PERFORCE change 187258 for review

Edward Tomasz Napierala trasz at FreeBSD.org
Tue Dec 28 18:29:48 UTC 2010 

http://p4web.freebsd.org/@@187258?ac=10

Change 187258 by trasz at trasz_victim on 2010/12/28 18:29:43

	Fix per-jail rules storage.

Affected files ...

.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#101 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_jail.c#27 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/jail.h#16 edit

Differences ...

==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#101 (text+ko) ====

@@ -949,6 +949,9 @@
 	error = ui_container_foreach(hrl_rule_remove_callback, filter,
 	    (void *)&found);
 	KASSERT(error == 0, ("ui_container_foreach failed"));
+	error = prison_container_foreach(hrl_rule_remove_callback, filter,
+	    (void *)&found);
+	KASSERT(error == 0, ("prison_container_foreach failed"));
 
 	sx_assert(&allproc_lock, SA_LOCKED);
 	FOREACH_PROC_IN_SYSTEM(p) {
@@ -1210,6 +1213,7 @@
 	mtx_lock(&hrl_lock);
 	loginclass_container_foreach(hrl_get_rules_callback, filter, sb);
 	ui_container_foreach(hrl_get_rules_callback, filter, sb);
+	prison_container_foreach(hrl_get_rules_callback, filter, sb);
 	mtx_unlock(&hrl_lock);
 	if (sbuf_error(sb) == ENOMEM) {
 		sbuf_delete(sb);

==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_jail.c#27 (text+ko) ====

@@ -4252,6 +4252,28 @@
 SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW,
     "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route");
 
+#ifdef HRL
+int
+prison_container_foreach(int (*callback)(struct container *container,
+    const struct hrl_rule *filter, void *arg3),
+    const struct hrl_rule *filter, void *arg3)
+{
+	int error;
+	struct prison *pr;
+
+	sx_slock(&allprison_lock);
+	TAILQ_FOREACH(pr, &allprison, pr_list) {
+		error = (callback)(&pr->pr_container, filter, arg3);
+		if (error != 0) {
+			sx_sunlock(&allprison_lock);
+			return (error);
+		}
+	}
+	sx_sunlock(&allprison_lock);
+
+	return (0);
+}
+#endif
 
 #ifdef DDB
 

==== //depot/projects/soc2009/trasz_limits/sys/sys/jail.h#16 (text+ko) ====

@@ -341,6 +341,8 @@
 struct mount;
 struct sockaddr;
 struct statfs;
+struct container;
+struct hrl_rule;
 int jailed(struct ucred *cred);
 int jailed_without_vnet(struct ucred *);
 void getcredhostname(struct ucred *, char *, size_t);
@@ -383,6 +385,9 @@
 char *prison_name(struct prison *, struct prison *);
 int prison_priv_check(struct ucred *cred, int priv);
 int sysctl_jail_param(struct sysctl_oid *, void *, int , struct sysctl_req *);
+int prison_container_foreach(int (*callback)(struct container *container,
+	    const struct hrl_rule *filter, void *arg3),
+	    const struct hrl_rule *filter, void *arg3);
 
 #endif /* _KERNEL */
 #endif /* !_SYS_JAIL_H_ */

More information about the p4-projects mailing list