git: 16e1424d24b9 - stable/14 - jail: expose children.max and children.cur via sysctl

From: Jamie Gritton <jamie_at_FreeBSD.org>
Date: Sun, 13 Oct 2024 23:46:17 UTC 
The branch stable/14 has been updated by jamie:

URL: https://cgit.FreeBSD.org/src/commit/?id=16e1424d24b9ab6e90f0bbb5d1a8d11479ea34e5

commit 16e1424d24b9ab6e90f0bbb5d1a8d11479ea34e5
Author:     Jamie Gritton <jamie@FreeBSD.org>
AuthorDate: 2024-10-13 23:45:58 +0000
Commit:     Jamie Gritton <jamie@FreeBSD.org>
CommitDate: 2024-10-13 23:45:58 +0000

    jail: expose children.max and children.cur via sysctl
    
    Submitted by:   Igor Ostapenko <igor.ostapenko_pm.me>
    Differential Revision:  <https://reviews.freebsd.org/D43565>
    
    (cherry picked from commit ab0841bdbe8460db6eb77e0228a08812ce74d583)
---
 sys/kern/kern_jail.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 1f775f78e581..a4bd27734e8e 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -4425,6 +4425,35 @@ SYSCTL_PROC(_security_jail, OID_AUTO, devfs_ruleset,
     sysctl_jail_default_level, "I",
     "Ruleset for the devfs filesystem in jail (deprecated)");
 
+SYSCTL_NODE(_security_jail, OID_AUTO, children, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
+    "Limits and stats of child jails");
+
+static int
+sysctl_jail_children(SYSCTL_HANDLER_ARGS)
+{
+	struct prison *pr;
+	int i;
+
+	pr = req->td->td_ucred->cr_prison;
+
+	switch (oidp->oid_kind & CTLTYPE) {
+	case CTLTYPE_INT:
+		i = *(int *)((char *)pr + arg2);
+		return (SYSCTL_OUT(req, &i, sizeof(i)));
+	}
+
+	return (0);
+}
+
+SYSCTL_PROC(_security_jail_children, OID_AUTO, max,
+    CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE,
+    NULL, offsetof(struct prison, pr_childmax), sysctl_jail_children,
+    "I", "Maximum number of child jails");
+SYSCTL_PROC(_security_jail_children, OID_AUTO, cur,
+    CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE,
+    NULL, offsetof(struct prison, pr_childcount), sysctl_jail_children,
+    "I", "Current number of child jails");
+
 /*
  * Nodes to describe jail parameters.  Maximum length of string parameters
  * is returned in the string itself, and the other parameters exist merely