From nobody Fri Jun 28 10:25:21 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4W9Wm20bKJz5FDZG; Fri, 28 Jun 2024 10:25:22 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4W9Wm205DKz4qgY; Fri, 28 Jun 2024 10:25:22 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719570322; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Hn75RlR2odnQLABhH7wK7me5iejYl1Zp+NFYKjf1GiU=; b=tQE1HXgV2i2JEFq8bhlud1K6VY1ipU3OFQWQ5+vjT7tTyLiynbtssAwzobqBLq6wbuia53 NfJ0ktXA1bbEXZvcYiNjY28s4Mj5GEiaaOCj1eDnRofkdRFpmoB75AxbMmbcNlZvwEOCX9 qOAlhXUBxib2ReNiTGPFoTFT4And/8Ksa1PlyF6dvYb0hWpEQW6GwwMjWx1bvKzeb6K300 b0JTmwqcI5LH+uBVB1dL16XP9dc8NPgKkBAy52rxKbZnIgovzqx3pPxrMAXMx5jeUJfUoT yVFVMvldLx36/2N+j1xn+7lVNG4uAnRiKS6/XVZygdOUV51oNisb9qlghUjI+Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1719570322; a=rsa-sha256; cv=none; b=P/vmCNJTSa7dvTC3FuIw1e/nJ/b5zsyuuCNjKmlHqe1qP5FnyiqLZw3GIfbByfQB8pIrtR EywO4Qoa0aLxEDfqSwKVHrCOoxNyzMwquCiteDHGhmyOGhmq3pg45zGq7088mduUhbbwja io3Ld+sU5yNDeACuCCsFNXQZFzVWJJqRsGEoU62eLaABtItCtTyvkh4uq8sGhz0D0K5818 7ExQOcCzq2nGgM4Qcv775QX7apvWScUtjvdijsrzKHgF22oIqUSbQvo9hayS8pKFavS/mA WSisgb8jyUEUd2Am1WiavixOdQn1YcbysXdWaGwbH2jD1Vnd72boayy6gCiAbg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1719570322; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Hn75RlR2odnQLABhH7wK7me5iejYl1Zp+NFYKjf1GiU=; b=ujAlEcBd4+2AMLD9Cl/NRriBqHD6+tdB9bx3jBKHbGKz4JIPpB49+FONUuBjqwfurTEl6O b1oRM4DDOb+7rciGbwTN2Z7G1Lvlte3VQ5TI/CgWUZMOcBGrMwTDTFNEpB3GOxDf9d6xmz Axi9s+jnD9BUHdXWx3A9kOizjrHP/q+71rfblFL1m6UCW0uXlpRx6+CwEze5oRpO5DVuPe K8+wWK+9DBVVctBduhTUVjzHRpixRHoQWdkgfMReicdauX/OeFeTUV6Nd7WD/tcQcNu7Bg vtBUL0WGG8Vhsiys5rO6VObk9sIHzll5rwj6KerPk7QVrnNwRo1eyqgrW14puQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4W9Wm16pNXzsG9; Fri, 28 Jun 2024 10:25:21 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 45SAPL57092199; Fri, 28 Jun 2024 10:25:21 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 45SAPLcL092196; Fri, 28 Jun 2024 10:25:21 GMT (envelope-from git) Date: Fri, 28 Jun 2024 10:25:21 GMT Message-Id: <202406281025.45SAPLcL092196@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mariusz Zaborski Subject: git: d3bb35d4e51b - main - jail: allow adjustment of host time List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: oshogbo X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d3bb35d4e51b06488b731071e7841f549bd5d26f Auto-Submitted: auto-generated The branch main has been updated by oshogbo: URL: https://cgit.FreeBSD.org/src/commit/?id=d3bb35d4e51b06488b731071e7841f549bd5d26f commit d3bb35d4e51b06488b731071e7841f549bd5d26f Author: Mariusz Zaborski AuthorDate: 2024-06-28 10:23:31 +0000 Commit: Mariusz Zaborski CommitDate: 2024-06-28 10:23:31 +0000 jail: allow adjustment of host time Add a special permission to the jail to adjust and to set the host time. This can be useful if we want to compartmentalize the NTP daemon from the rest of the system. Reviewed by: olce, imp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D45545 --- sys/kern/kern_jail.c | 28 ++++++++++++++++++++++++++++ sys/sys/jail.h | 4 +++- usr.sbin/jail/jail.8 | 17 +++++++++++++++++ 3 files changed, 48 insertions(+), 1 deletion(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 90a043394792..38aea998d196 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -223,6 +223,8 @@ static struct bool_flags pr_flag_allow[NBBY * NBPW] = { {"allow.nfsd", "allow.nonfsd", PR_ALLOW_NFSD}, #endif {"allow.extattr", "allow.noextattr", PR_ALLOW_EXTATTR}, + {"allow.adjtime", "allow.noadjtime", PR_ALLOW_ADJTIME}, + {"allow.settime", "allow.nosettime", PR_ALLOW_SETTIME}, }; static unsigned pr_allow_all = PR_ALLOW_ALL_STATIC; const size_t pr_flag_allow_size = sizeof(pr_flag_allow); @@ -4167,6 +4169,28 @@ prison_priv_check(struct ucred *cred, int priv) return (0); return (EPERM); + /* + * Conditionally allow privileged process in the jail adjust + * machine time. + */ + case PRIV_ADJTIME: + case PRIV_NTP_ADJTIME: + if (cred->cr_prison->pr_allow & + (PR_ALLOW_ADJTIME | PR_ALLOW_SETTIME)) { + return (0); + } + return (EPERM); + + /* + * Conditionally allow privileged process in the jail set + * machine time. + */ + case PRIV_CLOCK_SETTIME: + if (cred->cr_prison->pr_allow & PR_ALLOW_SETTIME) + return (0); + else + return (EPERM); + default: /* * In all remaining cases, deny the privilege request. This @@ -4631,6 +4655,10 @@ SYSCTL_JAIL_PARAM(_allow, nfsd, CTLTYPE_INT | CTLFLAG_RW, #endif SYSCTL_JAIL_PARAM(_allow, extattr, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may set system-level filesystem extended attributes"); +SYSCTL_JAIL_PARAM(_allow, adjtime, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may adjust system time"); +SYSCTL_JAIL_PARAM(_allow, settime, CTLTYPE_INT | CTLFLAG_RW, + "B", "Jail may set system time"); SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags"); SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 6e7b6cc9ad6a..31928be73502 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -254,7 +254,9 @@ struct prison_racct { #define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */ #define PR_ALLOW_NFSD 0x00020000 #define PR_ALLOW_EXTATTR 0x00040000 -#define PR_ALLOW_ALL_STATIC 0x000787ff +#define PR_ALLOW_ADJTIME 0x00080000 +#define PR_ALLOW_SETTIME 0x00100000 +#define PR_ALLOW_ALL_STATIC 0x001f87ff /* * PR_ALLOW_DIFFERENCES determines which flags are able to be diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index ca7b3f95fdbc..2ecb711c971f 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -656,6 +656,18 @@ The super-user is enabled by default. .It Va allow.extattr Allow privileged process in the jail to manipulate filesystem extended attributes in the system namespace. +.It Va allow.adjtime +Allow privileged process in the jail to slowly adjusting global operating system +time. +For example through utilities like +.Xr ntpd 8 . +.It Va allow.settime +Allow privileged process in the jail to set global operating system data +and time. +For example through utilities like +.Xr date 1 . +This permission includes also +.Va allow.adjtime . .El .El .Pp @@ -1416,6 +1428,7 @@ appears relative to its creator's own This is by virtue of the child jail being created in the chrooted environment of the first jail. .Sh SEE ALSO +.Xr date 1 , .Xr killall 1 , .Xr lsvfs 1 , .Xr newaliases 1 , @@ -1423,6 +1436,9 @@ environment of the first jail. .Xr pkill 1 , .Xr ps 1 , .Xr quota 1 , +.Xr adjtime 2 , +.Xr clock_settime 2 , +.Xr ntp_adjtime 2 , .Xr jail_set 2 , .Xr devfs 4 , .Xr fdescfs 4 , @@ -1444,6 +1460,7 @@ environment of the first jail. .Xr mount 8 , .Xr mountd 8 , .Xr nfsd 8 , +.Xr ntpd 8 , .Xr reboot 8 , .Xr rpcbind 8 , .Xr sendmail 8 ,