git: 56b9de5484bc - stable/14 - jail: separate "statically valid allow flags" from "prison0 allow flags"

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Tue, 03 Feb 2026 04:38:07 UTC
The branch stable/14 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=56b9de5484bc035304290d83fb2dc92d55b98eb4

commit 56b9de5484bc035304290d83fb2dc92d55b98eb4
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2026-02-03 04:37:23 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2026-02-03 04:37:23 +0000

    jail: separate "statically valid allow flags" from "prison0 allow flags"
    
    The current setup means that we can't add an allow flag in sys/jail.h
    that's disabled by default without removing it from the pr_flags
    assignment in kern_jail.c.  That's technically fine, but I think it's
    better to make it more prevalent at the PR_ALLOW_* definition site so
    that it's top-of-mind when adding a new flag.
    
    This is a preparatory change for adding an allow flag that prison0 will
    also have disabled by default, but with an allow.* knob and sysctl to
    enable it.
    
    Reviewed by:    jamie
    
    (cherry picked from commit 58c92776d1580717934e29ca2c0ef9bf2fbb7397)
---
 sys/kern/kern_jail.c | 5 ++++-
 sys/sys/jail.h       | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 03a5eaabdf34..30b77090434e 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -117,8 +117,11 @@ struct prison prison0 = {
 #else
 	.pr_flags	= PR_HOST|_PR_IP_SADDRSEL,
 #endif
-	.pr_allow	= PR_ALLOW_ALL_STATIC,
+	.pr_allow	= PR_ALLOW_PRISON0,
 };
+_Static_assert((PR_ALLOW_PRISON0 & ~PR_ALLOW_ALL_STATIC) == 0,
+    "Bits enabled in PR_ALLOW_PRISON0 that are not statically reserved");
+
 MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
 
 struct bool_flags {
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
index 0291d99ec5af..504dedc277df 100644
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -257,7 +257,15 @@ struct prison_racct {
 #define	PR_ALLOW_KMEM_ACCESS		0x00010000	/* reserved, not used yet */
 #define	PR_ALLOW_NFSD			0x00020000
 #define	PR_ALLOW_ROUTING		0x00040000
+
+/*
+ * PR_ALLOW_PRISON0 are the allow flags that we apply by default to prison0,
+ * while PR_ALLOW_ALL_STATIC are all of the allow bits that we have allocated at
+ * build time.  PR_ALLOW_ALL_STATIC should contain any bit above that we expect
+ * to be used on the system, while PR_ALLOW_PRISON0 will be some subset of that.
+ */
 #define	PR_ALLOW_ALL_STATIC		0x000787ff
+#define	PR_ALLOW_PRISON0		(PR_ALLOW_ALL_STATIC)
 
 /*
  * PR_ALLOW_DIFFERENCES determines which flags are able to be