Jail sysctls and new flags to sysctls.
Pawel Jakub Dawidek
nick at garage.freebsd.pl
Thu Jul 17 09:02:06 PDT 2003
Hello hackers.
I've prepare a quite handy patch.
This patch adds sysctls for every jails. Sysctls are created automatically
when jail is created and destroyed when jail is removed.
If jail with ID 3 is created we got new sysctls:
security.jails.3.path (RD)
security.jails.3.host (RW)
security.jails.3.ip (RD)
security.jails.3.securelevel (RW)
Patch add also two flags to sysctls:
CTLFLAG_USERINV - sysctl is invisible for unprivileged users
CTLFLAG_JAILINV - sysctl is invisible in jail environment
So newly created sysctls aren't visable in jails.
it also provides changing host of running jail and its securelevel.
Jail's securelevel could be even downgraded if it stay bigger or equal
to main securelevel.
With this functionality jls(8) could be rewritten to use this and xprison
struct could be removed from kernel.
Patch against FreeBSD 5.1-CURRENT, kern.osreldate: 501102.
It is avaliable at:
http://garage.freebsd.pl/patches/jail_sysctls.patch
--
Pawel Jakub Dawidek pawel at dawidek.net
UNIX Systems Programmer/Administrator http://garage.freebsd.pl
Am I Evil? Yes, I Am! http://cerber.sourceforge.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 305 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20030717/80e05df2/attachment.bin
More information about the freebsd-hackers
mailing list