svn commit: r339211 - head/sys/kern
Jamie Gritton
jamie at FreeBSD.org
Sat Oct 6 02:10:32 UTC 2018
Author: jamie
Date: Sat Oct 6 02:10:32 2018
New Revision: 339211
URL: https://svnweb.freebsd.org/changeset/base/339211
Log:
Fix the test prohibiting jails from sharing IP addresses.
It's not supposed to be legal for two jails to contain the same IP address,
unless both jails contain only that one address. This is the behavior
documented in jail(8), and is there to prevent confusion when multiple
jails are listening on IADDR_ANY.
VIMAGE jails (now the default for GENERIC kernels) test this correctly,
but non-VIMAGE jails have been performing an incomplete test when nested
jails are used.
Approved by: re@ (kib@)
MFC after: 5 days
Modified:
head/sys/kern/kern_jail.c
Modified: head/sys/kern/kern_jail.c
==============================================================================
--- head/sys/kern/kern_jail.c Fri Oct 5 21:10:03 2018 (r339210)
+++ head/sys/kern/kern_jail.c Sat Oct 6 02:10:32 2018 (r339211)
@@ -1393,11 +1393,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i
* there is a duplicate on a jail with more than one
* IP stop checking and return error.
*/
- tppr = ppr;
#ifdef VIMAGE
- for (; tppr != &prison0; tppr = tppr->pr_parent)
+ for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
if (tppr->pr_flags & PR_VNET)
break;
+#else
+ tppr = &prison0;
#endif
FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
if (tpr == pr ||
@@ -1460,11 +1461,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i
}
}
/* Check for conflicting IP addresses. */
- tppr = ppr;
#ifdef VIMAGE
- for (; tppr != &prison0; tppr = tppr->pr_parent)
+ for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
if (tppr->pr_flags & PR_VNET)
break;
+#else
+ tppr = &prison0;
#endif
FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
if (tpr == pr ||
More information about the svn-src-all
mailing list