#include <machine/vmparam.h>
#include <machine/minidump.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
CTASSERT(sizeof(struct kerneldumpheader) == 512);
/*
@@ -92,7 +96,7 @@
kdh->dumplength = htod64(dumplen);
kdh->dumptime = htod64(time_second);
kdh->blocksize = htod32(blksz);
- strncpy(kdh->hostname, hostname, sizeof(kdh->hostname));
+ strncpy(kdh->hostname, hostname(), sizeof(kdh->hostname));
strncpy(kdh->versionstring, version, sizeof(kdh->versionstring));
if (panicstr != NULL)
strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring));
==== //depot/projects/jail2/sys/i386/i386/pmap.c#2 (text+ko) ====
@@ -3401,7 +3401,7 @@
int index;
sx_slock(&allproc_lock);
- LIST_FOREACH(p, &allproc, p_list) {
+ FOREACH_PROC_IN_SYSTEM(p) {
if (p->p_pid != pid)
continue;
==== //depot/projects/jail2/sys/i386/ibcs2/ibcs2_socksys.c#2 (text+ko) ====
@@ -29,10 +29,13 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/sysproto.h>
-#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/sysctl.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <i386/ibcs2/ibcs2_socksys.h>
#include <i386/ibcs2/ibcs2_util.h>
@@ -150,8 +153,6 @@
int len;
/* Get the domain name */
- getcredhostname(td->td_ucred, hname, sizeof(hname));
-
dptr = index(hname, '.');
if ( dptr )
dptr++;
@@ -177,12 +178,17 @@
if ((error = suser(td)))
return (error);
+
+ /* Get the host's unqualified name (strip off the domain) */
+#ifdef JAIL
+ getcredhostname(td->td_ucred, hname, sizeof(hname));
+#else
+ strlcpy(hname, hostname, sizeof(hname));
+#endif
/* W/out a hostname a domain-name is nonsense */
- if ( strlen(hostname) == 0 )
+ if ( strlen(hname) == 0 )
return EINVAL;
- /* Get the host's unqualified name (strip off the domain) */
- snprintf(hname, sizeof(hname), "%s", hostname);
ptr = index(hname, '.');
if ( ptr != NULL ) {
ptr++;
==== //depot/projects/jail2/sys/i386/ibcs2/ibcs2_stat.c#2 (text+ko) ====
@@ -35,7 +35,6 @@
#include <sys/file.h>
#include <sys/stat.h>
#include <sys/filedesc.h>
-#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/mount.h>
#include <sys/malloc.h>
@@ -44,6 +43,10 @@
#include <sys/sysctl.h>
#include <sys/sysproto.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <i386/ibcs2/ibcs2_signal.h>
#include <i386/ibcs2/ibcs2_stat.h>
#include <i386/ibcs2/ibcs2_statfs.h>
@@ -210,8 +213,13 @@
IBCS2_UNAME_RELEASE, sizeof(sut.release) - 1);
strncpy(sut.version,
IBCS2_UNAME_VERSION, sizeof(sut.version) - 1);
+#ifdef JAIL
getcredhostname(td->td_ucred, machine_name,
sizeof(machine_name) - 1);
+#else
+ strlcpy(machine_name, hostname, sizeof(machine_name) - 1);
+#endif
+
p = index(machine_name, '.');
if ( p )
*p = '\0';
==== //depot/projects/jail2/sys/i386/ibcs2/ibcs2_sysvec.c#2 (text+ko) ====
@@ -110,7 +110,7 @@
case MOD_UNLOAD:
/* if this was an ELF module we'd use elf_brand_inuse()... */
sx_slock(&allproc_lock);
- LIST_FOREACH(p, &allproc, p_list) {
+ FOREACH_PROC_IN_SYSTEM(p) {
if (p->p_sysent == &ibcs2_svr3_sysvec) {
rval = EBUSY;
break;
==== //depot/projects/jail2/sys/i386/ibcs2/ibcs2_xenix.c#2 (text+ko) ====
@@ -35,7 +35,6 @@
#include <sys/systm.h>
#include <sys/namei.h>
#include <sys/sysproto.h>
-#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/filio.h>
@@ -44,6 +43,10 @@
#include <sys/sysctl.h>
#include <sys/unistd.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
#include <machine/cpu.h>
#include <i386/ibcs2/ibcs2_types.h>
@@ -171,8 +174,12 @@
bzero(&ibcs2_sco_uname, sizeof(struct ibcs2_sco_utsname));
strncpy(ibcs2_sco_uname.sysname, ostype,
sizeof(ibcs2_sco_uname.sysname) - 1);
+#ifdef JAIL
getcredhostname(td->td_ucred, ibcs2_sco_uname.nodename,
sizeof(ibcs2_sco_uname.nodename) - 1);
+#else
+ strlcpy(ibcs2_sco_uname.nodename, hostname(), sizeof(ibcs2_sco_uname.nodename)-1);
+#endif
strncpy(ibcs2_sco_uname.release, osrelease,
sizeof(ibcs2_sco_uname.release) - 1);
strncpy(ibcs2_sco_uname.kernelid, version,
==== //depot/projects/jail2/sys/ia64/ia64/dump_machdep.c#2 (text+ko) ====
@@ -39,6 +39,10 @@
#include <machine/elf.h>
#include <machine/md_var.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
+
CTASSERT(sizeof(struct kerneldumpheader) == 512);
/*
@@ -73,7 +77,7 @@
kdh->dumplength = htod64(dumplen);
kdh->dumptime = htod64(time_second);
kdh->blocksize = htod32(blksz);
- strncpy(kdh->hostname, hostname, sizeof(kdh->hostname));
+ strncpy(kdh->hostname, hostname(), sizeof(kdh->hostname));
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list