PERFORCE change 187258 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Tue Dec 28 18:29:48 UTC 2010
http://p4web.freebsd.org/@@187258?ac=10
Change 187258 by trasz at trasz_victim on 2010/12/28 18:29:43
Fix per-jail rules storage.
Affected files ...
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#101 edit
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_jail.c#27 edit
.. //depot/projects/soc2009/trasz_limits/sys/sys/jail.h#16 edit
Differences ...
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#101 (text+ko) ====
@@ -949,6 +949,9 @@
error = ui_container_foreach(hrl_rule_remove_callback, filter,
(void *)&found);
KASSERT(error == 0, ("ui_container_foreach failed"));
+ error = prison_container_foreach(hrl_rule_remove_callback, filter,
+ (void *)&found);
+ KASSERT(error == 0, ("prison_container_foreach failed"));
sx_assert(&allproc_lock, SA_LOCKED);
FOREACH_PROC_IN_SYSTEM(p) {
@@ -1210,6 +1213,7 @@
mtx_lock(&hrl_lock);
loginclass_container_foreach(hrl_get_rules_callback, filter, sb);
ui_container_foreach(hrl_get_rules_callback, filter, sb);
+ prison_container_foreach(hrl_get_rules_callback, filter, sb);
mtx_unlock(&hrl_lock);
if (sbuf_error(sb) == ENOMEM) {
sbuf_delete(sb);
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_jail.c#27 (text+ko) ====
@@ -4252,6 +4252,28 @@
SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW,
"B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route");
+#ifdef HRL
+int
+prison_container_foreach(int (*callback)(struct container *container,
+ const struct hrl_rule *filter, void *arg3),
+ const struct hrl_rule *filter, void *arg3)
+{
+ int error;
+ struct prison *pr;
+
+ sx_slock(&allprison_lock);
+ TAILQ_FOREACH(pr, &allprison, pr_list) {
+ error = (callback)(&pr->pr_container, filter, arg3);
+ if (error != 0) {
+ sx_sunlock(&allprison_lock);
+ return (error);
+ }
+ }
+ sx_sunlock(&allprison_lock);
+
+ return (0);
+}
+#endif
#ifdef DDB
==== //depot/projects/soc2009/trasz_limits/sys/sys/jail.h#16 (text+ko) ====
@@ -341,6 +341,8 @@
struct mount;
struct sockaddr;
struct statfs;
+struct container;
+struct hrl_rule;
int jailed(struct ucred *cred);
int jailed_without_vnet(struct ucred *);
void getcredhostname(struct ucred *, char *, size_t);
@@ -383,6 +385,9 @@
char *prison_name(struct prison *, struct prison *);
int prison_priv_check(struct ucred *cred, int priv);
int sysctl_jail_param(struct sysctl_oid *, void *, int , struct sysctl_req *);
+int prison_container_foreach(int (*callback)(struct container *container,
+ const struct hrl_rule *filter, void *arg3),
+ const struct hrl_rule *filter, void *arg3);
#endif /* _KERNEL */
#endif /* !_SYS_JAIL_H_ */
More information about the p4-projects
mailing list