svn commit: r339411 - stable/11/sys/kern

Julian Elischer julian at freebsd.org
Thu Oct 18 22:14:50 UTC 2018 

On 17/10/18 9:17 am, Jamie Gritton wrote:
> Author: jamie
> Date: Wed Oct 17 16:17:57 2018
> New Revision: 339411
> URL: https://svnweb.freebsd.org/changeset/base/339411
>
> Log:
>    MFC r339211:
>    
>      Fix the test prohibiting jails from sharing IP addresses.
>    
>      It's not supposed to be legal for two jails to contain the same IP address,
>      unless both jails contain only that one address.  This is the behavior
>      documented in jail(8), and is there to prevent confusion when multiple
>      jails are listening on IADDR_ANY.
>    
>      VIMAGE jails (now the default for GENERIC kernels) test this correctly,
>      but non-VIMAGE jails have been performing an incomplete test when nested
>      jails are used.
I think VIMAGE Jails should be able to have the same address 
optionally..  who says they are even in the same universe?

>
> Modified:
>    stable/11/sys/kern/kern_jail.c
> Directory Properties:
>    stable/11/   (props changed)
>
> Modified: stable/11/sys/kern/kern_jail.c
> ==============================================================================
> --- stable/11/sys/kern/kern_jail.c	Wed Oct 17 16:17:56 2018	(r339410)
> +++ stable/11/sys/kern/kern_jail.c	Wed Oct 17 16:17:57 2018	(r339411)
> @@ -1411,11 +1411,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i
>   		 * there is a duplicate on a jail with more than one
>   		 * IP stop checking and return error.
>   		 */
> -		tppr = ppr;
>   #ifdef VIMAGE
> -		for (; tppr != &prison0; tppr = tppr->pr_parent)
> +		for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
>   			if (tppr->pr_flags & PR_VNET)
>   				break;
> +#else
> +		tppr = &prison0;
>   #endif
>   		FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
>   			if (tpr == pr ||
> @@ -1478,11 +1479,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i
>   			}
>   		}
>   		/* Check for conflicting IP addresses. */
> -		tppr = ppr;
>   #ifdef VIMAGE
> -		for (; tppr != &prison0; tppr = tppr->pr_parent)
> +		for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
>   			if (tppr->pr_flags & PR_VNET)
>   				break;
> +#else
> +		tppr = &prison0;
>   #endif
>   		FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
>   			if (tpr == pr ||
>
>

More information about the svn-src-stable-11 mailing list