svn commit: r196178 - in stable/8/sys: . amd64/include/xen
cddl/contrib/opensolaris contrib/dev/acpica contrib/pf
dev/ata dev/cxgb dev/sound/usb dev/usb dev/usb/controller
dev/usb/input dev/usb/mis...
Bjoern A. Zeeb
bz at FreeBSD.org
Thu Aug 13 10:31:04 UTC 2009
Author: bz
Date: Thu Aug 13 10:31:02 2009
New Revision: 196178
URL: http://svn.freebsd.org/changeset/base/196178
Log:
MFC r196176:
Make it possible to change the vnet sysctl variables on jails
with their own virtual network stack. Jails only inheriting a
network stack cannot change anything that cannot be changed from
within a prison.
Reviewed by: rwatson, zec
Approved by: re (kib)
Modified:
stable/8/sys/ (props changed)
stable/8/sys/amd64/include/xen/ (props changed)
stable/8/sys/cddl/contrib/opensolaris/ (props changed)
stable/8/sys/contrib/dev/acpica/ (props changed)
stable/8/sys/contrib/pf/ (props changed)
stable/8/sys/dev/ata/ (props changed)
stable/8/sys/dev/ata/ata-usb.c (props changed)
stable/8/sys/dev/cxgb/ (props changed)
stable/8/sys/dev/sound/usb/uaudio.c (props changed)
stable/8/sys/dev/sound/usb/uaudio.h (props changed)
stable/8/sys/dev/sound/usb/uaudio_pcm.c (props changed)
stable/8/sys/dev/sound/usb/uaudioreg.h (props changed)
stable/8/sys/dev/usb/controller/at91dci.c (props changed)
stable/8/sys/dev/usb/controller/at91dci.h (props changed)
stable/8/sys/dev/usb/controller/at91dci_atmelarm.c (props changed)
stable/8/sys/dev/usb/controller/atmegadci.c (props changed)
stable/8/sys/dev/usb/controller/atmegadci.h (props changed)
stable/8/sys/dev/usb/controller/atmegadci_atmelarm.c (props changed)
stable/8/sys/dev/usb/controller/ehci.c (props changed)
stable/8/sys/dev/usb/controller/ehci.h (props changed)
stable/8/sys/dev/usb/controller/ehci_ixp4xx.c (props changed)
stable/8/sys/dev/usb/controller/ehci_mbus.c (props changed)
stable/8/sys/dev/usb/controller/ehci_pci.c (props changed)
stable/8/sys/dev/usb/controller/musb_otg.c (props changed)
stable/8/sys/dev/usb/controller/musb_otg.h (props changed)
stable/8/sys/dev/usb/controller/musb_otg_atmelarm.c (props changed)
stable/8/sys/dev/usb/controller/ohci.c (props changed)
stable/8/sys/dev/usb/controller/ohci.h (props changed)
stable/8/sys/dev/usb/controller/ohci_atmelarm.c (props changed)
stable/8/sys/dev/usb/controller/ohci_pci.c (props changed)
stable/8/sys/dev/usb/controller/uhci.c (props changed)
stable/8/sys/dev/usb/controller/uhci.h (props changed)
stable/8/sys/dev/usb/controller/uhci_pci.c (props changed)
stable/8/sys/dev/usb/controller/usb_controller.c (props changed)
stable/8/sys/dev/usb/controller/uss820dci.c (props changed)
stable/8/sys/dev/usb/controller/uss820dci.h (props changed)
stable/8/sys/dev/usb/controller/uss820dci_atmelarm.c (props changed)
stable/8/sys/dev/usb/input/uhid.c (props changed)
stable/8/sys/dev/usb/input/ukbd.c (props changed)
stable/8/sys/dev/usb/input/ums.c (props changed)
stable/8/sys/dev/usb/input/usb_rdesc.h (props changed)
stable/8/sys/dev/usb/misc/udbp.c (props changed)
stable/8/sys/dev/usb/misc/udbp.h (props changed)
stable/8/sys/dev/usb/misc/ufm.c (props changed)
stable/8/sys/dev/usb/net/if_aue.c (props changed)
stable/8/sys/dev/usb/net/if_auereg.h (props changed)
stable/8/sys/dev/usb/net/if_axe.c (props changed)
stable/8/sys/dev/usb/net/if_axereg.h (props changed)
stable/8/sys/dev/usb/net/if_cdce.c (props changed)
stable/8/sys/dev/usb/net/if_cdcereg.h (props changed)
stable/8/sys/dev/usb/net/if_cue.c (props changed)
stable/8/sys/dev/usb/net/if_cuereg.h (props changed)
stable/8/sys/dev/usb/net/if_kue.c (props changed)
stable/8/sys/dev/usb/net/if_kuefw.h (props changed)
stable/8/sys/dev/usb/net/if_kuereg.h (props changed)
stable/8/sys/dev/usb/net/if_rue.c (props changed)
stable/8/sys/dev/usb/net/if_ruereg.h (props changed)
stable/8/sys/dev/usb/net/if_udav.c (props changed)
stable/8/sys/dev/usb/net/if_udavreg.h (props changed)
stable/8/sys/dev/usb/net/usb_ethernet.c (props changed)
stable/8/sys/dev/usb/net/usb_ethernet.h (props changed)
stable/8/sys/dev/usb/quirk/usb_quirk.c (props changed)
stable/8/sys/dev/usb/quirk/usb_quirk.h (props changed)
stable/8/sys/dev/usb/serial/u3g.c (props changed)
stable/8/sys/dev/usb/serial/uark.c (props changed)
stable/8/sys/dev/usb/serial/ubsa.c (props changed)
stable/8/sys/dev/usb/serial/ubser.c (props changed)
stable/8/sys/dev/usb/serial/uchcom.c (props changed)
stable/8/sys/dev/usb/serial/ucycom.c (props changed)
stable/8/sys/dev/usb/serial/ufoma.c (props changed)
stable/8/sys/dev/usb/serial/uftdi.c (props changed)
stable/8/sys/dev/usb/serial/uftdi_reg.h (props changed)
stable/8/sys/dev/usb/serial/ugensa.c (props changed)
stable/8/sys/dev/usb/serial/uipaq.c (props changed)
stable/8/sys/dev/usb/serial/ulpt.c (props changed)
stable/8/sys/dev/usb/serial/umct.c (props changed)
stable/8/sys/dev/usb/serial/umodem.c (props changed)
stable/8/sys/dev/usb/serial/umoscom.c (props changed)
stable/8/sys/dev/usb/serial/uplcom.c (props changed)
stable/8/sys/dev/usb/serial/usb_serial.c (props changed)
stable/8/sys/dev/usb/serial/usb_serial.h (props changed)
stable/8/sys/dev/usb/serial/uslcom.c (props changed)
stable/8/sys/dev/usb/serial/uvisor.c (props changed)
stable/8/sys/dev/usb/serial/uvscom.c (props changed)
stable/8/sys/dev/usb/storage/rio500_usb.h (props changed)
stable/8/sys/dev/usb/storage/umass.c (props changed)
stable/8/sys/dev/usb/storage/urio.c (props changed)
stable/8/sys/dev/usb/storage/ustorage_fs.c (props changed)
stable/8/sys/dev/usb/template/usb_template.c (props changed)
stable/8/sys/dev/usb/template/usb_template.h (props changed)
stable/8/sys/dev/usb/template/usb_template_cdce.c (props changed)
stable/8/sys/dev/usb/template/usb_template_msc.c (props changed)
stable/8/sys/dev/usb/template/usb_template_mtp.c (props changed)
stable/8/sys/dev/usb/ufm_ioctl.h (props changed)
stable/8/sys/dev/usb/usb.h (props changed)
stable/8/sys/dev/usb/usb_bus.h (props changed)
stable/8/sys/dev/usb/usb_busdma.c (props changed)
stable/8/sys/dev/usb/usb_busdma.h (props changed)
stable/8/sys/dev/usb/usb_cdc.h (props changed)
stable/8/sys/dev/usb/usb_compat_linux.c (props changed)
stable/8/sys/dev/usb/usb_compat_linux.h (props changed)
stable/8/sys/dev/usb/usb_controller.h (props changed)
stable/8/sys/dev/usb/usb_core.c (props changed)
stable/8/sys/dev/usb/usb_core.h (props changed)
stable/8/sys/dev/usb/usb_debug.c (props changed)
stable/8/sys/dev/usb/usb_debug.h (props changed)
stable/8/sys/dev/usb/usb_dev.c (props changed)
stable/8/sys/dev/usb/usb_dev.h (props changed)
stable/8/sys/dev/usb/usb_device.c (props changed)
stable/8/sys/dev/usb/usb_device.h (props changed)
stable/8/sys/dev/usb/usb_dynamic.c (props changed)
stable/8/sys/dev/usb/usb_dynamic.h (props changed)
stable/8/sys/dev/usb/usb_endian.h (props changed)
stable/8/sys/dev/usb/usb_error.c (props changed)
stable/8/sys/dev/usb/usb_generic.c (props changed)
stable/8/sys/dev/usb/usb_generic.h (props changed)
stable/8/sys/dev/usb/usb_handle_request.c (props changed)
stable/8/sys/dev/usb/usb_hid.c (props changed)
stable/8/sys/dev/usb/usb_hub.c (props changed)
stable/8/sys/dev/usb/usb_hub.h (props changed)
stable/8/sys/dev/usb/usb_if.m (props changed)
stable/8/sys/dev/usb/usb_ioctl.h (props changed)
stable/8/sys/dev/usb/usb_lookup.c (props changed)
stable/8/sys/dev/usb/usb_mbuf.c (props changed)
stable/8/sys/dev/usb/usb_mbuf.h (props changed)
stable/8/sys/dev/usb/usb_msctest.c (props changed)
stable/8/sys/dev/usb/usb_msctest.h (props changed)
stable/8/sys/dev/usb/usb_parse.c (props changed)
stable/8/sys/dev/usb/usb_pci.h (props changed)
stable/8/sys/dev/usb/usb_process.c (props changed)
stable/8/sys/dev/usb/usb_process.h (props changed)
stable/8/sys/dev/usb/usb_request.c (props changed)
stable/8/sys/dev/usb/usb_request.h (props changed)
stable/8/sys/dev/usb/usb_transfer.c (props changed)
stable/8/sys/dev/usb/usb_transfer.h (props changed)
stable/8/sys/dev/usb/usb_util.c (props changed)
stable/8/sys/dev/usb/usb_util.h (props changed)
stable/8/sys/dev/usb/usbdevs (props changed)
stable/8/sys/dev/usb/usbhid.h (props changed)
stable/8/sys/dev/usb/wlan/if_rum.c (props changed)
stable/8/sys/dev/usb/wlan/if_rumfw.h (props changed)
stable/8/sys/dev/usb/wlan/if_rumreg.h (props changed)
stable/8/sys/dev/usb/wlan/if_rumvar.h (props changed)
stable/8/sys/dev/usb/wlan/if_ural.c (props changed)
stable/8/sys/dev/usb/wlan/if_uralreg.h (props changed)
stable/8/sys/dev/usb/wlan/if_uralvar.h (props changed)
stable/8/sys/dev/usb/wlan/if_zyd.c (props changed)
stable/8/sys/dev/usb/wlan/if_zydfw.h (props changed)
stable/8/sys/dev/usb/wlan/if_zydreg.h (props changed)
stable/8/sys/dev/xen/netfront/ (props changed)
stable/8/sys/dev/xen/xenpci/ (props changed)
stable/8/sys/kern/kern_jail.c
stable/8/sys/kern/kern_sysctl.c
stable/8/sys/modules/dtrace/dtnfsclient/ (props changed)
stable/8/sys/modules/ip6_mroute_mod/ (props changed)
stable/8/sys/modules/ipmi/ipmi_linux/ (props changed)
stable/8/sys/net/vnet.h
stable/8/sys/netgraph/bluetooth/drivers/ubt/ng_ubt.c (props changed)
stable/8/sys/netgraph/bluetooth/drivers/ubt/ng_ubt_var.h (props changed)
stable/8/sys/netgraph/bluetooth/drivers/ubtbcmfw/ubtbcmfw.c (props changed)
stable/8/sys/netinet/ipfw/ip_dummynet.c (props changed)
stable/8/sys/netinet/ipfw/ip_fw2.c (props changed)
stable/8/sys/netinet/ipfw/ip_fw_nat.c (props changed)
stable/8/sys/netinet/ipfw/ip_fw_pfil.c (props changed)
stable/8/sys/netipx/spx_reass.c (props changed)
stable/8/sys/sys/jail.h
stable/8/sys/sys/sysctl.h
stable/8/sys/xen/evtchn.h (props changed)
stable/8/sys/xen/hypervisor.h (props changed)
stable/8/sys/xen/xen_intr.h (props changed)
Modified: stable/8/sys/kern/kern_jail.c
==============================================================================
--- stable/8/sys/kern/kern_jail.c Thu Aug 13 10:27:22 2009 (r196177)
+++ stable/8/sys/kern/kern_jail.c Thu Aug 13 10:31:02 2009 (r196178)
@@ -88,7 +88,11 @@ struct prison prison0 = {
.pr_childmax = JAIL_MAX,
.pr_hostuuid = DEFAULT_HOSTUUID,
.pr_children = LIST_HEAD_INITIALIZER(&prison0.pr_children),
+#ifdef VIMAGE
+ .pr_flags = PR_HOST|PR_VNET,
+#else
.pr_flags = PR_HOST,
+#endif
.pr_allow = PR_ALLOW_ALL,
};
MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
@@ -3308,6 +3312,25 @@ getcredhostid(struct ucred *cred, unsign
mtx_unlock(&cred->cr_prison->pr_mtx);
}
+#ifdef VIMAGE
+/*
+ * Determine whether the prison represented by cred owns
+ * its vnet rather than having it inherited.
+ *
+ * Returns 1 in case the prison owns the vnet, 0 otherwise.
+ */
+int
+prison_owns_vnet(struct ucred *cred)
+{
+
+ /*
+ * vnets cannot be added/removed after jail creation,
+ * so no need to lock here.
+ */
+ return (cred->cr_prison->pr_flags & PR_VNET ? 1 : 0);
+}
+#endif
+
/*
* Determine whether the subject represented by cred can "see"
* status of a mount point.
Modified: stable/8/sys/kern/kern_sysctl.c
==============================================================================
--- stable/8/sys/kern/kern_sysctl.c Thu Aug 13 10:27:22 2009 (r196177)
+++ stable/8/sys/kern/kern_sysctl.c Thu Aug 13 10:31:02 2009 (r196178)
@@ -1381,10 +1381,18 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
/* Is this sysctl writable by only privileged users? */
if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
+ int priv;
+
if (oid->oid_kind & CTLFLAG_PRISON)
- error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
+ priv = PRIV_SYSCTL_WRITEJAIL;
+#ifdef VIMAGE
+ else if ((oid->oid_kind & CTLFLAG_VNET) &&
+ prison_owns_vnet(req->td->td_ucred))
+ priv = PRIV_SYSCTL_WRITEJAIL;
+#endif
else
- error = priv_check(req->td, PRIV_SYSCTL_WRITE);
+ priv = PRIV_SYSCTL_WRITE;
+ error = priv_check(req->td, priv);
if (error)
return (error);
}
Modified: stable/8/sys/net/vnet.h
==============================================================================
--- stable/8/sys/net/vnet.h Thu Aug 13 10:27:22 2009 (r196177)
+++ stable/8/sys/net/vnet.h Thu Aug 13 10:31:02 2009 (r196178)
@@ -232,21 +232,25 @@ int vnet_sysctl_handle_string(SYSCTL_HAN
int vnet_sysctl_handle_uint(SYSCTL_HANDLER_ARGS);
#define SYSCTL_VNET_INT(parent, nbr, name, access, ptr, val, descr) \
- SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|CTLFLAG_MPSAFE|(access), \
+ SYSCTL_OID(parent, nbr, name, \
+ CTLTYPE_INT|CTLFLAG_MPSAFE|CTLFLAG_VNET|(access), \
ptr, val, vnet_sysctl_handle_int, "I", descr)
#define SYSCTL_VNET_PROC(parent, nbr, name, access, ptr, arg, handler, \
fmt, descr) \
- SYSCTL_OID(parent, nbr, name, access, ptr, arg, handler, fmt, \
- descr)
+ SYSCTL_OID(parent, nbr, name, CTLFLAG_VNET|(access), ptr, arg, \
+ handler, fmt, descr)
#define SYSCTL_VNET_STRING(parent, nbr, name, access, arg, len, descr) \
- SYSCTL_OID(parent, nbr, name, CTLTYPE_STRING|(access), arg, \
- len, vnet_sysctl_handle_string, "A", descr)
+ SYSCTL_OID(parent, nbr, name, \
+ CTLTYPE_STRING|CTLFLAG_VNET|(access), \
+ arg, len, vnet_sysctl_handle_string, "A", descr)
#define SYSCTL_VNET_STRUCT(parent, nbr, name, access, ptr, type, descr) \
- SYSCTL_OID(parent, nbr, name, CTLTYPE_OPAQUE|(access), ptr, \
+ SYSCTL_OID(parent, nbr, name, \
+ CTLTYPE_OPAQUE|CTLFLAG_VNET|(access), ptr, \
sizeof(struct type), vnet_sysctl_handle_opaque, "S," #type, \
descr)
#define SYSCTL_VNET_UINT(parent, nbr, name, access, ptr, val, descr) \
- SYSCTL_OID(parent, nbr, name, CTLTYPE_UINT|CTLFLAG_MPSAFE|(access), \
+ SYSCTL_OID(parent, nbr, name, \
+ CTLTYPE_UINT|CTLFLAG_MPSAFE|CTLFLAG_VNET|(access), \
ptr, val, vnet_sysctl_handle_uint, "IU", descr)
#define VNET_SYSCTL_ARG(req, arg1) do { \
if (arg1 != NULL) \
Modified: stable/8/sys/sys/jail.h
==============================================================================
--- stable/8/sys/sys/jail.h Thu Aug 13 10:27:22 2009 (r196177)
+++ stable/8/sys/sys/jail.h Thu Aug 13 10:31:02 2009 (r196178)
@@ -341,6 +341,7 @@ void getcredhostuuid(struct ucred *, cha
void getcredhostid(struct ucred *, unsigned long *);
int prison_allow(struct ucred *, unsigned);
int prison_check(struct ucred *cred1, struct ucred *cred2);
+int prison_owns_vnet(struct ucred *);
int prison_canseemount(struct ucred *cred, struct mount *mp);
void prison_enforce_statfs(struct ucred *cred, struct mount *mp,
struct statfs *sp);
Modified: stable/8/sys/sys/sysctl.h
==============================================================================
--- stable/8/sys/sys/sysctl.h Thu Aug 13 10:27:22 2009 (r196177)
+++ stable/8/sys/sys/sysctl.h Thu Aug 13 10:31:02 2009 (r196178)
@@ -85,6 +85,7 @@ struct ctlname {
#define CTLMASK_SECURE 0x00F00000 /* Secure level */
#define CTLFLAG_TUN 0x00080000 /* Tunable variable */
#define CTLFLAG_MPSAFE 0x00040000 /* Handler is MP safe */
+#define CTLFLAG_VNET 0x00020000 /* Prisons with vnet can fiddle */
#define CTLFLAG_RDTUN (CTLFLAG_RD|CTLFLAG_TUN)
/*
More information about the svn-src-stable-8
mailing list