git: 58c92776d158 - main - jail: separate "statically valid allow flags" from "prison0 allow flags"

From: Kyle Evans <kevans_at_FreeBSD.org>
Date: Fri, 08 Aug 2025 04:27:17 UTC 
The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=58c92776d1580717934e29ca2c0ef9bf2fbb7397

commit 58c92776d1580717934e29ca2c0ef9bf2fbb7397
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-08-08 04:26:51 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-08-08 04:26:51 +0000

    jail: separate "statically valid allow flags" from "prison0 allow flags"
    
    The current setup means that we can't add an allow flag in sys/jail.h
    that's disabled by default without removing it from the pr_flags
    assignment in kern_jail.c.  That's technically fine, but I think it's
    better to make it more prevalent at the PR_ALLOW_* definition site so
    that it's top-of-mind when adding a new flag.
    
    This is a preparatory change for adding an allow flag that prison0 will
    also have disabled by default, but with an allow.* knob and sysctl to
    enable it.
    
    Reviewed by:    jamie
    Differential Revision:  https://reviews.freebsd.org/D51656
---
 sys/kern/kern_jail.c | 5 ++++-
 sys/sys/jail.h       | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 7ef1d19f0ea8..14e6e735f8e7 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -115,8 +115,11 @@ struct prison prison0 = {
 #else
 	.pr_flags	= PR_HOST|_PR_IP_SADDRSEL,
 #endif
-	.pr_allow	= PR_ALLOW_ALL_STATIC,
+	.pr_allow	= PR_ALLOW_PRISON0,
 };
+_Static_assert((PR_ALLOW_PRISON0 & ~PR_ALLOW_ALL_STATIC) == 0,
+    "Bits enabled in PR_ALLOW_PRISON0 that are not statically reserved");
+
 MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
 
 struct bool_flags {
diff --git a/sys/sys/jail.h b/sys/sys/jail.h
index 24c420e2c976..efe5e3ee8db7 100644
--- a/sys/sys/jail.h
+++ b/sys/sys/jail.h
@@ -260,7 +260,15 @@ struct prison_racct {
 #define	PR_ALLOW_ADJTIME		0x00080000
 #define	PR_ALLOW_SETTIME		0x00100000
 #define	PR_ALLOW_ROUTING		0x00200000
+
+/*
+ * PR_ALLOW_PRISON0 are the allow flags that we apply by default to prison0,
+ * while PR_ALLOW_ALL_STATIC are all of the allow bits that we have allocated at
+ * build time.  PR_ALLOW_ALL_STATIC should contain any bit above that we expect
+ * to be used on the system, while PR_ALLOW_PRISON0 will be some subset of that.
+ */
 #define	PR_ALLOW_ALL_STATIC		0x003f87ff
+#define	PR_ALLOW_PRISON0		(PR_ALLOW_ALL_STATIC)
 
 /*
  * PR_ALLOW_DIFFERENCES determines which flags are able to be