svn commit: r368676 - head/usr.sbin/jls
Author: jamie Date: Tue Dec 15 20:56:35 2020 New Revision: 368676 URL: https://svnweb.freebsd.org/changeset/base/368676 Log: Bugfix to not hide jailparam flags, which for example changes the output "vnet=2" to the less opaque "vnet=inherit" Reported by: kevans MFC after:5 days Modified: head/usr.sbin/jls/jls.c Modified: head/usr.sbin/jls/jls.c == --- head/usr.sbin/jls/jls.c Tue Dec 15 20:02:40 2020(r368675) +++ head/usr.sbin/jls/jls.c Tue Dec 15 20:56:35 2020(r368676) @@ -323,7 +323,7 @@ add_param(const char *name, void *value, size_t valuel } xo_errx(1, "%s", jail_errmsg); } - param->jp_flags = flags; + param->jp_flags |= flags; return param - params; } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364970 - head/sys/sys
Author: jamie Date: Sat Aug 29 22:24:41 2020 New Revision: 364970 URL: https://svnweb.freebsd.org/changeset/base/364970 Log: Add __BEGIN_DECLS to jail.h to keep C++ happy. PR: 238928 Reported by: yuri@ Modified: head/sys/sys/jail.h Modified: head/sys/sys/jail.h == --- head/sys/sys/jail.h Sat Aug 29 22:09:36 2020(r364969) +++ head/sys/sys/jail.h Sat Aug 29 22:24:41 2020(r364970) @@ -110,11 +110,13 @@ struct xprison { struct iovec; +__BEGIN_DECLS int jail(struct jail *); int jail_set(struct iovec *, unsigned int, int); int jail_get(struct iovec *, unsigned int, int); int jail_attach(int); int jail_remove(int); +__END_DECLS #else /* _KERNEL */ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364874 - head/usr.sbin/jail
Author: jamie Date: Thu Aug 27 17:04:55 2020 New Revision: 364874 URL: https://svnweb.freebsd.org/changeset/base/364874 Log: Disregard jails in jail.conf that have bad parameters (parameter/variable clash, or redefining name/jid). The current behvaior, of merely warning and moving on, can lead to unexpected behavior when a jail is created without the offending parameter defined at all. Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Thu Aug 27 16:36:07 2020(r364873) +++ head/usr.sbin/jail/config.c Thu Aug 27 17:04:55 2020(r364874) @@ -369,11 +369,13 @@ add_param(struct cfjail *j, const struct cfparam *p, e if ((flags ^ dp->flags) & PF_VAR) { jail_warnx(j, "variable \"$%s\" cannot have the same " "name as a parameter.", name); + j->flags |= JF_FAILED; return; } if (dp->flags & PF_IMMUTABLE) { jail_warnx(j, "cannot redefine parameter \"%s\".", dp->name); + j->flags |= JF_FAILED; return; } if (strcmp(dp->name, name)) { @@ -405,6 +407,7 @@ add_param(struct cfjail *j, const struct cfparam *p, e "cannot have the same " "name as a parameter.", name); + j->flags |= JF_FAILED; return; } j->intparams[ipnum] = np; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364850 - head/usr.sbin/jail
Author: jamie Date: Thu Aug 27 00:17:17 2020 New Revision: 364850 URL: https://svnweb.freebsd.org/changeset/base/364850 Log: Don't allow jail.conf variables to have the same names as jail parameters. It was already not allowed in many cases, but crashed instead of giving an error. PR: 248444 Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Wed Aug 26 23:41:46 2020(r364849) +++ head/usr.sbin/jail/config.c Thu Aug 27 00:17:17 2020(r364850) @@ -366,8 +366,13 @@ add_param(struct cfjail *j, const struct cfparam *p, e break; if (dp != NULL) { /* Found it - append or replace. */ + if ((flags ^ dp->flags) & PF_VAR) { + jail_warnx(j, "variable \"$%s\" cannot have the same " + "name as a parameter.", name); + return; + } if (dp->flags & PF_IMMUTABLE) { - jail_warnx(j, "cannot redefine variable \"%s\".", + jail_warnx(j, "cannot redefine parameter \"%s\".", dp->name); return; } @@ -394,6 +399,14 @@ add_param(struct cfjail *j, const struct cfparam *p, e for (ipnum = IP__NULL + 1; ipnum < IP_NPARAM; ipnum++) if (!(intparams[ipnum].flags & PF_CONV) && equalopts(name, intparams[ipnum].name)) { + if (flags & PF_VAR) { + jail_warnx(j, + "variable \"$%s\" " + "cannot have the same " + "name as a parameter.", + name); + return; + } j->intparams[ipnum] = np; np->flags |= intparams[ipnum].flags; break; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364828 - head/usr.sbin/jail
Author: jamie Date: Wed Aug 26 18:35:32 2020 New Revision: 364828 URL: https://svnweb.freebsd.org/changeset/base/364828 Log: Back out r364791 to unbreak jails. Lesson learned: "compile and test" means running the test on the same executable that you just compiled. PR: 248444 Pointy hat to:jamie Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Wed Aug 26 17:52:32 2020(r364827) +++ head/usr.sbin/jail/config.c Wed Aug 26 18:35:32 2020(r364828) @@ -393,8 +393,7 @@ add_param(struct cfjail *j, const struct cfparam *p, e else for (ipnum = IP__NULL + 1; ipnum < IP_NPARAM; ipnum++) if (!(intparams[ipnum].flags & PF_CONV) && - equalopts(name, intparams[ipnum].name) && - !(p->flags & PF_VAR)) { + equalopts(name, intparams[ipnum].name)) { j->intparams[ipnum] = np; np->flags |= intparams[ipnum].flags; break; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r364791 - head/usr.sbin/jail
Author: jamie Date: Wed Aug 26 00:42:59 2020 New Revision: 364791 URL: https://svnweb.freebsd.org/changeset/base/364791 Log: Handle jail.conf variables that have the same names as parameters. PR: 248444 Submitted by: Akos Somfai Reported by: Markus Stoff Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Wed Aug 26 00:31:59 2020(r364790) +++ head/usr.sbin/jail/config.c Wed Aug 26 00:42:59 2020(r364791) @@ -393,7 +393,8 @@ add_param(struct cfjail *j, const struct cfparam *p, e else for (ipnum = IP__NULL + 1; ipnum < IP_NPARAM; ipnum++) if (!(intparams[ipnum].flags & PF_CONV) && - equalopts(name, intparams[ipnum].name)) { + equalopts(name, intparams[ipnum].name) && + !(p->flags & PF_VAR)) { j->intparams[ipnum] = np; np->flags |= intparams[ipnum].flags; break; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r341084 - in head: sys/kern sys/sys usr.sbin/jail
Author: jamie Date: Tue Nov 27 17:51:50 2018 New Revision: 341084 URL: https://svnweb.freebsd.org/changeset/base/341084 Log: In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl node is set, allow setting security.bsd.unprivileged_proc_debug per-jail. In part, this is needed to create jails in which the Address Sanitizer (ASAN) fully works as ASAN utilizes libkvm to inspect the virtual address space. Instead of having to allow unprivileged process debugging for the entire system, allow setting it on a per-jail basis. The sysctl node is still security.bsd.unprivileged_proc_debug and the jail(8) param is allow.unprivileged_proc_debug. The sysctl code is now a sysctl proc rather than a sysctl int. This allows us to determine setting the flag for the corresponding jail (or prison0). As part of the change, the dynamic allow.* API needed to be modified to take into account pr_allow flags which may now be disabled in prison0. This prevents conflicts with new pr_allow flags (like that of vmm(4)) that are added (and removed) dynamically. Also teach the jail creation KPI to allow differences for certain pr_allow flags between the parent and child jail. This can happen when unprivileged process debugging is disabled in the parent prison, but enabled in the child. Submitted by: Shawn Webb Obtained from:HardenedBSD (45b3625edba0f73b3e3890b1ec3d0d1e95fd47e1, deba0b5078cef0faae43cbdafed3035b16587afc, ab21eeb3b4c72f2500987c96ff603ccf3b6e7de8) Relnotes: yes Sponsored by: HardenedBSD and G2, Inc Differential Revision:https://reviews.freebsd.org/D18319 Modified: head/sys/kern/kern_jail.c head/sys/kern/kern_priv.c head/sys/kern/kern_prot.c head/sys/sys/jail.h head/usr.sbin/jail/jail.8 Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Tue Nov 27 17:10:00 2018(r341083) +++ head/sys/kern/kern_jail.c Tue Nov 27 17:51:50 2018(r341084) @@ -194,10 +194,14 @@ static struct bool_flags pr_flag_allow[NBBY * NBPW] = {"allow.reserved_ports", "allow.noreserved_ports", PR_ALLOW_RESERVED_PORTS}, {"allow.read_msgbuf", "allow.noread_msgbuf", PR_ALLOW_READ_MSGBUF}, + {"allow.unprivileged_proc_debug", "allow.nounprivileged_proc_debug", +PR_ALLOW_UNPRIV_DEBUG}, }; const size_t pr_flag_allow_size = sizeof(pr_flag_allow); -#defineJAIL_DEFAULT_ALLOW (PR_ALLOW_SET_HOSTNAME | PR_ALLOW_RESERVED_PORTS) +#defineJAIL_DEFAULT_ALLOW (PR_ALLOW_SET_HOSTNAME | \ +PR_ALLOW_RESERVED_PORTS | \ +PR_ALLOW_UNPRIV_DEBUG) #defineJAIL_DEFAULT_ENFORCE_STATFS 2 #defineJAIL_DEFAULT_DEVFS_RSNUM0 static unsigned jail_default_allow = JAIL_DEFAULT_ALLOW; @@ -498,6 +502,7 @@ kern_jail_set(struct thread *td, struct uio *optuio, i int ip6s, redo_ip6; #endif uint64_t pr_allow, ch_allow, pr_flags, ch_flags; + uint64_t pr_allow_diff; unsigned tallow; char numbuf[12]; @@ -1530,7 +1535,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, i } } } - if (pr_allow & ~ppr->pr_allow) { + pr_allow_diff = pr_allow & ~ppr->pr_allow; + if (pr_allow_diff & ~PR_ALLOW_DIFFERENCES) { error = EPERM; goto done_deref_locked; } @@ -3783,6 +3789,8 @@ SYSCTL_JAIL_PARAM(_allow, reserved_ports, CTLTYPE_INT "B", "Jail may bind sockets to reserved ports"); SYSCTL_JAIL_PARAM(_allow, read_msgbuf, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may read the kernel message buffer"); +SYSCTL_JAIL_PARAM(_allow, unprivileged_proc_debug, CTLTYPE_INT | CTLFLAG_RW, +"B", "Unprivileged processes may use process debugging facilities"); SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags"); SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, @@ -3834,10 +3842,16 @@ prison_add_allow(const char *prefix, const char *name, * Find a free bit in prison0's pr_allow, failing if there are none * (which shouldn't happen as long as we keep track of how many * potential dynamic flags exist). +* +* Due to per-jail unprivileged process debugging support +* using pr_allow, also verify against PR_ALLOW_ALL_STATIC. +* prison0 may have unprivileged process debugging unset. */ for (allow_flag = 1;; allow_flag <<= 1) { if (allow_flag == 0) goto no_add; + if (allow_flag & PR_ALLOW_ALL_STATIC) + continue; if ((prison0.pr_allow & allow_flag) == 0) break; } Modified: head/sys/kern/kern_priv.c
svn commit: r339420 - in head: sys/kern usr.sbin/jail
Author: jamie Date: Thu Oct 18 15:02:57 2018 New Revision: 339420 URL: https://svnweb.freebsd.org/changeset/base/339420 Log: Fix typos from r339409. Reported by: maxim Approved by: re (gjb) Modified: head/sys/kern/kern_jail.c head/usr.sbin/jail/jail.8 Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Thu Oct 18 14:20:15 2018(r339419) +++ head/sys/kern/kern_jail.c Thu Oct 18 15:02:57 2018(r339420) @@ -3352,7 +3352,7 @@ prison_priv_check(struct ucred *cred, int priv) return (0); /* -* Do not allow a process inside a jail read the kernel +* Do not allow a process inside a jail to read the kernel * message buffer unless explicitly permitted. */ case PRIV_MSGBUF: Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Thu Oct 18 14:20:15 2018(r339419) +++ head/usr.sbin/jail/jail.8 Thu Oct 18 15:02:57 2018(r339420) @@ -553,7 +553,7 @@ with non-jailed parts of the system. Jailed users may read the kernel message buffer. If the .Va security.bsd.unprivileged_read_msgbuf -MIB entry is zero, this will be restricted to to root user. +MIB entry is zero, this will be restricted to the root user. .It Va allow.socket_af Sockets within a jail are normally restricted to IPv4, IPv6, local (UNIX), and route. This allows access to other protocol stacks that ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r339409 - in head: sys/kern sys/sys usr.sbin/jail
Author: jamie Date: Wed Oct 17 16:11:43 2018 New Revision: 339409 URL: https://svnweb.freebsd.org/changeset/base/339409 Log: Add a new jail permission, allow.read_msgbuf. When true, jailed processes can see the dmesg buffer (this is the current behavior). When false (the new default), dmesg will be unavailable to jailed users, whether root or not. The security.bsd.unprivileged_read_msgbuf sysctl still works as before, controlling system-wide whether non-root users can see the buffer. PR: 211580 Submitted by: bz Approved by: re@ (kib@) MFC after:3 days Modified: head/sys/kern/kern_jail.c head/sys/kern/kern_priv.c head/sys/kern/subr_prf.c head/sys/sys/jail.h head/usr.sbin/jail/jail.8 Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Wed Oct 17 14:51:43 2018(r339408) +++ head/sys/kern/kern_jail.c Wed Oct 17 16:11:43 2018(r339409) @@ -193,6 +193,7 @@ static struct bool_flags pr_flag_allow[NBBY * NBPW] = {"allow.mlock", "allow.nomlock", PR_ALLOW_MLOCK}, {"allow.reserved_ports", "allow.noreserved_ports", PR_ALLOW_RESERVED_PORTS}, + {"allow.read_msgbuf", "allow.noread_msgbuf", PR_ALLOW_READ_MSGBUF}, }; const size_t pr_flag_allow_size = sizeof(pr_flag_allow); @@ -3350,6 +3351,15 @@ prison_priv_check(struct ucred *cred, int priv) case PRIV_PROC_SETLOGINCLASS: return (0); + /* +* Do not allow a process inside a jail read the kernel +* message buffer unless explicitly permitted. +*/ + case PRIV_MSGBUF: + if (cred->cr_prison->pr_allow & PR_ALLOW_READ_MSGBUF) + return (0); + return (EPERM); + default: /* * In all remaining cases, deny the privilege request. This @@ -3770,6 +3780,8 @@ SYSCTL_JAIL_PARAM(_allow, mlock, CTLTYPE_INT | CTLFLAG "B", "Jail may lock (unlock) physical pages in memory"); SYSCTL_JAIL_PARAM(_allow, reserved_ports, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may bind sockets to reserved ports"); +SYSCTL_JAIL_PARAM(_allow, read_msgbuf, CTLTYPE_INT | CTLFLAG_RW, +"B", "Jail may read the kernel message buffer"); SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags"); SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, Modified: head/sys/kern/kern_priv.c == --- head/sys/kern/kern_priv.c Wed Oct 17 14:51:43 2018(r339408) +++ head/sys/kern/kern_priv.c Wed Oct 17 16:11:43 2018(r339409) @@ -62,6 +62,11 @@ static int unprivileged_mlock = 1; SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_mlock, CTLFLAG_RWTUN, _mlock, 0, "Allow non-root users to call mlock(2)"); +static int unprivileged_read_msgbuf = 1; +SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf, +CTLFLAG_RW, _read_msgbuf, 0, +"Unprivileged processes may read the kernel message buffer"); + SDT_PROVIDER_DEFINE(priv); SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__ok, "int"); SDT_PROBE_DEFINE1(priv, kernel, priv_check, priv__err, "int"); @@ -104,6 +109,17 @@ priv_check_cred(struct ucred *cred, int priv, int flag switch (priv) { case PRIV_VM_MLOCK: case PRIV_VM_MUNLOCK: + error = 0; + goto out; + } + } + + if (unprivileged_read_msgbuf) { + /* +* Allow an unprivileged user to read the kernel message +* buffer. +*/ + if (priv == PRIV_MSGBUF) { error = 0; goto out; } Modified: head/sys/kern/subr_prf.c == --- head/sys/kern/subr_prf.cWed Oct 17 14:51:43 2018(r339408) +++ head/sys/kern/subr_prf.cWed Oct 17 16:11:43 2018(r339409) @@ -1053,11 +1053,6 @@ msgbufinit(void *ptr, int size) oldp = msgbufp; } -static int unprivileged_read_msgbuf = 1; -SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_read_msgbuf, -CTLFLAG_RW, _read_msgbuf, 0, -"Unprivileged processes may read the kernel message buffer"); - /* Sysctls for accessing/clearing the msgbuf */ static int sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS) @@ -1066,11 +1061,9 @@ sysctl_kern_msgbuf(SYSCTL_HANDLER_ARGS) u_int seq; int error, len; - if (!unprivileged_read_msgbuf) { - error = priv_check(req->td, PRIV_MSGBUF); - if (error) - return (error); - } + error = priv_check(req->td, PRIV_MSGBUF); + if (error) + return (error); /* Read the whole buffer, one chunk at a
svn commit: r339211 - head/sys/kern
Author: jamie Date: Sat Oct 6 02:10:32 2018 New Revision: 339211 URL: https://svnweb.freebsd.org/changeset/base/339211 Log: Fix the test prohibiting jails from sharing IP addresses. It's not supposed to be legal for two jails to contain the same IP address, unless both jails contain only that one address. This is the behavior documented in jail(8), and is there to prevent confusion when multiple jails are listening on IADDR_ANY. VIMAGE jails (now the default for GENERIC kernels) test this correctly, but non-VIMAGE jails have been performing an incomplete test when nested jails are used. Approved by: re@ (kib@) MFC after:5 days Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Fri Oct 5 21:10:03 2018(r339210) +++ head/sys/kern/kern_jail.c Sat Oct 6 02:10:32 2018(r339211) @@ -1393,11 +1393,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i * there is a duplicate on a jail with more than one * IP stop checking and return error. */ - tppr = ppr; #ifdef VIMAGE - for (; tppr != tppr = tppr->pr_parent) + for (tppr = ppr; tppr != tppr = tppr->pr_parent) if (tppr->pr_flags & PR_VNET) break; +#else + tppr = #endif FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) { if (tpr == pr || @@ -1460,11 +1461,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i } } /* Check for conflicting IP addresses. */ - tppr = ppr; #ifdef VIMAGE - for (; tppr != tppr = tppr->pr_parent) + for (tppr = ppr; tppr != tppr = tppr->pr_parent) if (tppr->pr_flags & PR_VNET) break; +#else + tppr = #endif FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) { if (tpr == pr || ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r337925 - in head: lib/libc/sys sys/compat/freebsd32 sys/kern sys/sys
Author: jamie Date: Thu Aug 16 19:09:43 2018 New Revision: 337925 URL: https://svnweb.freebsd.org/changeset/base/337925 Log: Revert r337922, except for some documention-only bits. This needs to wait until user is changed to stop using jail(2). Differential Revision:D14791 Modified: head/lib/libc/sys/jail.2 head/sys/compat/freebsd32/freebsd32_misc.c head/sys/compat/freebsd32/freebsd32_proto.h head/sys/compat/freebsd32/freebsd32_syscall.h head/sys/compat/freebsd32/freebsd32_syscalls.c head/sys/compat/freebsd32/freebsd32_sysent.c head/sys/compat/freebsd32/freebsd32_systrace_args.c head/sys/compat/freebsd32/syscalls.master head/sys/kern/init_sysent.c head/sys/kern/kern_jail.c head/sys/kern/syscalls.c head/sys/kern/syscalls.master head/sys/kern/systrace_args.c head/sys/sys/jail.h head/sys/sys/syscall.h head/sys/sys/syscall.mk head/sys/sys/syscallsubr.h head/sys/sys/sysproto.h Modified: head/lib/libc/sys/jail.2 == --- head/lib/libc/sys/jail.2Thu Aug 16 18:58:34 2018(r337924) +++ head/lib/libc/sys/jail.2Thu Aug 16 19:09:43 2018(r337925) @@ -25,10 +25,11 @@ .\" .\" $FreeBSD$ .\" -.Dd August 16, 2018 +.Dd February 8, 2012 .Dt JAIL 2 .Os .Sh NAME +.Nm jail , .Nm jail_get , .Nm jail_set , .Nm jail_remove , @@ -40,6 +41,8 @@ .In sys/param.h .In sys/jail.h .Ft int +.Fn jail "struct jail *jail" +.Ft int .Fn jail_attach "int jid" .Ft int .Fn jail_remove "int jid" @@ -50,7 +53,74 @@ .Fn jail_set "struct iovec *iov" "u_int niov" "int flags" .Sh DESCRIPTION The +.Fn jail +system call sets up a jail and locks the current process in it. +.Pp +The argument is a pointer to a structure describing the prison: +.Bd -literal -offset indent +struct jail { + uint32_tversion; + char*path; + char*hostname; + char*jailname; + unsigned intip4s; + unsigned intip6s; + struct in_addr *ip4; + struct in6_addr *ip6; +}; +.Ed +.Pp +.Dq Li version +defines the version of the API in use. +.Dv JAIL_API_VERSION +is defined for the current version. +.Pp +The +.Dq Li path +pointer should be set to the directory which is to be the root of the +prison. +.Pp +The +.Dq Li hostname +pointer can be set to the hostname of the prison. +This can be changed +from the inside of the prison. +.Pp +The +.Dq Li jailname +pointer is an optional name that can be assigned to the jail +for example for management purposes. +.Pp +The +.Dq Li ip4s +and +.Dq Li ip6s +give the numbers of IPv4 and IPv6 addresses that will be passed +via their respective pointers. +.Pp +The +.Dq Li ip4 +and +.Dq Li ip6 +pointers can be set to an arrays of IPv4 and IPv6 addresses to be assigned to +the prison, or NULL if none. +IPv4 addresses must be in network byte order. +.Pp +This is equivalent to, and deprecated in favor of, the .Fn jail_set +system call (see below), with the parameters +.Va path , +.Va host.hostname , +.Va name , +.Va ip4.addr , +and +.Va ip6.addr , +and with the +.Dv JAIL_ATTACH +flag. +.Pp +The +.Fn jail_set system call creates a new jail, or modifies an existing one, and optionally locks the current process in it. Jail parameters are passed as an array of name-value pairs in the array @@ -76,19 +146,13 @@ The current set of available parameters, and their for retrieved via the .Va security.jail.param sysctl MIB entry. -Notable parameters include +Notable parameters include those mentioned in the +.Fn jail +description above, as well as .Va jid and -.Va name -which identify the jail being created or modified, -.Va path -(the root directory of the jail), -.Va host.hostname -(the hostname of the jail), and -.Va ip4.addr -and -.Va ip6.addr -(IP addresses to assign to the jail). +.Va name , +which identify the jail being created or modified. See .Xr jail 8 for more information on the core jail parameters. @@ -173,7 +237,8 @@ It will kill all processes belonging to the jail, and of that jail. .Sh RETURN VALUES If successful, -.Fn jail_set +.Fn jail , +.Fn jail_set , and .Fn jail_get return a non-negative integer, termed the jail identifier (JID). @@ -184,6 +249,25 @@ to indicate the error. .Rv -std jail_attach jail_remove .Sh ERRORS The +.Fn jail +system call +will fail if: +.Bl -tag -width Er +.It Bq Er EPERM +This process is not allowed to create a jail, either because it is not +the super-user, or because it would exceed the jail's +.Va children.max +limit. +.It Bq Er EFAULT +.Fa jail +points to an address outside the allocated address space of the process. +.It Bq Er EINVAL +The version number of the argument is not correct. +.It Bq Er EAGAIN +No free JID could be found. +.El +.Pp +The .Fn jail_set system call will fail if: @@ -287,7 +371,8 @@ does not exist. .El .Pp Further -.Fn jail_set +.Fn jail , +.Fn jail_set , and .Fn jail_attach call @@ -301,7 +386,7 @@ manual
svn commit: r337922 - in head: lib/libc/gen lib/libc/sys share/man/man9 sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/compat/freebsd32 sys/fs/nandfs sys/kern sys/sys sys/ufs/ufs
Author: jamie Date: Thu Aug 16 18:40:16 2018 New Revision: 337922 URL: https://svnweb.freebsd.org/changeset/base/337922 Log: Put jail(2) under COMPAT_FREEBSD11. It has been the "old" way of creating jails since FreeBSD 7. Along with the system call, put the various security.jail.allow_foo and security.jail.foo_allowed sysctls partly under COMPAT_FREEBSD11 (or BURN_BRIDGES). These sysctls had two disparate uses: on the system side, they were global permissions for jails created via jail(2) which lacked fine-grained permission controls; inside a jail, they're read-only descriptions of what the current jail is allowed to do. The first use is obsolete along with jail(2), but keep them for the second-read-only use. Differential Revision:D14791 Modified: head/lib/libc/gen/getvfsbyname.3 head/lib/libc/sys/jail.2 head/share/man/man9/VFS_SET.9 head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c head/sys/compat/freebsd32/freebsd32_misc.c head/sys/compat/freebsd32/freebsd32_proto.h head/sys/compat/freebsd32/freebsd32_syscall.h head/sys/compat/freebsd32/freebsd32_syscalls.c head/sys/compat/freebsd32/freebsd32_sysent.c head/sys/compat/freebsd32/freebsd32_systrace_args.c head/sys/compat/freebsd32/syscalls.master head/sys/fs/nandfs/nandfs_vnops.c head/sys/kern/init_sysent.c head/sys/kern/kern_jail.c head/sys/kern/syscalls.c head/sys/kern/syscalls.master head/sys/kern/systrace_args.c head/sys/sys/jail.h head/sys/sys/syscall.h head/sys/sys/syscall.mk head/sys/sys/syscallsubr.h head/sys/sys/sysproto.h head/sys/ufs/ufs/ufs_vnops.c Modified: head/lib/libc/gen/getvfsbyname.3 == --- head/lib/libc/gen/getvfsbyname.3Thu Aug 16 18:37:47 2018 (r337921) +++ head/lib/libc/gen/getvfsbyname.3Thu Aug 16 18:40:16 2018 (r337922) @@ -28,7 +28,7 @@ .\" @(#)kvm_getvfsbyname.3 8.3 (Berkeley) 5/4/95 .\" $FreeBSD$ .\" -.Dd August 30, 2016 +.Dd August 16, 2018 .Dt GETVFSBYNAME 3 .Os .Sh NAME @@ -83,9 +83,10 @@ aliases some other mounted FS stores file names as Unicode .It Dv VFCF_JAIL can be mounted from within a jail if -.Va security.jail.mount_allowed -sysctl is set to -.Dv 1 +.Va allow.mount +and +.Va allow.mount. +jail parameters are set .It Dv VFCF_DELEGADMIN supports delegated administration if .Va vfs.usermount Modified: head/lib/libc/sys/jail.2 == --- head/lib/libc/sys/jail.2Thu Aug 16 18:37:47 2018(r337921) +++ head/lib/libc/sys/jail.2Thu Aug 16 18:40:16 2018(r337922) @@ -25,11 +25,10 @@ .\" .\" $FreeBSD$ .\" -.Dd February 8, 2012 +.Dd August 16, 2018 .Dt JAIL 2 .Os .Sh NAME -.Nm jail , .Nm jail_get , .Nm jail_set , .Nm jail_remove , @@ -41,8 +40,6 @@ .In sys/param.h .In sys/jail.h .Ft int -.Fn jail "struct jail *jail" -.Ft int .Fn jail_attach "int jid" .Ft int .Fn jail_remove "int jid" @@ -53,74 +50,7 @@ .Fn jail_set "struct iovec *iov" "u_int niov" "int flags" .Sh DESCRIPTION The -.Fn jail -system call sets up a jail and locks the current process in it. -.Pp -The argument is a pointer to a structure describing the prison: -.Bd -literal -offset indent -struct jail { - uint32_tversion; - char*path; - char*hostname; - char*jailname; - unsigned intip4s; - unsigned intip6s; - struct in_addr *ip4; - struct in6_addr *ip6; -}; -.Ed -.Pp -.Dq Li version -defines the version of the API in use. -.Dv JAIL_API_VERSION -is defined for the current version. -.Pp -The -.Dq Li path -pointer should be set to the directory which is to be the root of the -prison. -.Pp -The -.Dq Li hostname -pointer can be set to the hostname of the prison. -This can be changed -from the inside of the prison. -.Pp -The -.Dq Li jailname -pointer is an optional name that can be assigned to the jail -for example for management purposes. -.Pp -The -.Dq Li ip4s -and -.Dq Li ip6s -give the numbers of IPv4 and IPv6 addresses that will be passed -via their respective pointers. -.Pp -The -.Dq Li ip4 -and -.Dq Li ip6 -pointers can be set to an arrays of IPv4 and IPv6 addresses to be assigned to -the prison, or NULL if none. -IPv4 addresses must be in network byte order. -.Pp -This is equivalent to, and deprecated in favor of, the .Fn jail_set -system call (see below), with the parameters -.Va path , -.Va host.hostname , -.Va name , -.Va ip4.addr , -and -.Va ip6.addr , -and with the -.Dv JAIL_ATTACH -flag. -.Pp -The -.Fn jail_set system call creates a new jail, or modifies an existing one, and optionally locks the current process in it. Jail parameters are passed as an array of name-value pairs in the array @@ -146,13 +76,19 @@ The current set of available parameters, and their for retrieved via the .Va security.jail.param sysctl MIB entry. -Notable
svn commit: r337919 - head/usr.sbin/jail
Author: jamie Date: Thu Aug 16 18:30:49 2018 New Revision: 337919 URL: https://svnweb.freebsd.org/changeset/base/337919 Log: security.jail.enforce_statfs is handled by jail_set(2), so handling it in userspace jail(8) is redundant. Differential Revision:D14791 Modified: head/usr.sbin/jail/config.c head/usr.sbin/jail/jail.c head/usr.sbin/jail/jailp.h Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Thu Aug 16 18:27:43 2018(r337918) +++ head/usr.sbin/jail/config.c Thu Aug 16 18:30:49 2018(r337919) @@ -106,7 +106,6 @@ static const struct ipspec intparams[] = { [KP_ALLOW_SOCKET_AF] = {"allow.socket_af", 0}, [KP_ALLOW_SYSVIPC] = {"allow.sysvipc", 0}, [KP_DEVFS_RULESET] = {"devfs_ruleset", 0}, -[KP_ENFORCE_STATFS] = {"enforce_statfs", 0}, [KP_HOST_HOSTNAME] = {"host.hostname", 0}, #ifdef INET [KP_IP4_ADDR] ={"ip4.addr",0}, Modified: head/usr.sbin/jail/jail.c == --- head/usr.sbin/jail/jail.c Thu Aug 16 18:27:43 2018(r337918) +++ head/usr.sbin/jail/jail.c Thu Aug 16 18:30:49 2018(r337919) @@ -138,7 +138,6 @@ main(int argc, char **argv) unsigned op, pi; int ch, docf, error, i, oldcl, sysval; int dflag, Rflag; - char enforce_statfs[4]; #if defined(INET) || defined(INET6) char *cs, *ncs; #endif @@ -275,14 +274,6 @@ main(int argc, char **argv) (sysval ? 1 : 0) ^ perm_sysctl[pi].rev ? NULL : "false"); - } - sysvallen = sizeof(sysval); - if (sysctlbyname("security.jail.enforce_statfs", - , , NULL, 0) == 0) { - snprintf(enforce_statfs, - sizeof(enforce_statfs), "%d", sysval); - add_param(NULL, NULL, KP_ENFORCE_STATFS, - enforce_statfs); } } } else if (op == JF_STOP) { Modified: head/usr.sbin/jail/jailp.h == --- head/usr.sbin/jail/jailp.h Thu Aug 16 18:27:43 2018(r337918) +++ head/usr.sbin/jail/jailp.h Thu Aug 16 18:30:49 2018(r337919) @@ -120,7 +120,6 @@ enum intparam { KP_ALLOW_SOCKET_AF, KP_ALLOW_SYSVIPC, KP_DEVFS_RULESET, - KP_ENFORCE_STATFS, KP_HOST_HOSTNAME, #ifdef INET KP_IP4_ADDR, ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r337867 - head/usr.sbin/jail
Author: jamie Date: Wed Aug 15 20:23:17 2018 New Revision: 337867 URL: https://svnweb.freebsd.org/changeset/base/337867 Log: Don't let clobber jailparam values when checking for modification of init-only parameters. Compare string parameter values with strncmp, not memcmp. PR: 230487 Reported by: Jason Mader MFC after:3 days Modified: head/usr.sbin/jail/jail.c Modified: head/usr.sbin/jail/jail.c == --- head/usr.sbin/jail/jail.c Wed Aug 15 20:23:08 2018(r337866) +++ head/usr.sbin/jail/jail.c Wed Aug 15 20:23:17 2018(r337867) @@ -803,8 +803,10 @@ rdtun_params(struct cfjail *j, int dofail) exit(1); } for (jp = j->jp; jp < j->jp + j->njp; jp++) - if (JP_RDTUN(jp) && strcmp(jp->jp_name, "jid")) + if (JP_RDTUN(jp) && strcmp(jp->jp_name, "jid")) { *++rtjp = *jp; + rtjp->jp_value = NULL; + } rval = 0; if (jailparam_get(rtparams, nrt, bool_param(j->intparams[IP_ALLOW_DYING]) ? JAIL_DYING : 0) > 0) { @@ -815,8 +817,11 @@ rdtun_params(struct cfjail *j, int dofail) jp->jp_valuelen == 0 && *(int *)jp->jp_value) && !(rtjp->jp_valuelen == jp->jp_valuelen && - !memcmp(rtjp->jp_value, jp->jp_value, - jp->jp_valuelen))) { + !((jp->jp_ctltype & CTLTYPE) == + CTLTYPE_STRING ? strncmp(rtjp->jp_value, + jp->jp_value, jp->jp_valuelen) : + memcmp(rtjp->jp_value, jp->jp_value, + jp->jp_valuelen { if (dofail) { jail_warnx(j, "%s cannot be " "changed after creation", ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r336038 - in head/sys: kern sys
Author: jamie Date: Fri Jul 6 18:50:22 2018 New Revision: 336038 URL: https://svnweb.freebsd.org/changeset/base/336038 Log: Change prison_add_vfs() to the more generic prison_add_allow(), which can add any dynamic allow.* or allow.*.* parameter. Also keep prison_add_vfs() as a wrapper. Differential Revision:D16146 Modified: head/sys/kern/kern_jail.c head/sys/sys/jail.h Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Fri Jul 6 17:39:48 2018(r336037) +++ head/sys/kern/kern_jail.c Fri Jul 6 18:50:22 2018(r336038) @@ -3760,37 +3760,43 @@ SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLA "B", "Jail may mount/unmount jail-friendly file systems in general"); /* - * The VFS system will register jail-aware filesystems here. They each get - * a parameter allow.mount.xxxfs and a flag to check when a jailed user - * attempts to mount. + * Add a dynamic parameter allow., or allow... Return + * its associated bit in the pr_allow bitmask, or zero if the parameter was + * not created. */ -void -prison_add_vfs(struct vfsconf *vfsp) +unsigned +prison_add_allow(const char *prefix, const char *name, const char *prefix_descr, +const char *descr) { - char *allow_name, *allow_noname, *mount_allowed; struct bool_flags *bf; + struct sysctl_oid *parent; + char *allow_name, *allow_noname, *allowed; #ifndef NO_SYSCTL_DESCR - char *descr; + char *descr_deprecated; #endif unsigned allow_flag; - if (asprintf(_name, M_PRISON, "allow.mount.%s", vfsp->vfc_name) < - 0 || asprintf(_noname, M_PRISON, "allow.mount.no%s", - vfsp->vfc_name) < 0) { + if (prefix + ? asprintf(_name, M_PRISON, "allow.%s.%s", prefix, name) + < 0 || + asprintf(_noname, M_PRISON, "allow.%s.no%s", prefix, name) + < 0 + : asprintf(_name, M_PRISON, "allow.%s", name) < 0 || + asprintf(_noname, M_PRISON, "allow.no%s", name) < 0) { free(allow_name, M_PRISON); - return; + return 0; } /* -* See if this parameter has already beed added, i.e. if the filesystem -* was previously loaded/unloaded. +* See if this parameter has already beed added, i.e. a module was +* previously loaded/unloaded. */ mtx_lock(_mtx); for (bf = pr_flag_allow; bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0; bf++) { if (strcmp(bf->name, allow_name) == 0) { - vfsp->vfc_prison_flag = bf->flag; + allow_flag = bf->flag; goto no_add; } } @@ -3798,7 +3804,7 @@ prison_add_vfs(struct vfsconf *vfsp) /* * Find a free bit in prison0's pr_allow, failing if there are none * (which shouldn't happen as long as we keep track of how many -* filesystems are jail-aware). +* potential dynamic flags exist). */ for (allow_flag = 1;; allow_flag <<= 1) { if (allow_flag == 0) @@ -3815,52 +3821,73 @@ prison_add_vfs(struct vfsconf *vfsp) for (bf = pr_flag_allow; bf->flag != 0; bf++) if (bf == pr_flag_allow + nitems(pr_flag_allow)) { /* This should never happen, but is not fatal. */ + allow_flag = 0; goto no_add; } prison0.pr_allow |= allow_flag; bf->name = allow_name; bf->noname = allow_noname; bf->flag = allow_flag; - vfsp->vfc_prison_flag = allow_flag; mtx_unlock(_mtx); /* * Create sysctls for the paramter, and the back-compat global * permission. */ -#ifndef NO_SYSCTL_DESCR - (void)asprintf(, M_TEMP, "Jail may mount the %s file system", - vfsp->vfc_name); -#endif - (void)SYSCTL_ADD_PROC(NULL, - SYSCTL_CHILDREN(___security_jail_param_allow_mount), - OID_AUTO, vfsp->vfc_name, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, + parent = prefix + ? SYSCTL_ADD_NODE(NULL, + SYSCTL_CHILDREN(___security_jail_param_allow), + OID_AUTO, prefix, 0, 0, prefix_descr) + : ___security_jail_param_allow; + (void)SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(parent), OID_AUTO, + name, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, "B", descr); + if ((prefix +? asprintf(, M_TEMP, "%s_%s_allowed", prefix, name) +: asprintf(, M_TEMP, "%s_allowed", name)) >= 0) { #ifndef NO_SYSCTL_DESCR - free(descr, M_TEMP); + (void)asprintf(_deprecated, M_TEMP, "%s (deprecated)", + descr); #endif - if
svn commit: r336035 - head/usr.bin/cpuset
Author: jamie Date: Fri Jul 6 16:23:30 2018 New Revision: 336035 URL: https://svnweb.freebsd.org/changeset/base/336035 Log: Missed a bit of doc change from r335921. PR: 229266 Modified: head/usr.bin/cpuset/cpuset.1 Modified: head/usr.bin/cpuset/cpuset.1 == --- head/usr.bin/cpuset/cpuset.1Fri Jul 6 16:22:26 2018 (r336034) +++ head/usr.bin/cpuset/cpuset.1Fri Jul 6 16:23:30 2018 (r336035) @@ -52,7 +52,7 @@ .Op Fl c .Op Fl l Ar cpu-list .Op Fl n Ar policy:domain-list -.Op Fl j Ar jailid | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq +.Op Fl j Ar jail | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq .Nm .Fl g .Op Fl cir ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r335921 - in head: lib/libugidfw sbin/ipfw usr.bin/cpuset usr.bin/sockstat
Author: jamie Date: Tue Jul 3 23:47:20 2018 New Revision: 335921 URL: https://svnweb.freebsd.org/changeset/base/335921 Log: Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8), sockstat(1), ugidfw(8) These are the last of the jail-aware userland utilities that didn't work with names. PR: 229266 MFC after:3 days Differential Revision:D16047 Modified: head/lib/libugidfw/ugidfw.c head/sbin/ipfw/Makefile head/sbin/ipfw/ipfw.8 head/sbin/ipfw/ipfw2.c head/usr.bin/cpuset/Makefile head/usr.bin/cpuset/cpuset.1 head/usr.bin/cpuset/cpuset.c head/usr.bin/sockstat/Makefile head/usr.bin/sockstat/sockstat.1 head/usr.bin/sockstat/sockstat.c Modified: head/lib/libugidfw/ugidfw.c == --- head/lib/libugidfw/ugidfw.c Tue Jul 3 23:45:02 2018(r335920) +++ head/lib/libugidfw/ugidfw.c Tue Jul 3 23:47:20 2018(r335921) @@ -34,9 +34,11 @@ */ #include #include +#include #include #include #include +#include #include #include @@ -600,16 +602,45 @@ bsde_parse_gidrange(char *spec, gid_t *min, gid_t *max } static int +bsde_get_jailid(const char *name, size_t buflen, char *errstr) +{ + char *ep; + int jid; + struct iovec jiov[4]; + + /* Copy jail_getid(3) instead of messing with library dependancies */ + jid = strtoul(name, , 10); + if (*name && !*ep) + return jid; + jiov[0].iov_base = __DECONST(char *, "name"); + jiov[0].iov_len = sizeof("name"); + jiov[1].iov_len = strlen(name) + 1; + jiov[1].iov_base = alloca(jiov[1].iov_len); + strcpy(jiov[1].iov_base, name); + if (errstr && buflen) { + jiov[2].iov_base = __DECONST(char *, "errmsg"); + jiov[2].iov_len = sizeof("errmsg"); + jiov[3].iov_base = errstr; + jiov[3].iov_len = buflen; + errstr[0] = 0; + jid = jail_get(jiov, 4, 0); + if (jid < 0 && !errstr[0]) + snprintf(errstr, buflen, "jail_get: %s", + strerror(errno)); + } else + jid = jail_get(jiov, 2, 0); + return jid; +} + +static int bsde_parse_subject(int argc, char *argv[], struct mac_bsdextended_subject *subject, size_t buflen, char *errstr) { int not_seen, flags; int current, neg, nextnot; - char *endp; uid_t uid_min, uid_max; gid_t gid_min, gid_max; int jid = 0; - long value; current = 0; flags = 0; @@ -668,13 +699,9 @@ bsde_parse_subject(int argc, char *argv[], snprintf(errstr, buflen, "one jail only"); return (-1); } - value = strtol(argv[current+1], , 10); - if (*endp != '\0') { - snprintf(errstr, buflen, "invalid jid: '%s'", - argv[current+1]); + jid = bsde_get_jailid(argv[current+1], buflen, errstr); + if (jid < 0) return (-1); - } - jid = value; flags |= MBS_PRISON_DEFINED; if (nextnot) { neg ^= MBS_PRISON_DEFINED; Modified: head/sbin/ipfw/Makefile == --- head/sbin/ipfw/Makefile Tue Jul 3 23:45:02 2018(r335920) +++ head/sbin/ipfw/Makefile Tue Jul 3 23:47:20 2018(r335921) @@ -13,7 +13,7 @@ SRCS+=altq.c CFLAGS+=-DPF .endif -LIBADD=util +LIBADD=jail util MAN= ipfw.8 .include Modified: head/sbin/ipfw/ipfw.8 == --- head/sbin/ipfw/ipfw.8 Tue Jul 3 23:45:02 2018(r335920) +++ head/sbin/ipfw/ipfw.8 Tue Jul 3 23:47:20 2018(r335921) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 28, 2018 +.Dd July 3, 2018 .Dt IPFW 8 .Os .Sh NAME @@ -1535,10 +1535,10 @@ Matches all TCP or UDP packets sent by or received for A .Ar group may be specified by name or number. -.It Cm jail Ar prisonID +.It Cm jail Ar jail Matches all TCP or UDP packets sent by or received for the -jail whos prison ID is -.Ar prisonID . +jail whose ID or name is +.Ar jail . .It Cm icmptypes Ar types Matches ICMP packets whose ICMP type is in the list .Ar types . Modified: head/sbin/ipfw/ipfw2.c == --- head/sbin/ipfw/ipfw2.c Tue Jul 3 23:45:02 2018(r335920) +++ head/sbin/ipfw/ipfw2.c Tue Jul 3 23:47:20 2018(r335921) @@ -32,6 +32,7 @@ #include #include #include +#include #include #include
svn commit: r333263 - in head: lib/libjail sys/cddl/contrib/opensolaris/uts/common/fs/zfs sys/compat/linprocfs sys/compat/linsysfs sys/fs/devfs sys/fs/fdescfs sys/fs/nullfs sys/fs/procfs sys/fs/pse...
Author: jamie Date: Fri May 4 20:54:27 2018 New Revision: 333263 URL: https://svnweb.freebsd.org/changeset/base/333263 Log: Make it easier for filesystems to count themselves as jail-enabled, by doing most of the work in a new function prison_add_vfs in kern_jail.c Now a jail-enabled filesystem need only mark itself with VFCF_JAIL, and the rest is taken care of. This includes adding a jail parameter like allow.mount.foofs, and a sysctl like security.jail.mount_foofs_allowed. Both of these used to be a static list of known filesystems, with predefined permission bits. Reviewed by: kib Differential Revision:D14681 Modified: head/lib/libjail/jail.c head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c head/sys/compat/linprocfs/linprocfs.c head/sys/compat/linsysfs/linsysfs.c head/sys/fs/devfs/devfs_vfsops.c head/sys/fs/fdescfs/fdesc_vfsops.c head/sys/fs/nullfs/null_vfsops.c head/sys/fs/procfs/procfs.c head/sys/fs/pseudofs/pseudofs.h head/sys/fs/tmpfs/tmpfs_vfsops.c head/sys/kern/kern_jail.c head/sys/kern/vfs_init.c head/sys/kern/vfs_mount.c head/sys/kern/vfs_subr.c head/sys/sys/jail.h head/sys/sys/mount.h head/usr.sbin/jail/jail.8 Modified: head/lib/libjail/jail.c == --- head/lib/libjail/jail.c Fri May 4 20:38:26 2018(r333262) +++ head/lib/libjail/jail.c Fri May 4 20:54:27 2018(r333263) @@ -1048,7 +1048,13 @@ kldload_param(const char *name) else if (strcmp(name, "sysvmsg") == 0 || strcmp(name, "sysvsem") == 0 || strcmp(name, "sysvshm") == 0) kl = kldload(name); - else { + else if (strncmp(name, "allow.mount.", 12) == 0) { + /* Load the matching filesystem */ + kl = kldload(name + 12); + if (kl < 0 && errno == ENOENT && + strncmp(name + 12, "no", 2) == 0) + kl = kldload(name + 14); + } else { errno = ENOENT; return (-1); } Modified: head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.c == --- head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.cFri May 4 20:38:26 2018(r333262) +++ head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vfsops.cFri May 4 20:54:27 2018(r333263) @@ -1640,9 +1640,6 @@ zfs_mount(vfs_t *vfsp) osname = spn.pn_path; #else /* !illumos */ - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_ZFS)) - return (SET_ERROR(EPERM)); - if (vfs_getopt(vfsp->mnt_optnew, "from", (void **), NULL)) return (SET_ERROR(EINVAL)); Modified: head/sys/compat/linprocfs/linprocfs.c == --- head/sys/compat/linprocfs/linprocfs.c Fri May 4 20:38:26 2018 (r333262) +++ head/sys/compat/linprocfs/linprocfs.c Fri May 4 20:54:27 2018 (r333263) @@ -1652,7 +1652,7 @@ linprocfs_uninit(PFS_INIT_ARGS) return (0); } -PSEUDOFS(linprocfs, 1, PR_ALLOW_MOUNT_LINPROCFS); +PSEUDOFS(linprocfs, 1, VFCF_JAIL); #if defined(__amd64__) MODULE_DEPEND(linprocfs, linux_common, 1, 1, 1); #else Modified: head/sys/compat/linsysfs/linsysfs.c == --- head/sys/compat/linsysfs/linsysfs.c Fri May 4 20:38:26 2018 (r333262) +++ head/sys/compat/linsysfs/linsysfs.c Fri May 4 20:54:27 2018 (r333263) @@ -556,7 +556,7 @@ linsysfs_uninit(PFS_INIT_ARGS) return (0); } -PSEUDOFS(linsysfs, 1, PR_ALLOW_MOUNT_LINSYSFS); +PSEUDOFS(linsysfs, 1, VFCF_JAIL); #if defined(__amd64__) MODULE_DEPEND(linsysfs, linux_common, 1, 1, 1); #else Modified: head/sys/fs/devfs/devfs_vfsops.c == --- head/sys/fs/devfs/devfs_vfsops.cFri May 4 20:38:26 2018 (r333262) +++ head/sys/fs/devfs/devfs_vfsops.cFri May 4 20:54:27 2018 (r333263) @@ -83,9 +83,6 @@ devfs_mount(struct mount *mp) if (mp->mnt_flag & MNT_ROOTFS) return (EOPNOTSUPP); - if (!prison_allow(td->td_ucred, PR_ALLOW_MOUNT_DEVFS)) - return (EPERM); - rsnum = 0; injail = jailed(td->td_ucred); Modified: head/sys/fs/fdescfs/fdesc_vfsops.c == --- head/sys/fs/fdescfs/fdesc_vfsops.c Fri May 4 20:38:26 2018 (r333262) +++ head/sys/fs/fdescfs/fdesc_vfsops.c Fri May 4 20:54:27 2018 (r333263) @@ -81,12 +81,8 @@ static int fdesc_mount(struct mount *mp) { struct fdescmount *fmp; - struct thread *td = curthread; struct vnode *rvp; int error; - - if (!prison_allow(td->td_ucred,
svn commit: r331332 - head/lib/libjail
Author: jamie Date: Wed Mar 21 23:50:46 2018 New Revision: 331332 URL: https://svnweb.freebsd.org/changeset/base/331332 Log: If a jail parameter isn't found, try loading a related kernel module. Modified: head/lib/libjail/jail.c Modified: head/lib/libjail/jail.c == --- head/lib/libjail/jail.c Wed Mar 21 23:46:26 2018(r331331) +++ head/lib/libjail/jail.c Wed Mar 21 23:50:46 2018(r331332) @@ -32,6 +32,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -59,6 +60,7 @@ __FBSDID("$FreeBSD$"); static int jailparam_import_enum(const char **values, int nvalues, const char *valstr, size_t valsize, int *value); static int jailparam_type(struct jailparam *jp); +static int kldload_param(const char *name); static char *noname(const char *name); static char *nononame(const char *name); @@ -892,6 +894,9 @@ jailparam_type(struct jailparam *jp) "sysctl(0.3.%s): %s", name, strerror(errno)); return (-1); } + if (kldload_param(name) >= 0 && sysctl(mib, 2, mib + 2, , + desc.s, strlen(desc.s)) >= 0) + goto mib_desc; /* * The parameter probably doesn't exist. But it might be * the "no" counterpart to a boolean. @@ -1028,6 +1033,33 @@ jailparam_type(struct jailparam *jp) jp->jp_valuelen = 0; } return (0); +} + +/* + * Attempt to load a kernel module matching an otherwise nonexistent parameter. + */ +static int +kldload_param(const char *name) +{ + int kl; + + if (strcmp(name, "linux") == 0 || strncmp(name, "linux.", 6) == 0) + kl = kldload("linux"); + else if (strcmp(name, "sysvmsg") == 0 || strcmp(name, "sysvsem") == 0 || + strcmp(name, "sysvshm") == 0) + kl = kldload(name); + else { + errno = ENOENT; + return (-1); + } + if (kl < 0 && errno == EEXIST) { + /* +* In the module is already loaded, then it must not contain +* the parameter. +*/ + errno = ENOENT; + } + return kl; } /* ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r331278 - head/sys/kern
Author: jamie Date: Tue Mar 20 23:08:42 2018 New Revision: 331278 URL: https://svnweb.freebsd.org/changeset/base/331278 Log: Represent boolean jail options as an array of structures containing the flag and both the regular and "no" names, instead of two different string arrays whose indices need to match the flag's bit position. This makes them similar to the say "jailsys" options are represented. Loop through either kind of option array with a structure pointer rather then an integer index. Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Tue Mar 20 23:08:04 2018(r331277) +++ head/sys/kern/kern_jail.c Tue Mar 20 23:08:42 2018(r331278) @@ -115,6 +115,17 @@ struct prison prison0 = { }; MTX_SYSINIT(prison0, _mtx, "jail mutex", MTX_DEF); +struct bool_flags { + const char *name; + const char *noname; + unsigned flag; +}; +struct jailsys_flags { + const char *name; + unsigned disable; + unsigned new; +}; + /* allprison, allprison_racct and lastprid are protected by allprison_lock. */ struct sx allprison_lock; SX_SYSINIT(allprison_lock, _lock, "allprison"); @@ -145,86 +156,55 @@ static void prison_racct_detach(struct prison *pr); * as we cannot figure out the size of a sparse array, or an array without a * terminating entry. */ -static char *pr_flag_names[] = { - [0] = "persist", +static struct bool_flags pr_flag_bool[] = { + {"persist", "nopersist", PR_PERSIST}, #ifdef INET - [7] = "ip4.saddrsel", + {"ip4.saddrsel", "ip4.nosaddrsel", PR_IP4_SADDRSEL}, #endif #ifdef INET6 - [8] = "ip6.saddrsel", + {"ip6.saddrsel", "ip6.nosaddrsel", PR_IP6_SADDRSEL}, #endif }; -const size_t pr_flag_names_size = sizeof(pr_flag_names); +const size_t pr_flag_bool_size = sizeof(pr_flag_bool); -static char *pr_flag_nonames[] = { - [0] = "nopersist", -#ifdef INET - [7] = "ip4.nosaddrsel", -#endif -#ifdef INET6 - [8] = "ip6.nosaddrsel", -#endif -}; -const size_t pr_flag_nonames_size = sizeof(pr_flag_nonames); - -struct jailsys_flags { - const char *name; - unsigned disable; - unsigned new; -} pr_flag_jailsys[] = { - { "host", 0, PR_HOST }, +static struct jailsys_flags pr_flag_jailsys[] = { + {"host", 0, PR_HOST}, #ifdef VIMAGE - { "vnet", 0, PR_VNET }, + {"vnet", 0, PR_VNET}, #endif #ifdef INET - { "ip4", PR_IP4_USER, PR_IP4_USER }, + {"ip4", PR_IP4_USER, PR_IP4_USER}, #endif #ifdef INET6 - { "ip6", PR_IP6_USER, PR_IP6_USER }, + {"ip6", PR_IP6_USER, PR_IP6_USER}, #endif }; const size_t pr_flag_jailsys_size = sizeof(pr_flag_jailsys); -static char *pr_allow_names[] = { - "allow.set_hostname", - "allow.sysvipc", - "allow.raw_sockets", - "allow.chflags", - "allow.mount", - "allow.quotas", - "allow.socket_af", - "allow.mount.devfs", - "allow.mount.nullfs", - "allow.mount.zfs", - "allow.mount.procfs", - "allow.mount.tmpfs", - "allow.mount.fdescfs", - "allow.mount.linprocfs", - "allow.mount.linsysfs", - "allow.reserved_ports", +static struct bool_flags pr_flag_allow[] = { + {"allow.set_hostname", "allow.noset_hostname", PR_ALLOW_SET_HOSTNAME}, + {"allow.sysvipc", "allow.nosysvipc", PR_ALLOW_SYSVIPC}, + {"allow.raw_sockets", "allow.noraw_sockets", PR_ALLOW_RAW_SOCKETS}, + {"allow.chflags", "allow.nochflags", PR_ALLOW_CHFLAGS}, + {"allow.mount", "allow.nomount", PR_ALLOW_MOUNT}, + {"allow.quotas", "allow.noquotas", PR_ALLOW_QUOTAS}, + {"allow.socket_af", "allow.nosocket_af", PR_ALLOW_SOCKET_AF}, + {"allow.mount.devfs", "allow.mount.nodevfs", PR_ALLOW_MOUNT_DEVFS}, + {"allow.mount.nullfs", "allow.mount.nonullfs", PR_ALLOW_MOUNT_NULLFS}, + {"allow.mount.zfs", "allow.mount.nozfs", PR_ALLOW_MOUNT_ZFS}, + {"allow.mount.procfs", "allow.mount.noprocfs", PR_ALLOW_MOUNT_PROCFS}, + {"allow.mount.tmpfs", "allow.mount.notmpfs", PR_ALLOW_MOUNT_TMPFS}, + {"allow.mount.fdescfs", "allow.mount.nofdescfs", +PR_ALLOW_MOUNT_FDESCFS}, + {"allow.mount.linprocfs", "allow.mount.nolinprocfs", +PR_ALLOW_MOUNT_LINPROCFS}, + {"allow.mount.linsysfs", "allow.mount.nolinsysfs", +PR_ALLOW_MOUNT_LINSYSFS}, + {"allow.reserved_ports", "allow.noreserved_ports", +PR_ALLOW_RESERVED_PORTS}, }; -const size_t pr_allow_names_size = sizeof(pr_allow_names); +const size_t pr_flag_allow_size = sizeof(pr_flag_allow); -static char *pr_allow_nonames[] = { - "allow.noset_hostname", - "allow.nosysvipc", - "allow.noraw_sockets", - "allow.nochflags", - "allow.nomount", - "allow.noquotas", - "allow.nosocket_af", -
svn commit: r330743 - in head: etc/rc.d share/man/man5
Author: jamie Date: Sat Mar 10 20:13:07 2018 New Revision: 330743 URL: https://svnweb.freebsd.org/changeset/base/330743 Log: Don't warn when the "hostname" rc variable is unset, but the hostname is already non-empty (common in jails). Modified: head/etc/rc.d/hostname head/share/man/man5/rc.conf.5 Modified: head/etc/rc.d/hostname == --- head/etc/rc.d/hostname Sat Mar 10 18:07:31 2018(r330742) +++ head/etc/rc.d/hostname Sat Mar 10 20:13:07 2018(r330743) @@ -60,9 +60,11 @@ hostname_start() # Have we got a hostname yet? # if [ -z "${hostname}" ]; then - # Null hostname is probably OK if DHCP is in use. + # Null hostname is probably OK if DHCP is in use, + # or when hostname is already set (common for jails). # - if [ -z "`list_net_interfaces dhcp`" ]; then + if [ -z "`list_net_interfaces dhcp`" -a \ +-z "`/bin/hostname`" ]; then warn "\$hostname is not set -- see rc.conf(5)." fi return Modified: head/share/man/man5/rc.conf.5 == --- head/share/man/man5/rc.conf.5 Sat Mar 10 18:07:31 2018 (r330742) +++ head/share/man/man5/rc.conf.5 Sat Mar 10 20:13:07 2018 (r330743) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd February 15, 2018 +.Dd March 10, 2018 .Dt RC.CONF 5 .Os .Sh NAME @@ -421,6 +421,9 @@ If .Xr dhclient 8 is used to set the hostname via DHCP, this variable should be set to an empty string. +Within a +.Xr jail 8 +the hostname is generally already set and this variable may absent. If this value remains unset when the system is done booting your console login will display the default hostname of .Dq Amnesiac . ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r321796 - head/usr.bin/calendar/calendars
Author: jamie Date: Mon Jul 31 15:29:44 2017 New Revision: 321796 URL: https://svnweb.freebsd.org/changeset/base/321796 Log: Add myself to the birthday calendar. Reminded by: mckusick Modified: head/usr.bin/calendar/calendars/calendar.freebsd Modified: head/usr.bin/calendar/calendars/calendar.freebsd == --- head/usr.bin/calendar/calendars/calendar.freebsdMon Jul 31 15:24:40 2017(r321795) +++ head/usr.bin/calendar/calendars/calendar.freebsdMon Jul 31 15:29:44 2017(r321796) @@ -180,6 +180,7 @@ 05/19 Sofian Brabezborn in Toulouse, France, 1984 05/20 Dan Moschuk died in Burlington, Ontario, Canada, 2010 05/21 Kris Kennaway born in Winnipeg, Manitoba, Canada, 1978 +05/22 James Gritton born in San Francisco, California, United States, 1967 05/22 Clive Tong-I Lin born in Changhua, Taiwan, Republic of China, 1978 05/22 Michael Bushkov born in Rostov-on-Don, Russian Federation, 1985 05/22 Rui Paulo born in Evora, Portugal, 1986 ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r316023 - head/usr.sbin/jail
Author: jamie Date: Mon Mar 27 13:37:40 2017 New Revision: 316023 URL: https://svnweb.freebsd.org/changeset/base/316023 Log: Same as r316022 (Fix hexadecimal escape codes in jail.conf(5)), but do it right this time. Reported by: Kyle Evans MFC after:3 days Modified: head/usr.sbin/jail/jaillex.l Modified: head/usr.sbin/jail/jaillex.l == --- head/usr.sbin/jail/jaillex.lMon Mar 27 13:27:39 2017 (r316022) +++ head/usr.sbin/jail/jaillex.lMon Mar 27 13:37:40 2017 (r316023) @@ -216,7 +216,7 @@ text2lval(size_t triml, size_t trimr, in *d = *++s - '0'; else if (s[1] >= 'A' && s[1] <= 'F') *d = *++s + (0xA - 'A'); - else if (s[1] >= 'a' && s[1] <= 'F') + else if (s[1] >= 'a' && s[1] <= 'f') *d = *++s + (0xa - 'a'); else break; ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r316022 - head/usr.sbin/jail
Author: jamie Date: Mon Mar 27 13:27:39 2017 New Revision: 316022 URL: https://svnweb.freebsd.org/changeset/base/316022 Log: Fix hexadecimal escape codes in jail.conf(5). PR: 218154 Submitted by: Masahiro KonishiMFC after:3 days Modified: head/usr.sbin/jail/jaillex.l Modified: head/usr.sbin/jail/jaillex.l == --- head/usr.sbin/jail/jaillex.lMon Mar 27 12:34:29 2017 (r316021) +++ head/usr.sbin/jail/jaillex.lMon Mar 27 13:27:39 2017 (r316022) @@ -216,7 +216,7 @@ text2lval(size_t triml, size_t trimr, in *d = *++s - '0'; else if (s[1] >= 'A' && s[1] <= 'F') *d = *++s + (0xA - 'A'); - else if (s[1] >= 'a' && s[1] <= 'a') + else if (s[1] >= 'a' && s[1] <= 'F') *d = *++s + (0xa - 'a'); else break; @@ -226,7 +226,7 @@ text2lval(size_t triml, size_t trimr, in *d = *d * 0x10 + (*++s - '0'); else if (s[1] >= 'A' && s[1] <= 'F') *d = *d * 0x10 + (*++s + (0xA - 'A')); - else if (s[1] >= 'a' && s[1] <= 'a') + else if (s[1] >= 'a' && s[1] <= 'f') *d = *d * 0x10 + (*++s + (0xa - 'a')); } } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r310530 - head/usr.sbin/jls
Author: jamie Date: Sat Dec 24 23:51:27 2016 New Revision: 310530 URL: https://svnweb.freebsd.org/changeset/base/310530 Log: Improve IP address list representation in libxo output. Extract decision-making about special-case printing of certain jail parameters into a function. Refactor emitting of IPv4 and IPv6 address lists into a function. Resulting user-facing changes: XO_VERSION is bumped to 2. In verbose mode (-v), IPv4 and IPv6-Addresses are now properly emitted as separate lists. This only affects the output in encoding styles, i.e. xml and json. {{ "__version": "1","__version": "2", "jail-information": {"jail-information": { "jail": ["jail": [ {{ "jid": 166, "jid": 166, "hostname": "foo.com", "hostname": "foo.com", "path": "/var/jail/foo", "path": "/var/jail/foo", "name": "foo", "name": "foo", "state": "ACTIVE", "state": "ACTIVE", "cpusetid": 2, "cpusetid": 2, "ipv4_addrs": [ "ipv4_addrs": [ "10.1.1.1", "10.1.1.1", "10.1.1.2", "10.1.1.2", "10.1.1.3", | "10.1.1.3" > ], > "ipv6_addrs": [ "fe80::1000:1", "fe80::1000:1", "fe80::1000:2" "fe80::1000:2" ]] }} ]] }} }} In -n mode, ip4.addr and ip6.addr are formatted in the encoding styles' native list types, e.g. instead of comma-separated lists, JSON arrays are printed. jls -n all --libxo json ... "ip4.addr": [ "10.1.1.1", "10.1.1.2", "10.1.1.3" ], "ip4.saddrsel": true, "ip6.addr": [ "fe80::1000:1", "fe80::1000:2" ], ... jls -n all --libxo xml ... 10.1.1.1 10.1.1.2 10.1.1.3 true fe80::1000:1 fe80::1000:2 ... PR: 215008 Submitted by: Christian SchwarzDifferential Revision:https://reviews.freebsd.org/D8766 Modified: head/usr.sbin/jls/jls.c Modified: head/usr.sbin/jls/jls.c == --- head/usr.sbin/jls/jls.c Sat Dec 24 23:43:14 2016(r310529) +++ head/usr.sbin/jls/jls.c Sat Dec 24 23:51:27 2016(r310530) @@ -51,7 +51,7 @@ __FBSDID("$FreeBSD$"); #defineJP_USER 0x0100 #defineJP_OPT 0x0200 -#define JLS_XO_VERSION "1" +#define JLS_XO_VERSION "2" #definePRINT_DEFAULT 0x01 #definePRINT_HEADER0x02 @@ -77,7 +77,10 @@ static int sort_param(const void *a, con static char *noname(const char *name); static char *nononame(const char *name); static int print_jail(int pflags, int jflags); +static int special_print(int pflags, struct jailparam *param); static void quoted_print(int pflags, char *name, char *value); +static void emit_ip_addr_list(int af_family, const char *list_name, + struct jailparam *param); int main(int argc, char **argv) @@ -379,8 +382,7 @@ print_jail(int pflags, int jflags) { char *nname, *xo_nname; char **param_values; - int i, ai, jid, count, n, spc; - char ipbuf[INET6_ADDRSTRLEN]; + int i, jid, n, spc; jid = jailparam_get(params, nparams, jflags); if (jid < 0) @@ -401,29 +403,13 @@ print_jail(int pflags, int jflags) n = 6; #ifdef INET if (ip4_ok && !strcmp(params[n].jp_name, "ip4.addr")) { - count = params[n].jp_valuelen / sizeof(struct in_addr); - for (ai = 0; ai < count; ai++) - if (inet_ntop(AF_INET, - &((struct in_addr *)params[n].jp_value)[ai], - ipbuf, sizeof(ipbuf)) == NULL) - xo_err(1, "inet_ntop"); - else { - xo_emit("{P: }{l:ipv4_addrs}{P:\n}", ipbuf); - } + emit_ip_addr_list(AF_INET, "ipv4_addrs", params + n); n++; } #endif #ifdef INET6 if (ip6_ok && !strcmp(params[n].jp_name, "ip6.addr")) { - count = params[n].jp_valuelen / sizeof(struct in6_addr); -
svn commit: r302857 - head/etc/rc.d
Author: jamie Date: Thu Jul 14 20:17:08 2016 New Revision: 302857 URL: https://svnweb.freebsd.org/changeset/base/302857 Log: Start jails non-parallel if jail_parallel_start is NO. This was true for an explicitly specified jail list; now it's also true for all jails. PR: 209112 MFC after:3 days Modified: head/etc/rc.d/jail Modified: head/etc/rc.d/jail == --- head/etc/rc.d/jail Thu Jul 14 20:15:55 2016(r302856) +++ head/etc/rc.d/jail Thu Jul 14 20:17:08 2016(r302857) @@ -451,6 +451,9 @@ jail_start() command=$jail_program rc_flags=$jail_flags command_args="-f $jail_conf -c" + if ! checkyesno jail_parallel_start; then + command_args="$command_args -p1" + fi _tmp=`mktemp -t jail` || exit 3 if $command $rc_flags $command_args >> $_tmp 2>&1; then $jail_jls jid name | while read _id _name; do @@ -458,7 +461,7 @@ jail_start() echo $_id > /var/run/jail_${_name}.id done else - tail -1 $_tmp + cat $_tmp fi rm -f $_tmp echo '.' @@ -545,7 +548,7 @@ jail_stop() _tmp=`mktemp -t jail` || exit 3 $command $rc_flags $command_args $_j >> $_tmp 2>&1 if $jail_jls -j $_j > /dev/null 2>&1; then - tail -1 $_tmp + cat $_tmp else rm -f /var/run/jail_${_j}.id fi @@ -568,7 +571,7 @@ jail_stop() _tmp=`mktemp -t jail` || exit 3 $command -q -f $_conf -r $_j >> $_tmp 2>&1 if $jail_jls -j $_j > /dev/null 2>&1; then - tail -1 $_tmp + cat $_tmp else rm -f /var/run/jail_${_j}.id fi ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r302856 - head/usr.sbin/jail
Author: jamie Date: Thu Jul 14 20:15:55 2016 New Revision: 302856 URL: https://svnweb.freebsd.org/changeset/base/302856 Log: Fix up the order in which jail creation processes are run, to preserve the config file's order in the non-parallel-start case. PR: 209112 MFC after:3 days Modified: head/usr.sbin/jail/command.c head/usr.sbin/jail/jailp.h head/usr.sbin/jail/state.c Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cThu Jul 14 19:51:54 2016 (r302855) +++ head/usr.sbin/jail/command.cThu Jul 14 20:15:55 2016 (r302856) @@ -92,9 +92,13 @@ next_command(struct cfjail *j) int create_failed, stopping; if (paralimit == 0) { - requeue(j, ); + if (j->flags & JF_FROM_RUNQ) + requeue_head(j, ); + else + requeue(j, ); return 1; } + j->flags &= ~JF_FROM_RUNQ; create_failed = (j->flags & (JF_STOP | JF_FAILED)) == JF_FAILED; stopping = (j->flags & JF_STOP) != 0; comparam = *j->comparam; @@ -160,20 +164,23 @@ next_command(struct cfjail *j) int finish_command(struct cfjail *j) { + struct cfjail *rj; int error; if (!(j->flags & JF_SLEEPQ)) return 0; j->flags &= ~JF_SLEEPQ; - if (*j->comparam == IP_STOP_TIMEOUT) - { + if (*j->comparam == IP_STOP_TIMEOUT) { j->flags &= ~JF_TIMEOUT; j->pstatus = 0; return 0; } paralimit++; - if (!TAILQ_EMPTY()) - requeue(TAILQ_FIRST(), ); + if (!TAILQ_EMPTY()) { + rj = TAILQ_FIRST(); + rj->flags |= JF_FROM_RUNQ; + requeue(rj, ); + } error = 0; if (j->flags & JF_TIMEOUT) { j->flags &= ~JF_TIMEOUT; @@ -259,7 +266,7 @@ next_proc(int nonblock) } /* - * Run a single command for a jail, possible inside the jail. + * Run a single command for a jail, possibly inside the jail. */ static int run_command(struct cfjail *j) Modified: head/usr.sbin/jail/jailp.h == --- head/usr.sbin/jail/jailp.h Thu Jul 14 19:51:54 2016(r302855) +++ head/usr.sbin/jail/jailp.h Thu Jul 14 20:15:55 2016(r302856) @@ -64,6 +64,7 @@ #define JF_PERSIST 0x0100 /* Jail is temporarily persistent */ #define JF_TIMEOUT 0x0200 /* A command (or process kill) timed out */ #define JF_SLEEPQ 0x0400 /* Waiting on a command and/or timeout */ +#define JF_FROM_RUNQ 0x0800 /* Has already been on the run queue */ #define JF_OP_MASK (JF_START | JF_SET | JF_STOP) #define JF_RESTART (JF_START | JF_STOP) @@ -223,6 +224,7 @@ extern struct cfjail *next_jail(void); extern int start_state(const char *target, int docf, unsigned state, int running); extern void requeue(struct cfjail *j, struct cfjails *queue); +extern void requeue_head(struct cfjail *j, struct cfjails *queue); extern void yyerror(const char *); extern int yylex(void); Modified: head/usr.sbin/jail/state.c == --- head/usr.sbin/jail/state.c Thu Jul 14 19:51:54 2016(r302855) +++ head/usr.sbin/jail/state.c Thu Jul 14 20:15:55 2016(r302856) @@ -397,6 +397,14 @@ requeue(struct cfjail *j, struct cfjails } } +void +requeue_head(struct cfjail *j, struct cfjails *queue) +{ +TAILQ_REMOVE(j->queue, j, tq); +TAILQ_INSERT_HEAD(queue, j, tq); +j->queue = queue; +} + /* * Add a dependency edge between two jails. */ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r302855 - head/etc/rc.d
Author: jamie Date: Thu Jul 14 19:51:54 2016 New Revision: 302855 URL: https://svnweb.freebsd.org/changeset/base/302855 Log: Wait for jails to complete startup if jail_parallel_start is YES, instead of assuming they'll take less than one second. PR: 203172 Submitted by: dmitry2...@yandex.ru Modified: head/etc/rc.d/jail Modified: head/etc/rc.d/jail == --- head/etc/rc.d/jail Thu Jul 14 18:49:05 2016(r302854) +++ head/etc/rc.d/jail Thu Jul 14 19:51:54 2016(r302855) @@ -440,7 +440,7 @@ jail_status() jail_start() { - local _j _jv _jid _jl _id _name + local _j _jv _jid _id _name if [ $# = 0 ]; then return @@ -470,29 +470,30 @@ jail_start() # Start jails in parallel and then check jail id when # jail_parallel_start is YES. # - _jl= for _j in $@; do _j=$(echo $_j | tr /. _) _jv=$(echo -n $_j | tr -c '[:alnum:]' _) parse_options $_j $_jv || continue - _jl="$_jl $_j" eval rc_flags=\${jail_${_jv}_flags:-$jail_flags} eval command=\${jail_${_jv}_program:-$jail_program} command_args="-i -f $_conf -c $_j" - $command $rc_flags $command_args \ - >/dev/null 2>&1 /var/run/jail_${_j}.id - else - echo " cannot start jail " \ - "\"${_hostname:-${_j}}\": " - fi + ( + _tmp=`mktemp -t jail_${_j}` || exit 3 + if $command $rc_flags $command_args \ + >> $_tmp 2>&1 /var/run/jail_${_j}.id + else + echo " cannot start jail " \ + "\"${_hostname:-${_j}}\": " + cat $_tmp + fi + rm -f $_tmp + ) & done + wait else # # Start jails one-by-one when jail_parallel_start is NO. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r301764 - head/sys/kern
Author: jamie Date: Thu Jun 9 21:59:11 2016 New Revision: 301764 URL: https://svnweb.freebsd.org/changeset/base/301764 Log: Fix a vnode leak when giving a child jail a too-long path when debug.disablefullpath=1. Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Thu Jun 9 21:57:34 2016(r301763) +++ head/sys/kern/kern_jail.c Thu Jun 9 21:59:11 2016(r301764) @@ -1010,6 +1010,7 @@ kern_jail_set(struct thread *td, struct if (len + (path[0] == '/' && strcmp(mypr->pr_path, "/") ? strlen(mypr->pr_path) : 0) > MAXPATHLEN) { error = ENAMETOOLONG; + vrele(root); goto done_free; } } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r301760 - head/sys/kern
Author: jamie Date: Thu Jun 9 20:43:14 2016 New Revision: 301760 URL: https://svnweb.freebsd.org/changeset/base/301760 Log: Re-order some jail parameter reading to prevent a vnode leak. Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Thu Jun 9 20:40:12 2016(r301759) +++ head/sys/kern/kern_jail.c Thu Jun 9 20:43:14 2016(r301760) @@ -920,6 +920,46 @@ kern_jail_set(struct thread *td, struct } #endif + error = vfs_getopt(opts, "osrelease", (void **), ); + if (error == ENOENT) + osrelstr = NULL; + else if (error != 0) + goto done_free; + else { + if (flags & JAIL_UPDATE) { + error = EINVAL; + vfs_opterror(opts, + "osrelease cannot be changed after creation"); + goto done_errmsg; + } + if (len == 0 || len >= OSRELEASELEN) { + error = EINVAL; + vfs_opterror(opts, + "osrelease string must be 1-%d bytes long", + OSRELEASELEN - 1); + goto done_errmsg; + } + } + + error = vfs_copyopt(opts, "osreldate", , sizeof(osreldt)); + if (error == ENOENT) + osreldt = 0; + else if (error != 0) + goto done_free; + else { + if (flags & JAIL_UPDATE) { + error = EINVAL; + vfs_opterror(opts, + "osreldate cannot be changed after creation"); + goto done_errmsg; + } + if (osreldt == 0) { + error = EINVAL; + vfs_opterror(opts, "osreldate cannot be 0"); + goto done_errmsg; + } + } + fullpath_disabled = 0; root = NULL; error = vfs_getopt(opts, "path", (void **), ); @@ -975,46 +1015,6 @@ kern_jail_set(struct thread *td, struct } } - error = vfs_getopt(opts, "osrelease", (void **), ); - if (error == ENOENT) - osrelstr = NULL; - else if (error != 0) - goto done_free; - else { - if (flags & JAIL_UPDATE) { - error = EINVAL; - vfs_opterror(opts, - "osrelease cannot be changed after creation"); - goto done_errmsg; - } - if (len == 0 || len >= OSRELEASELEN) { - error = EINVAL; - vfs_opterror(opts, - "osrelease string must be 1-%d bytes long", - OSRELEASELEN - 1); - goto done_errmsg; - } - } - - error = vfs_copyopt(opts, "osreldate", , sizeof(osreldt)); - if (error == ENOENT) - osreldt = 0; - else if (error != 0) - goto done_free; - else { - if (flags & JAIL_UPDATE) { - error = EINVAL; - vfs_opterror(opts, - "osreldate cannot be changed after creation"); - goto done_errmsg; - } - if (osreldt == 0) { - error = EINVAL; - vfs_opterror(opts, "osreldate cannot be 0"); - goto done_errmsg; - } - } - /* * Find the specified jail, or at least its parent. * This abuses the file error codes ENOENT and EEXIST. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r301758 - head/sys/kern
Author: jamie Date: Thu Jun 9 20:39:57 2016 New Revision: 301758 URL: https://svnweb.freebsd.org/changeset/base/301758 Log: Clean up some logic in jail error messages, replacing a missing test and a redundant test with a single correct test. Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Thu Jun 9 20:23:30 2016(r301757) +++ head/sys/kern/kern_jail.c Thu Jun 9 20:39:57 2016(r301758) @@ -1929,19 +1929,17 @@ kern_jail_set(struct thread *td, struct vrele(root); done_errmsg: if (error) { - vfs_getopt(opts, "errmsg", (void **), _len); - if (errmsg_len > 0) { + if (vfs_getopt(opts, "errmsg", (void **), + _len) == 0 && errmsg_len > 0) { errmsg_pos = 2 * vfs_getopt_pos(opts, "errmsg") + 1; - if (errmsg_pos > 0) { - if (optuio->uio_segflg == UIO_SYSSPACE) - bcopy(errmsg, - optuio->uio_iov[errmsg_pos].iov_base, - errmsg_len); - else - copyout(errmsg, - optuio->uio_iov[errmsg_pos].iov_base, - errmsg_len); - } + if (optuio->uio_segflg == UIO_SYSSPACE) + bcopy(errmsg, + optuio->uio_iov[errmsg_pos].iov_base, + errmsg_len); + else + copyout(errmsg, + optuio->uio_iov[errmsg_pos].iov_base, + errmsg_len); } } done_free: ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r301745 - head/sys/kern
Author: jamie Date: Thu Jun 9 16:41:41 2016 New Revision: 301745 URL: https://svnweb.freebsd.org/changeset/base/301745 Log: Make sure the OSD methods for jail set and remove can't run concurrently, by holding allprison_lock exclusively (even if only for a moment before downgrading) on all paths that call PR_METHOD_REMOVE. Since they may run on a downgraded lock, it's still possible for them to run concurrently with PR_METHOD_GET, which will need to use the prison lock. Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Thu Jun 9 16:30:27 2016(r301744) +++ head/sys/kern/kern_jail.c Thu Jun 9 16:41:41 2016(r301745) @@ -2383,7 +2383,14 @@ sys_jail_attach(struct thread *td, struc if (error) return (error); - sx_slock(_lock); + /* +* Start with exclusive hold on allprison_lock to ensure that a possible +* PR_METHOD_REMOVE call isn't concurrent with jail_set or jail_remove. +* But then immediately downgrade it since we don't need to stop +* readers. +*/ + sx_xlock(_lock); + sx_downgrade(_lock); pr = prison_find_child(td->td_ucred->cr_prison, uap->jid); if (pr == NULL) { sx_sunlock(_lock); @@ -2601,9 +2608,11 @@ prison_complete(void *context, int pendi { struct prison *pr = context; + sx_xlock(_lock); mtx_lock(>pr_mtx); prison_deref(pr, pr->pr_uref - ? PD_DEREF | PD_DEUREF | PD_LOCKED : PD_LOCKED); + ? PD_DEREF | PD_DEUREF | PD_LOCKED | PD_LIST_XLOCKED + : PD_LOCKED | PD_LIST_XLOCKED); } /* @@ -2647,13 +2656,8 @@ prison_deref(struct prison *pr, int flag */ if (lasturef) { if (!(flags & (PD_LIST_SLOCKED | PD_LIST_XLOCKED))) { - if (ref > 1) { - sx_slock(_lock); - flags |= PD_LIST_SLOCKED; - } else { - sx_xlock(_lock); - flags |= PD_LIST_XLOCKED; - } + sx_xlock(_lock); + flags |= PD_LIST_XLOCKED; } (void)osd_jail_call(pr, PR_METHOD_REMOVE, NULL); mtx_lock(>pr_mtx); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r301737 - head/sys/kern
Author: jamie Date: Thu Jun 9 15:34:33 2016 New Revision: 301737 URL: https://svnweb.freebsd.org/changeset/base/301737 Log: Remove a comment that was part of copied code, and is misleading in the new location. Modified: head/sys/kern/sysv_msg.c Modified: head/sys/kern/sysv_msg.c == --- head/sys/kern/sysv_msg.cThu Jun 9 15:19:48 2016(r301736) +++ head/sys/kern/sysv_msg.cThu Jun 9 15:34:33 2016(r301737) @@ -320,12 +320,6 @@ msgunload() #endif for (msqid = 0; msqid < msginfo.msgmni; msqid++) { - /* -* Look for an unallocated and unlocked msqid_ds. -* msqid_ds's can be locked by msgsnd or msgrcv while -* they are copying the message in/out. We can't -* re-use the entry until they release it. -*/ msqkptr = [msqid]; if (msqkptr->u.msg_qbytes != 0 || (msqkptr->u.msg_perm.mode & MSG_LOCKED) != 0) ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r300983 - in head: lib/libc/sys sys/kern
Author: jamie Date: Mon May 30 05:21:24 2016 New Revision: 300983 URL: https://svnweb.freebsd.org/changeset/base/300983 Log: Mark jail(2), and the sysctls that it (and only it) uses as deprecated. jail(8) has long used jail_set(2), and those sysctl only cause confusion. Modified: head/lib/libc/sys/jail.2 head/sys/kern/kern_jail.c Modified: head/lib/libc/sys/jail.2 == --- head/lib/libc/sys/jail.2Mon May 30 04:48:06 2016(r300982) +++ head/lib/libc/sys/jail.2Mon May 30 05:21:24 2016(r300983) @@ -106,7 +106,7 @@ pointers can be set to an arrays of IPv4 the prison, or NULL if none. IPv4 addresses must be in network byte order. .Pp -This is equivalent to the +This is equivalent to, and deprecated in favor of, the .Fn jail_set system call (see below), with the parameters .Va path , Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Mon May 30 04:48:06 2016(r300982) +++ head/sys/kern/kern_jail.c Mon May 30 05:21:24 2016(r300983) @@ -4276,7 +4276,7 @@ SYSCTL_PROC(_security_jail, OID_AUTO, vn #if defined(INET) || defined(INET6) SYSCTL_UINT(_security_jail, OID_AUTO, jail_max_af_ips, CTLFLAG_RW, _max_af_ips, 0, -"Number of IP addresses a jail may have at most per address family"); +"Number of IP addresses a jail may have at most per address family (deprecated)"); #endif /* @@ -4316,59 +4316,59 @@ sysctl_jail_default_allow(SYSCTL_HANDLER SYSCTL_PROC(_security_jail, OID_AUTO, set_hostname_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_SET_HOSTNAME, sysctl_jail_default_allow, "I", -"Processes in jail can set their hostnames"); +"Processes in jail can set their hostnames (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, socket_unixiproute_only, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, (void *)1, PR_ALLOW_SOCKET_AF, sysctl_jail_default_allow, "I", -"Processes in jail are limited to creating UNIX/IP/route sockets only"); +"Processes in jail are limited to creating UNIX/IP/route sockets only (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, sysvipc_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_SYSVIPC, sysctl_jail_default_allow, "I", -"Processes in jail can use System V IPC primitives"); +"Processes in jail can use System V IPC primitives (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, allow_raw_sockets, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_RAW_SOCKETS, sysctl_jail_default_allow, "I", -"Prison root can create raw sockets"); +"Prison root can create raw sockets (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, chflags_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_CHFLAGS, sysctl_jail_default_allow, "I", -"Processes in jail can alter system file flags"); +"Processes in jail can alter system file flags (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I", -"Processes in jail can mount/unmount jail-friendly file systems"); +"Processes in jail can mount/unmount jail-friendly file systems (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_devfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_DEVFS, sysctl_jail_default_allow, "I", -"Processes in jail can mount the devfs file system"); +"Processes in jail can mount the devfs file system (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_fdescfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_FDESCFS, sysctl_jail_default_allow, "I", -"Processes in jail can mount the fdescfs file system"); +"Processes in jail can mount the fdescfs file system (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_nullfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_NULLFS, sysctl_jail_default_allow, "I", -"Processes in jail can mount the nullfs file system"); +"Processes in jail can mount the nullfs file system (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_procfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_PROCFS, sysctl_jail_default_allow, "I", -"Processes in jail can mount the procfs file system"); +"Processes in jail can mount the procfs file system (deprecated)"); SYSCTL_PROC(_security_jail, OID_AUTO, mount_linprocfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_LINPROCFS, sysctl_jail_default_allow, "I", -"Processes in jail can mount the linprocfs file system"); +"Processes in jail can mount the linprocfs file system (deprecated)"); SYSCTL_PROC(_security_jail,
svn commit: r298888 - head/usr.sbin/jail
Author: jamie Date: Sun May 1 16:48:03 2016 New Revision: 29 URL: https://svnweb.freebsd.org/changeset/base/29 Log: typo Submitted by: Jimmy Olgeni Modified: head/usr.sbin/jail/jail.8 Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Sun May 1 16:43:22 2016(r298887) +++ head/usr.sbin/jail/jail.8 Sun May 1 16:48:03 2016(r29) @@ -653,7 +653,7 @@ its keys. If set to .Dq disable , the jail cannot perform any sysvmsg-related system calls. -.It Va sysvsem, sysvmsg +.It Va sysvsem, sysvshm Allow access to SYSV IPC semaphore and shared memory primitives, in the same manner as .Va sysvmsg. ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r298863 - in head: share/man/man5 usr.sbin/jail
Author: jamie Date: Sat Apr 30 21:27:41 2016 New Revision: 298863 URL: https://svnweb.freebsd.org/changeset/base/298863 Log: Clarify when happens when there is a "depend" parameter in jail.conf, and how this affects the "jail_list" option in rc.conf. Modified: head/share/man/man5/rc.conf.5 head/usr.sbin/jail/jail.8 Modified: head/share/man/man5/rc.conf.5 == --- head/share/man/man5/rc.conf.5 Sat Apr 30 20:05:23 2016 (r298862) +++ head/share/man/man5/rc.conf.5 Sat Apr 30 21:27:41 2016 (r298863) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 29, 2016 +.Dd April 30, 2016 .Dt RC.CONF 5 .Os .Sh NAME @@ -3868,6 +3868,9 @@ The names specified in this list control instances missing from .Va jail_list must be started manually. +Note that a jail's +.Va depend +parameter in the configuration file may override this list. .It Va jail_reverse_stop .Pq Vt bool When set to Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Sat Apr 30 20:05:23 2016(r298862) +++ head/usr.sbin/jail/jail.8 Sat Apr 30 21:27:41 2016(r298863) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 25, 2016 +.Dd April 30, 2016 .Dt JAIL 8 .Os .Sh NAME @@ -838,13 +838,14 @@ Allow making changes to a jail. .It Va depend Specify a jail (or jails) that this jail depends on. -Any such jails must be fully created, up to the last +When this jail is to be created, any jail(s) it depends on must already exist. +If not, they will be created automatically, up to the completion of the last .Va exec.poststart command, before any action will taken to create this jail. When jails are removed the opposite is true: -this jail must be fully removed, up to the last +this jail will be removed, up to the last .Va exec.poststop -command, before the jail(s) it depends on are stopped. +command, before any jail(s) it depends on are stopped. .El .Sh EXAMPLES Jails are typically set up using one of two philosophies: either to ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r298683 - in head/sys: kern sys
Author: jamie Date: Wed Apr 27 02:25:21 2016 New Revision: 298683 URL: https://svnweb.freebsd.org/changeset/base/298683 Log: Delay revmoing the last jail reference in prison_proc_free, and instead put it off into the pr_task. This is similar to prison_free, and in fact uses the same task even though they do something slightly different. This resolves a LOR between the process lock and allprison_lock, which came about in r298565. PR: 48471 Modified: head/sys/kern/kern_jail.c head/sys/sys/jail.h Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Wed Apr 27 02:13:57 2016(r298682) +++ head/sys/kern/kern_jail.c Wed Apr 27 02:25:21 2016(r298683) @@ -1328,6 +1328,7 @@ kern_jail_set(struct thread *td, struct LIST_INIT(>pr_children); mtx_init(>pr_mtx, "jail mutex", NULL, MTX_DEF | MTX_DUPOK); + TASK_INIT(>pr_task, 0, prison_complete, pr); #ifdef VIMAGE /* Allocate a new vnet if specified. */ @@ -2575,16 +2576,13 @@ prison_allow(struct ucred *cred, unsigne void prison_free_locked(struct prison *pr) { + int ref; mtx_assert(>pr_mtx, MA_OWNED); - pr->pr_ref--; - if (pr->pr_ref == 0) { - mtx_unlock(>pr_mtx); - TASK_INIT(>pr_task, 0, prison_complete, pr); - taskqueue_enqueue(taskqueue_thread, >pr_task); - return; - } + ref = --pr->pr_ref; mtx_unlock(>pr_mtx); + if (ref == 0) + taskqueue_enqueue(taskqueue_thread, >pr_task); } void @@ -2595,11 +2593,17 @@ prison_free(struct prison *pr) prison_free_locked(pr); } +/* + * Complete a call to either prison_free or prison_proc_free. + */ static void prison_complete(void *context, int pending) { + struct prison *pr = context; - prison_deref((struct prison *)context, 0); + mtx_lock(>pr_mtx); + prison_deref(pr, pr->pr_uref + ? PD_DEREF | PD_DEUREF | PD_LOCKED : PD_LOCKED); } /* @@ -2618,6 +2622,9 @@ prison_deref(struct prison *pr, int flag mtx_lock(>pr_mtx); for (;;) { if (flags & PD_DEUREF) { + KASSERT(pr->pr_uref > 0, + ("prison_deref PD_DEUREF on a dead prison (jid=%d)", +pr->pr_id)); pr->pr_uref--; lasturef = pr->pr_uref == 0; if (lasturef) @@ -2625,8 +2632,12 @@ prison_deref(struct prison *pr, int flag KASSERT(prison0.pr_uref != 0, ("prison0 pr_uref=0")); } else lasturef = 0; - if (flags & PD_DEREF) + if (flags & PD_DEREF) { + KASSERT(pr->pr_ref > 0, + ("prison_deref PD_DEREF on a dead prison (jid=%d)", +pr->pr_id)); pr->pr_ref--; + } ref = pr->pr_ref; mtx_unlock(>pr_mtx); @@ -2740,7 +2751,20 @@ prison_proc_free(struct prison *pr) mtx_lock(>pr_mtx); KASSERT(pr->pr_uref > 0, ("Trying to kill a process in a dead prison (jid=%d)", pr->pr_id)); - prison_deref(pr, PD_DEUREF | PD_LOCKED); + if (pr->pr_uref > 1) + pr->pr_uref--; + else { + /* +* Don't remove the last user reference in this context, which +* is expected to be a process that is not only locked, but +* also half dead. +*/ + pr->pr_ref++; + mtx_unlock(>pr_mtx); + taskqueue_enqueue(taskqueue_thread, >pr_task); + return; + } + mtx_unlock(>pr_mtx); } Modified: head/sys/sys/jail.h == --- head/sys/sys/jail.h Wed Apr 27 02:13:57 2016(r298682) +++ head/sys/sys/jail.h Wed Apr 27 02:25:21 2016(r298683) @@ -149,7 +149,6 @@ struct prison_racct; * (p) locked by pr_mtx * (c) set only during creation before the structure is shared, no mutex * required to read - * (d) set only during destruction of jail, no mutex needed */ struct prison { TAILQ_ENTRY(prison) pr_list;/* (a) all prisons */ @@ -161,7 +160,7 @@ struct prison { LIST_ENTRY(prison) pr_sibling; /* (a) next in parent's list */ struct prison *pr_parent; /* (c) containing jail */ struct mtx pr_mtx; - struct task pr_task; /* (d) destroy task */ + struct task pr_task; /* (c) destroy task */ struct osd pr_osd;/* (p) additional data */
svn commit: r298668 - head/sys/kern
Author: jamie Date: Tue Apr 26 21:19:12 2016 New Revision: 298668 URL: https://svnweb.freebsd.org/changeset/base/298668 Log: Use crcopysafe in jail_attach. Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Tue Apr 26 21:11:52 2016(r298667) +++ head/sys/kern/kern_jail.c Tue Apr 26 21:19:12 2016(r298668) @@ -2405,7 +2405,6 @@ sys_jail_attach(struct thread *td, struc static int do_jail_attach(struct thread *td, struct prison *pr) { - struct prison *ppr; struct proc *p; struct ucred *newcred, *oldcred; int error; @@ -2433,7 +2432,6 @@ do_jail_attach(struct thread *td, struct /* * Reparent the newly attached process to this jail. */ - ppr = td->td_ucred->cr_prison; p = td->td_proc; error = cpuset_setproc_update_set(p, pr->pr_cpuset); if (error) @@ -2452,23 +2450,23 @@ do_jail_attach(struct thread *td, struct newcred = crget(); PROC_LOCK(p); - oldcred = p->p_ucred; - setsugid(p); - crcopy(newcred, oldcred); + oldcred = crcopysafe(p, newcred); newcred->cr_prison = pr; proc_set_cred(p, newcred); + setsugid(p); PROC_UNLOCK(p); #ifdef RACCT racct_proc_ucred_changed(p, oldcred, newcred); #endif + prison_deref(oldcred->cr_prison, PD_DEREF | PD_DEUREF); crfree(oldcred); - prison_deref(ppr, PD_DEREF | PD_DEUREF); return (0); + e_unlock: VOP_UNLOCK(pr->pr_root, 0); e_revert_osd: /* Tell modules this thread is still in its old jail after all. */ - (void)osd_jail_call(ppr, PR_METHOD_ATTACH, td); + (void)osd_jail_call(td->td_ucred->cr_prison, PR_METHOD_ATTACH, td); prison_deref(pr, PD_DEREF | PD_DEUREF); return (error); } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r298656 - head/sys/kern
Author: jamie Date: Tue Apr 26 18:17:44 2016 New Revision: 298656 URL: https://svnweb.freebsd.org/changeset/base/298656 Log: Redo the changes to the SYSV IPC sysctl functions from r298585, so they don't (mis)use sbufs. PR: 48471 Modified: head/sys/kern/sysv_msg.c head/sys/kern/sysv_sem.c head/sys/kern/sysv_shm.c Modified: head/sys/kern/sysv_msg.c == --- head/sys/kern/sysv_msg.cTue Apr 26 18:11:45 2016(r298655) +++ head/sys/kern/sysv_msg.cTue Apr 26 18:17:44 2016(r298656) @@ -65,7 +65,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include #include @@ -1423,38 +1422,28 @@ sys_msgrcv(td, uap) static int sysctl_msqids(SYSCTL_HANDLER_ARGS) { - struct sbuf sb; - struct msqid_kernel tmp, empty; - struct msqid_kernel *msqkptr; - struct prison *rpr; + struct msqid_kernel tmsqk; + struct prison *pr, *rpr; int error, i; - error = sysctl_wire_old_buffer(req, 0); - if (error != 0) - goto done; + pr = req->td->td_ucred->cr_prison; rpr = msg_find_prison(req->td->td_ucred); - sbuf_new_for_sysctl(, NULL, sizeof(struct msqid_kernel) * - msginfo.msgmni, req); - - bzero(, sizeof(empty)); + error = 0; for (i = 0; i < msginfo.msgmni; i++) { - msqkptr = [i]; - if (msqkptr->u.msg_qbytes == 0 || rpr == NULL || - msq_prison_cansee(rpr, msqkptr) != 0) { - msqkptr = - } else if (req->td->td_ucred->cr_prison != - msqkptr->cred->cr_prison) { - bcopy(msqkptr, , sizeof(tmp)); - msqkptr = - msqkptr->u.msg_perm.key = IPC_PRIVATE; + mtx_lock(_mtx); + if (msqids[i].u.msg_qbytes == 0 || rpr == NULL || + msq_prison_cansee(rpr, [i]) != 0) + bzero(, sizeof(tmsqk)); + else { + tmsqk = msqids[i]; + if (tmsqk.cred->cr_prison != pr) + tmsqk.u.msg_perm.key = IPC_PRIVATE; } - - sbuf_bcat(, msqkptr, sizeof(*msqkptr)); + mtx_unlock(_mtx); + error = SYSCTL_OUT(req, , sizeof(tmsqk)); + if (error != 0) + break; } - error = sbuf_finish(); - sbuf_delete(); - -done: return (error); } @@ -1470,7 +1459,8 @@ SYSCTL_INT(_kern_ipc, OID_AUTO, msgssz, "Size of a message segment"); SYSCTL_INT(_kern_ipc, OID_AUTO, msgseg, CTLFLAG_RDTUN, , 0, "Number of message segments"); -SYSCTL_PROC(_kern_ipc, OID_AUTO, msqids, CTLTYPE_OPAQUE | CTLFLAG_RD, +SYSCTL_PROC(_kern_ipc, OID_AUTO, msqids, +CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, sysctl_msqids, "", "Message queue IDs"); static int Modified: head/sys/kern/sysv_sem.c == --- head/sys/kern/sysv_sem.cTue Apr 26 18:11:45 2016(r298655) +++ head/sys/kern/sysv_sem.cTue Apr 26 18:17:44 2016(r298656) @@ -52,7 +52,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include #include @@ -220,7 +219,8 @@ SYSCTL_INT(_kern_ipc, OID_AUTO, semvmx, "Semaphore maximum value"); SYSCTL_INT(_kern_ipc, OID_AUTO, semaem, CTLFLAG_RWTUN, , 0, "Adjust on exit max value"); -SYSCTL_PROC(_kern_ipc, OID_AUTO, sema, CTLTYPE_OPAQUE | CTLFLAG_RD, +SYSCTL_PROC(_kern_ipc, OID_AUTO, sema, +CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, sysctl_sema, "", "Semaphore id pool"); static struct syscall_helper_data sem_syscalls[] = { @@ -1465,38 +1465,28 @@ semexit_myhook(void *arg, struct proc *p static int sysctl_sema(SYSCTL_HANDLER_ARGS) { - struct prison *rpr; - struct sbuf sb; - struct semid_kernel tmp, empty; - struct semid_kernel *semakptr; + struct prison *pr, *rpr; + struct semid_kernel tsemak; int error, i; - error = sysctl_wire_old_buffer(req, 0); - if (error != 0) - goto done; + pr = req->td->td_ucred->cr_prison; rpr = sem_find_prison(req->td->td_ucred); - sbuf_new_for_sysctl(, NULL, sizeof(struct semid_kernel) * - seminfo.semmni, req); - - bzero(, sizeof(empty)); + error = 0; for (i = 0; i < seminfo.semmni; i++) { - semakptr = [i]; - if ((semakptr->u.sem_perm.mode & SEM_ALLOC) == 0 || - rpr == NULL || sem_prison_cansee(rpr, semakptr) != 0) { - semakptr = - } else if (req->td->td_ucred->cr_prison != - semakptr->cred->cr_prison) { - bcopy(semakptr, , sizeof(tmp)); -
svn commit: r298597 - head/sys/kern
Author: jamie Date: Mon Apr 25 22:30:10 2016 New Revision: 298597 URL: https://svnweb.freebsd.org/changeset/base/298597 Log: Fix the logic in r298585: shm_prison_cansee returns an errno, so is the opposite of a boolean. PR: 48471 Modified: head/sys/kern/sysv_shm.c Modified: head/sys/kern/sysv_shm.c == --- head/sys/kern/sysv_shm.cMon Apr 25 22:25:57 2016(r298596) +++ head/sys/kern/sysv_shm.cMon Apr 25 22:30:10 2016(r298597) @@ -230,7 +230,7 @@ shm_find_segment(struct prison *rpr, int (!shm_allow_removed && (shmseg->u.shm_perm.mode & SHMSEG_REMOVED) != 0) || (is_shmid && shmseg->u.shm_perm.seq != IPCID_TO_SEQ(arg)) || - !shm_prison_cansee(rpr, shmseg)) + shm_prison_cansee(rpr, shmseg) != 0) return (NULL); return (shmseg); } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r298585 - in head: sys/kern usr.sbin/jail
Author: jamie Date: Mon Apr 25 17:06:50 2016 New Revision: 298585 URL: https://svnweb.freebsd.org/changeset/base/298585 Log: Encapsulate SYSV IPC objects in jails. Define per-module parameters sysvmsg, sysvsem, and sysvshm, with the following bahavior: inherit: allow full access to the IPC primitives. This is the same as the current setup with allow.sysvipc is on. Jails and the base system can see (and moduly) each other's objects, which is generally considered a bad thing (though may be useful in some circumstances). disable: all no access, same as the current setup with allow.sysvipc off. new: A jail may see use the IPC objects that it has created. It also gets its own IPC key namespace, so different jails may have their own objects using the same key value. The parent jail (or base system) can see the jail's IPC objects, but not its keys. PR: 48471 Submitted by: based on work by kikucha...@gmail.com MFC after:5 days Modified: head/sys/kern/sysv_msg.c head/sys/kern/sysv_sem.c head/sys/kern/sysv_shm.c head/usr.sbin/jail/jail.8 Modified: head/sys/kern/sysv_msg.c == --- head/sys/kern/sysv_msg.cMon Apr 25 17:01:13 2016(r298584) +++ head/sys/kern/sysv_msg.cMon Apr 25 17:06:50 2016(r298585) @@ -62,8 +62,11 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include +#include +#include #include #include #include @@ -80,6 +83,14 @@ static MALLOC_DEFINE(M_MSG, "msg", "SVID static int msginit(void); static int msgunload(void); static int sysvmsg_modload(struct module *, int, void *); +static void msq_remove(struct msqid_kernel *); +static struct prison *msg_find_prison(struct ucred *); +static int msq_prison_cansee(struct prison *, struct msqid_kernel *); +static int msg_prison_check(void *, void *); +static int msg_prison_set(void *, void *); +static int msg_prison_get(void *, void *); +static int msg_prison_remove(void *, void *); +static void msg_prison_cleanup(struct prison *); #ifdef MSG_DEBUG @@ -155,6 +166,7 @@ static struct msgmap *msgmaps; /* MSGSEG static struct msg *msghdrs;/* MSGTQL msg headers */ static struct msqid_kernel *msqids;/* MSGMNI msqid_kernel struct's */ static struct mtx msq_mtx; /* global mutex for message queues. */ +static unsigned msg_prison_slot;/* prison OSD slot */ static struct syscall_helper_data msg_syscalls[] = { SYSCALL_INIT_HELPER(msgctl), @@ -194,7 +206,15 @@ static struct syscall_helper_data msg32_ static int msginit() { + struct prison *pr; + void *rsv; int i, error; + osd_method_t methods[PR_MAXMETHOD] = { + [PR_METHOD_CHECK] = msg_prison_check, + [PR_METHOD_SET] = msg_prison_set, + [PR_METHOD_GET] = msg_prison_get, + [PR_METHOD_REMOVE] =msg_prison_remove, + }; msginfo.msgmax = msginfo.msgseg * msginfo.msgssz; msgpool = malloc(msginfo.msgmax, M_MSG, M_WAITOK); @@ -252,6 +272,29 @@ msginit() } mtx_init(_mtx, "msq", NULL, MTX_DEF); + /* Set current prisons according to their allow.sysvipc. */ + msg_prison_slot = osd_jail_register(NULL, methods); + rsv = osd_reserve(msg_prison_slot); + prison_lock(); + (void)osd_jail_set_reserved(, msg_prison_slot, rsv, ); + prison_unlock(); + rsv = NULL; + sx_slock(_lock); + TAILQ_FOREACH(pr, , pr_list) { + if (rsv == NULL) + rsv = osd_reserve(msg_prison_slot); + prison_lock(pr); + if ((pr->pr_allow & PR_ALLOW_SYSVIPC) && pr->pr_ref > 0) { + (void)osd_jail_set_reserved(pr, msg_prison_slot, rsv, + ); + rsv = NULL; + } + prison_unlock(pr); + } + if (rsv != NULL) + osd_free_reserved(rsv); + sx_sunlock(_lock); + error = syscall_helper_register(msg_syscalls, SY_THR_STATIC_KLD); if (error != 0) return (error); @@ -292,6 +335,8 @@ msgunload() if (msqid != msginfo.msgmni) return (EBUSY); + if (msg_prison_slot != 0) + osd_jail_deregister(msg_prison_slot); #ifdef MAC for (i = 0; i < msginfo.msgtql; i++) mac_sysvmsg_destroy([i]); @@ -366,6 +411,67 @@ msg_freehdr(msghdr) #endif } +static void +msq_remove(struct msqid_kernel *msqkptr) +{ + struct msg *msghdr; + + racct_sub_cred(msqkptr->cred, RACCT_NMSGQ, 1); + racct_sub_cred(msqkptr->cred, RACCT_MSGQQUEUED, msqkptr->u.msg_qnum); + racct_sub_cred(msqkptr->cred, RACCT_MSGQSIZE, msqkptr->u.msg_cbytes); + crfree(msqkptr->cred); + msqkptr->cred = NULL; + + /* Free the message headers */ + msghdr = msqkptr->u.msg_first; +
svn commit: r298584 - head/usr.sbin/jail
Author: jamie Date: Mon Apr 25 17:01:13 2016 New Revision: 298584 URL: https://svnweb.freebsd.org/changeset/base/298584 Log: Note the existence of module-specific jail paramters, starting with the linux.* parameters when linux emulation is loaded. MFC after:5 days Modified: head/usr.sbin/jail/jail.8 Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Mon Apr 25 16:53:13 2016(r298583) +++ head/usr.sbin/jail/jail.8 Mon Apr 25 17:01:13 2016(r298584) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 20, 2015 +.Dd April 25, 2016 .Dt JAIL 8 .Os .Sh NAME @@ -610,6 +610,32 @@ have not had jail functionality added to .El .El .Pp +Kernel modules may add their own parameters, which only exist when the +module is loaded. +These are typically headed under a parameter named after the module, +with values of +.Dq inherit +to give the jail full use of the module, +.Dq new +to encapsulate the jail in some module-specific way, +and +.Dq disable +to make the module unavailable to the jail. +There also may be other parameters to define jail behavior within the module. +Module-specific parameters include: +.Bl -tag -width indent +.It Va linux +Determine how a jail's Linux emulation environment appears. +A value of +.Dq inherit +will keep the same environment, and +.Dq new +will give the jail it's own environment (still originally inherited when +the jail is created). +.It Va linux.osname , linux.osrelease , linux.oss_version +The Linux OS name, OS release, and OSS version associated with this jail. +.El +.Pp There are pseudo-parameters that are not passed to the kernel, but are used by .Nm ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r298573 - head/sys/compat/linux
Author: jamie Date: Mon Apr 25 06:08:45 2016 New Revision: 298573 URL: https://svnweb.freebsd.org/changeset/base/298573 Log: linux_map_osrel doesn't need to be checked in linux_prison_set, since it already was in linux_prison_check. Modified: head/sys/compat/linux/linux_mib.c Modified: head/sys/compat/linux/linux_mib.c == --- head/sys/compat/linux/linux_mib.c Mon Apr 25 05:58:32 2016 (r298572) +++ head/sys/compat/linux/linux_mib.c Mon Apr 25 06:08:45 2016 (r298573) @@ -153,7 +153,8 @@ linux_map_osrel(char *osrelease, int *os if (v < 100) return (EINVAL); - *osrel = v; + if (osrel != NULL) + *osrel = v; return (0); } @@ -249,7 +250,7 @@ linux_prison_check(void *obj __unused, v { struct vfsoptlist *opts = data; char *osname, *osrelease; - int error, jsys, len, osrel, oss_version; + int error, jsys, len, oss_version; /* Check that the parameters are correct. */ error = vfs_copyopt(opts, "linux", , sizeof(jsys)); @@ -280,7 +281,7 @@ linux_prison_check(void *obj __unused, v vfs_opterror(opts, "linux.osrelease too long"); return (ENAMETOOLONG); } - error = linux_map_osrel(osrelease, ); + error = linux_map_osrel(osrelease, NULL); if (error != 0) { vfs_opterror(opts, "linux.osrelease format error"); return (error); @@ -339,11 +340,7 @@ linux_prison_set(void *obj, void *data) */ linux_alloc_prison(pr, ); if (osrelease) { - error = linux_map_osrel(osrelease, >pr_osrel); - if (error) { - mtx_unlock(>pr_mtx); - return (error); - } + (void)linux_map_osrel(osrelease, >pr_osrel); strlcpy(lpr->pr_osrelease, osrelease, LINUX_MAX_UTSNAME); } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r298567 - head/sys/kern
Author: jamie Date: Mon Apr 25 04:36:54 2016 New Revision: 298567 URL: https://svnweb.freebsd.org/changeset/base/298567 Log: Use the new PR_METHOD_REMOVE to clean up jail handling in POSIX message queues. Modified: head/sys/kern/uipc_mqueue.c Modified: head/sys/kern/uipc_mqueue.c == --- head/sys/kern/uipc_mqueue.c Mon Apr 25 04:27:58 2016(r298566) +++ head/sys/kern/uipc_mqueue.c Mon Apr 25 04:36:54 2016(r298567) @@ -154,11 +154,6 @@ struct mqfs_node { #defineFPTOMQ(fp) ((struct mqueue *)(((struct mqfs_node *) \ (fp)->f_data)->mn_data)) -struct mqfs_osd { - struct task mo_task; - const void *mo_pr_root; -}; - TAILQ_HEAD(msgq, mqueue_msg); struct mqueue; @@ -244,9 +239,7 @@ static int mqfs_destroy(struct mqfs_node static voidmqfs_fileno_alloc(struct mqfs_info *mi, struct mqfs_node *mn); static voidmqfs_fileno_free(struct mqfs_info *mi, struct mqfs_node *mn); static int mqfs_allocv(struct mount *mp, struct vnode **vpp, struct mqfs_node *pn); -static int mqfs_prison_create(void *obj, void *data); -static voidmqfs_prison_destructor(void *data); -static voidmqfs_prison_remove_task(void *context, int pending); +static int mqfs_prison_remove(void *obj, void *data); /* * Message queue construction and maniplation @@ -656,9 +649,8 @@ mqfs_init(struct vfsconf *vfc) { struct mqfs_node *root; struct mqfs_info *mi; - struct prison *pr; osd_method_t methods[PR_MAXMETHOD] = { - [PR_METHOD_CREATE] = mqfs_prison_create, + [PR_METHOD_REMOVE] = mqfs_prison_remove, }; mqnode_zone = uma_zcreate("mqnode", sizeof(struct mqfs_node), @@ -686,13 +678,7 @@ mqfs_init(struct vfsconf *vfc) EVENTHANDLER_PRI_ANY); mq_fdclose = mqueue_fdclose; p31b_setcfg(CTL_P1003_1B_MESSAGE_PASSING, _POSIX_MESSAGE_PASSING); - - /* Note current jails. */ - mqfs_osd_jail_slot = osd_jail_register(mqfs_prison_destructor, methods); - sx_slock(_lock); - TAILQ_FOREACH(pr, , pr_list) - (void)mqfs_prison_create(pr, NULL); - sx_sunlock(_lock); + mqfs_osd_jail_slot = osd_jail_register(NULL, methods); return (0); } @@ -702,14 +688,11 @@ mqfs_init(struct vfsconf *vfc) static int mqfs_uninit(struct vfsconf *vfc) { - unsigned slot; struct mqfs_info *mi; if (!unloadable) return (EOPNOTSUPP); - slot = mqfs_osd_jail_slot; - mqfs_osd_jail_slot = 0; - osd_jail_deregister(slot); + osd_jail_deregister(mqfs_osd_jail_slot); EVENTHANDLER_DEREGISTER(process_exit, exit_tag); mi = _data; mqfs_destroy(mi->mi_root); @@ -1563,64 +1546,22 @@ mqfs_rmdir(struct vop_rmdir_args *ap) #endif /* notyet */ - /* - * Set a destructor task with the prison's root + * See if this prison root is obsolete, and clean up associated queues if it is. */ static int -mqfs_prison_create(void *obj, void *data __unused) -{ - struct prison *pr = obj; - struct mqfs_osd *mo; - void *rsv; - - if (pr->pr_root == pr->pr_parent->pr_root) - return(0); - - mo = malloc(sizeof(struct mqfs_osd), M_PRISON, M_WAITOK); - rsv = osd_reserve(mqfs_osd_jail_slot); - TASK_INIT(>mo_task, 0, mqfs_prison_remove_task, mo); - mtx_lock(>pr_mtx); - mo->mo_pr_root = pr->pr_root; - (void)osd_jail_set_reserved(pr, mqfs_osd_jail_slot, rsv, mo); - mtx_unlock(>pr_mtx); - return (0); -} - -/* - * Queue the task for after jail/OSD locks are released - */ -static void -mqfs_prison_destructor(void *data) -{ - struct mqfs_osd *mo = data; - - if (mqfs_osd_jail_slot != 0) - taskqueue_enqueue(taskqueue_thread, >mo_task); - else - free(mo, M_PRISON); -} - -/* - * See if this prison root is obsolete, and clean up associated queues if it is - */ -static void -mqfs_prison_remove_task(void *context, int pending) +mqfs_prison_remove(void *obj, void *data __unused) { - struct mqfs_osd *mo = context; + const struct prison *pr = obj; + const struct prison *tpr; struct mqfs_node *pn, *tpn; - const struct prison *pr; - const void *pr_root; int found; - pr_root = mo->mo_pr_root; found = 0; - sx_slock(_lock); - TAILQ_FOREACH(pr, , pr_list) { - if (pr->pr_root == pr_root) + TAILQ_FOREACH(tpr, , pr_list) { + if (tpr->pr_root == pr->pr_root && tpr != pr && tpr->pr_ref > 0) found = 1; } - sx_sunlock(_lock); if (!found) { /* * No jails are rooted in this directory anymore, @@ -1629,15 +1570,14 @@ mqfs_prison_remove_task(void *context, i sx_xlock(_data.mi_lock);
svn commit: r298566 - head/sys/kern
Author: jamie Date: Mon Apr 25 04:27:58 2016 New Revision: 298566 URL: https://svnweb.freebsd.org/changeset/base/298566 Log: Pass the current/new jail to PR_METHOD_CHECK, which pushes the call until after the jail is found or created. This requires unlocking the jail for the call and re-locking it afterward, but that works because nothing in the jail has been changed yet, and other processes won't change the important fields as long as allprison_lock remains held. Keep better track of name vs namelc in kern_jail_set. Name should always be the hierarchical name (relative to the caller), and namelc the last component. PR: 48471 MFC after:5 days Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Mon Apr 25 04:24:00 2016(r298565) +++ head/sys/kern/kern_jail.c Mon Apr 25 04:27:58 2016(r298566) @@ -555,7 +555,7 @@ kern_jail_set(struct thread *td, struct void *op; #endif unsigned long hid; - size_t namelen, onamelen; + size_t namelen, onamelen, pnamelen; int born, created, cuflags, descend, enforce; int error, errmsg_len, errmsg_pos; int gotchildmax, gotenforce, gothid, gotrsnum, gotslevel; @@ -580,7 +580,7 @@ kern_jail_set(struct thread *td, struct error = priv_check(td, PRIV_JAIL_ATTACH); if (error) return (error); - mypr = ppr = td->td_ucred->cr_prison; + mypr = td->td_ucred->cr_prison; if ((flags & JAIL_CREATE) && mypr->pr_childmax == 0) return (EPERM); if (flags & ~JAIL_SET_MASK) @@ -607,6 +607,13 @@ kern_jail_set(struct thread *td, struct #endif g_path = NULL; + cuflags = flags & (JAIL_CREATE | JAIL_UPDATE); + if (!cuflags) { + error = EINVAL; + vfs_opterror(opts, "no valid operation (create or update)"); + goto done_errmsg; + } + error = vfs_copyopt(opts, "jid", , sizeof(jid)); if (error == ENOENT) jid = 0; @@ -1009,42 +1016,18 @@ kern_jail_set(struct thread *td, struct } /* -* Grab the allprison lock before letting modules check their -* parameters. Once we have it, do not let go so we'll have a -* consistent view of the OSD list. -*/ - sx_xlock(_lock); - error = osd_jail_call(NULL, PR_METHOD_CHECK, opts); - if (error) - goto done_unlock_list; - - /* By now, all parameters should have been noted. */ - TAILQ_FOREACH(opt, opts, link) { - if (!opt->seen && strcmp(opt->name, "errmsg")) { - error = EINVAL; - vfs_opterror(opts, "unknown parameter: %s", opt->name); - goto done_unlock_list; - } - } - - /* -* See if we are creating a new record or updating an existing one. +* Find the specified jail, or at least its parent. * This abuses the file error codes ENOENT and EEXIST. */ - cuflags = flags & (JAIL_CREATE | JAIL_UPDATE); - if (!cuflags) { - error = EINVAL; - vfs_opterror(opts, "no valid operation (create or update)"); - goto done_unlock_list; - } pr = NULL; - namelc = NULL; + ppr = mypr; if (cuflags == JAIL_CREATE && jid == 0 && name != NULL) { namelc = strrchr(name, '.'); jid = strtoul(namelc != NULL ? namelc + 1 : name, , 10); if (*p != '\0') jid = 0; } + sx_xlock(_lock); if (jid != 0) { /* * See if a requested jid already exists. There is an @@ -1110,6 +1093,7 @@ kern_jail_set(struct thread *td, struct * and updates keyed by the name itself (where the name must exist * because that is the jail being updated). */ + namelc = NULL; if (name != NULL) { namelc = strrchr(name, '.'); if (namelc == NULL) @@ -1120,7 +1104,6 @@ kern_jail_set(struct thread *td, struct * parent and child names, and make sure the parent * exists or matches an already found jail. */ - *namelc = '\0'; if (pr != NULL) { if (strncmp(name, ppr->pr_name, namelc - name) || ppr->pr_name[namelc - name] != '\0') { @@ -1131,6 +1114,7 @@ kern_jail_set(struct thread *td, struct goto done_unlock_list; } } else { + *namelc = '\0'; ppr =
svn commit: r298565 - in head/sys: kern sys
Author: jamie Date: Mon Apr 25 04:24:00 2016 New Revision: 298565 URL: https://svnweb.freebsd.org/changeset/base/298565 Log: Add a new jail OSD method, PR_METHOD_REMOVE. It's called when a jail is removed from the user perspective, i.e. when the last pr_uref goes away, even though the jail mail still exist in the dying state. It will also be called if either PR_METHOD_CREATE or PR_METHOD_SET fail. PR: 48471 MFC after: 5 days Modified: head/sys/kern/kern_jail.c head/sys/sys/jail.h Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Mon Apr 25 03:58:08 2016(r298564) +++ head/sys/kern/kern_jail.c Mon Apr 25 04:24:00 2016(r298565) @@ -556,7 +556,8 @@ kern_jail_set(struct thread *td, struct #endif unsigned long hid; size_t namelen, onamelen; - int created, cuflags, descend, enforce, error, errmsg_len, errmsg_pos; + int born, created, cuflags, descend, enforce; + int error, errmsg_len, errmsg_pos; int gotchildmax, gotenforce, gothid, gotrsnum, gotslevel; int fi, jid, jsys, len, level; int childmax, osreldt, rsnum, slevel; @@ -1767,6 +1768,7 @@ kern_jail_set(struct thread *td, struct * for now, so new ones will remain unseen until after the module * handlers have completed. */ + born = pr->pr_uref == 0; if (!created && (ch_flags & PR_PERSIST & (pr_flags ^ pr->pr_flags))) { if (pr_flags & PR_PERSIST) { pr->pr_ref++; @@ -1836,15 +1838,20 @@ kern_jail_set(struct thread *td, struct /* Let the modules do their work. */ sx_downgrade(_lock); - if (created) { + if (born) { error = osd_jail_call(pr, PR_METHOD_CREATE, opts); if (error) { - prison_deref(pr, PD_LIST_SLOCKED); + (void)osd_jail_call(pr, PR_METHOD_REMOVE, NULL); + prison_deref(pr, created + ? PD_LIST_SLOCKED + : PD_DEREF | PD_LIST_SLOCKED); goto done_errmsg; } } error = osd_jail_call(pr, PR_METHOD_SET, opts); if (error) { + if (born) + (void)osd_jail_call(pr, PR_METHOD_REMOVE, NULL); prison_deref(pr, created ? PD_LIST_SLOCKED : PD_DEREF | PD_LIST_SLOCKED); @@ -1896,7 +1903,7 @@ kern_jail_set(struct thread *td, struct sx_sunlock(_lock); } - goto done_errmsg; + goto done_free; done_deref_locked: prison_deref(pr, created @@ -2596,19 +2603,46 @@ static void prison_deref(struct prison *pr, int flags) { struct prison *ppr, *tpr; + int ref, lasturef; if (!(flags & PD_LOCKED)) mtx_lock(>pr_mtx); for (;;) { if (flags & PD_DEUREF) { pr->pr_uref--; + lasturef = pr->pr_uref == 0; + if (lasturef) + pr->pr_ref++; KASSERT(prison0.pr_uref != 0, ("prison0 pr_uref=0")); - } + } else + lasturef = 0; if (flags & PD_DEREF) pr->pr_ref--; - /* If the prison still has references, nothing else to do. */ - if (pr->pr_ref > 0) { + ref = pr->pr_ref; + mtx_unlock(>pr_mtx); + + /* +* Tell the modules if the last user reference was removed +* (even it sticks around in dying state). +*/ + if (lasturef) { + if (!(flags & (PD_LIST_SLOCKED | PD_LIST_XLOCKED))) { + if (ref > 1) { + sx_slock(_lock); + flags |= PD_LIST_SLOCKED; + } else { + sx_xlock(_lock); + flags |= PD_LIST_XLOCKED; + } + } + (void)osd_jail_call(pr, PR_METHOD_REMOVE, NULL); + mtx_lock(>pr_mtx); + ref = --pr->pr_ref; mtx_unlock(>pr_mtx); + } + + /* If the prison still has references, nothing else to do. */ + if (ref > 0) { if (flags & PD_LIST_SLOCKED) sx_sunlock(_lock); else if (flags & PD_LIST_XLOCKED) @@ -2616,7 +2650,6 @@ prison_deref(struct prison *pr, int flag return; } - mtx_unlock(>pr_mtx);
svn commit: r298564 - in head/sys: kern sys
Author: jamie Date: Mon Apr 25 03:58:08 2016 New Revision: 298564 URL: https://svnweb.freebsd.org/changeset/base/298564 Log: Remove the PR_REMOVE flag, which was meant as a temporary marker for a jail that might be seen mid-removal. It hasn't been doing the right thing since at least the ability to resurrect dying jails, and such resurrection also makes it unnecessary. Modified: head/sys/kern/kern_jail.c head/sys/sys/jail.h Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Mon Apr 25 03:48:28 2016(r298563) +++ head/sys/kern/kern_jail.c Mon Apr 25 03:58:08 2016(r298564) @@ -1222,7 +1222,7 @@ kern_jail_set(struct thread *td, struct } created = 1; mtx_lock(>pr_mtx); - if (ppr->pr_ref == 0 || (ppr->pr_flags & PR_REMOVE)) { + if (ppr->pr_ref == 0) { mtx_unlock(>pr_mtx); error = ENOENT; vfs_opterror(opts, "parent jail went away!"); @@ -2273,7 +2273,6 @@ sys_jail_remove(struct thread *td, struc /* Remove all descendants of this prison, then remove this prison. */ pr->pr_ref++; - pr->pr_flags |= PR_REMOVE; if (!LIST_EMPTY(>pr_children)) { mtx_unlock(>pr_mtx); lpr = NULL; @@ -2282,7 +2281,6 @@ sys_jail_remove(struct thread *td, struc if (cpr->pr_ref > 0) { tpr = cpr; cpr->pr_ref++; - cpr->pr_flags |= PR_REMOVE; } else { /* Already removed - do not do it again. */ tpr = NULL; Modified: head/sys/sys/jail.h == --- head/sys/sys/jail.h Mon Apr 25 03:48:28 2016(r298563) +++ head/sys/sys/jail.h Mon Apr 25 03:58:08 2016(r298564) @@ -210,7 +210,6 @@ struct prison_racct { /* primary jail address. */ /* Internal flag bits */ -#definePR_REMOVE 0x0100 /* In process of being removed */ #definePR_IP4 0x0200 /* IPv4 restricted or disabled */ /* by this jail or an ancestor */ #definePR_IP6 0x0400 /* IPv6 restricted or disabled */ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r298562 - head/usr.sbin/jail
Author: jamie Date: Mon Apr 25 03:24:48 2016 New Revision: 298562 URL: https://svnweb.freebsd.org/changeset/base/298562 Log: Make jail(8) interpret escape codes in fstab the same as getfsent(3). PR: 208663 MFC after:3 days Modified: head/usr.sbin/jail/command.c Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cMon Apr 25 03:14:55 2016 (r298561) +++ head/usr.sbin/jail/command.cMon Apr 25 03:24:48 2016 (r298562) @@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include "jailp.h" @@ -444,8 +445,14 @@ run_command(struct cfjail *j) strcpy(comcs, comstring->s); argc = 0; for (cs = strtok(comcs, " \t\f\v\r\n"); cs && argc < 4; -cs = strtok(NULL, " \t\f\v\r\n")) +cs = strtok(NULL, " \t\f\v\r\n")) { + if (argc <= 1 && strunvis(cs, cs) < 0) { + jail_warnx(j, "%s: %s: fstab parse error", + j->intparams[comparam]->name, comstring->s); + return -1; + } argv[argc++] = cs; + } if (argc == 0) return 0; if (argc < 3) { ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r298516 - head/etc/rc.d
Author: jamie Date: Sat Apr 23 16:23:01 2016 New Revision: 298516 URL: https://svnweb.freebsd.org/changeset/base/298516 Log: Don't remove the /var/run/jail_name.id file if a jail fails to start. This messes up ezjail (and possibly others), when attempting to start a jail that already exists. PR: 208806 Reviewed by: tj MFC after:5 days Modified: head/etc/rc.d/jail Modified: head/etc/rc.d/jail == --- head/etc/rc.d/jail Sat Apr 23 16:19:34 2016(r298515) +++ head/etc/rc.d/jail Sat Apr 23 16:23:01 2016(r298516) @@ -489,7 +489,6 @@ jail_start() if _jid=$($jail_jls -j $_j jid); then echo "$_jid" > /var/run/jail_${_j}.id else - rm -f /var/run/jail_${_j}.id echo " cannot start jail " \ "\"${_hostname:-${_j}}\": " fi @@ -513,7 +512,6 @@ jail_start() _jid=$($jail_jls -j $_j jid) echo $_jid > /var/run/jail_${_j}.id else - rm -f /var/run/jail_${_j}.id echo " cannot start jail " \ "\"${_hostname:-${_j}}\": " cat $_tmp ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r297976 - head/sys/kern
Author: jamie Date: Thu Apr 14 17:07:26 2016 New Revision: 297976 URL: https://svnweb.freebsd.org/changeset/base/297976 Log: Clean up some style(9) violations. Modified: head/sys/kern/uipc_mqueue.c head/sys/kern/uipc_sem.c head/sys/kern/uipc_shm.c Modified: head/sys/kern/uipc_mqueue.c == --- head/sys/kern/uipc_mqueue.c Thu Apr 14 17:06:37 2016(r297975) +++ head/sys/kern/uipc_mqueue.c Thu Apr 14 17:07:26 2016(r297976) @@ -686,7 +686,8 @@ mqfs_init(struct vfsconf *vfc) EVENTHANDLER_PRI_ANY); mq_fdclose = mqueue_fdclose; p31b_setcfg(CTL_P1003_1B_MESSAGE_PASSING, _POSIX_MESSAGE_PASSING); - /* Note current jails */ + + /* Note current jails. */ mqfs_osd_jail_slot = osd_jail_register(mqfs_prison_destructor, methods); sx_slock(_lock); TAILQ_FOREACH(pr, , pr_list) @@ -1423,6 +1424,7 @@ mqfs_readdir(struct vop_readdir_args *ap LIST_FOREACH(pn, >mn_children, mn_sibling) { entry.d_reclen = sizeof(entry); + /* * Only show names within the same prison root directory * (or not associated with a prison, e.g. "." and ".."). Modified: head/sys/kern/uipc_sem.c == --- head/sys/kern/uipc_sem.cThu Apr 14 17:06:37 2016(r297975) +++ head/sys/kern/uipc_sem.cThu Apr 14 17:07:26 2016(r297976) @@ -271,13 +271,11 @@ ksem_fill_kinfo(struct file *fp, struct mtx_unlock(_lock); if (ks->ks_path != NULL) { sx_slock(_dict_lock); - if (ks->ks_path != NULL) - { + if (ks->ks_path != NULL) { path = ks->ks_path; pr_path = curthread->td_ucred->cr_prison->pr_path; - if (strcmp(pr_path, "/") != 0) - { - /* Return the jail-rooted pathname */ + if (strcmp(pr_path, "/") != 0) { + /* Return the jail-rooted pathname. */ pr_pathlen = strlen(pr_path); if (strncmp(path, pr_path, pr_pathlen) == 0 && path[pr_pathlen] == '/') @@ -503,7 +501,8 @@ ksem_create(struct thread *td, const cha } else { path = malloc(MAXPATHLEN, M_KSEM, M_WAITOK); pr_path = td->td_ucred->cr_prison->pr_path; - /* Construct a full pathname for jailed callers */ + + /* Construct a full pathname for jailed callers. */ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0 : strlcpy(path, pr_path, MAXPATHLEN); error = copyinstr(name, path + pr_pathlen, Modified: head/sys/kern/uipc_shm.c == --- head/sys/kern/uipc_shm.cThu Apr 14 17:06:37 2016(r297975) +++ head/sys/kern/uipc_shm.cThu Apr 14 17:07:26 2016(r297976) @@ -727,7 +727,8 @@ kern_shm_open(struct thread *td, const c } else { path = malloc(MAXPATHLEN, M_SHMFD, M_WAITOK); pr_path = td->td_ucred->cr_prison->pr_path; - /* Construct a full pathname for jailed callers */ + + /* Construct a full pathname for jailed callers. */ pr_pathlen = strcmp(pr_path, "/") == 0 ? 0 : strlcpy(path, pr_path, MAXPATHLEN); error = copyinstr(userpath, path + pr_pathlen, @@ -1087,13 +1088,11 @@ shm_fill_kinfo(struct file *fp, struct k kif->kf_un.kf_file.kf_file_size = shmfd->shm_size; if (shmfd->shm_path != NULL) { sx_slock(_dict_lock); - if (shmfd->shm_path != NULL) - { + if (shmfd->shm_path != NULL) { path = shmfd->shm_path; pr_path = curthread->td_ucred->cr_prison->pr_path; - if (strcmp(pr_path, "/") != 0) - { - /* Return the jail-rooted pathname */ + if (strcmp(pr_path, "/") != 0) { + /* Return the jail-rooted pathname. */ pr_pathlen = strlen(pr_path); if (strncmp(path, pr_path, pr_pathlen) == 0 && path[pr_pathlen] == '/') ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r297936 - head/sys/kern
Author: jamie Date: Wed Apr 13 20:15:49 2016 New Revision: 297936 URL: https://svnweb.freebsd.org/changeset/base/297936 Log: Separate POSIX mqueue objects in jails; actually, separate them by the jail's root, so jails that don't have their own filesystem directory also won't have their own mqueue namespace. PR: 208082 Modified: head/sys/kern/uipc_mqueue.c Modified: head/sys/kern/uipc_mqueue.c == --- head/sys/kern/uipc_mqueue.c Wed Apr 13 20:14:13 2016(r297935) +++ head/sys/kern/uipc_mqueue.c Wed Apr 13 20:15:49 2016(r297936) @@ -52,6 +52,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -60,8 +61,8 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include -#include #include #include #include @@ -132,6 +133,7 @@ struct mqfs_node { LIST_HEAD(,mqfs_node) mn_children; LIST_ENTRY(mqfs_node) mn_sibling; LIST_HEAD(,mqfs_vdata) mn_vnodes; + const void *mn_pr_root; int mn_refcount; mqfs_type_t mn_type; int mn_deleted; @@ -152,6 +154,11 @@ struct mqfs_node { #defineFPTOMQ(fp) ((struct mqueue *)(((struct mqfs_node *) \ (fp)->f_data)->mn_data)) +struct mqfs_osd { + struct task mo_task; + const void *mo_pr_root; +}; + TAILQ_HEAD(msgq, mqueue_msg); struct mqueue; @@ -219,6 +226,7 @@ static uma_zone_t mvdata_zone; static uma_zone_t mqnoti_zone; static struct vop_vector mqfs_vnodeops; static struct fileops mqueueops; +static unsignedmqfs_osd_jail_slot; /* * Directory structure construction and manipulation @@ -236,6 +244,9 @@ static int mqfs_destroy(struct mqfs_node static voidmqfs_fileno_alloc(struct mqfs_info *mi, struct mqfs_node *mn); static voidmqfs_fileno_free(struct mqfs_info *mi, struct mqfs_node *mn); static int mqfs_allocv(struct mount *mp, struct vnode **vpp, struct mqfs_node *pn); +static int mqfs_prison_create(void *obj, void *data); +static voidmqfs_prison_destructor(void *data); +static voidmqfs_prison_remove_task(void *context, int pending); /* * Message queue construction and maniplation @@ -436,6 +447,7 @@ mqfs_create_node(const char *name, int n node = mqnode_alloc(); strncpy(node->mn_name, name, namelen); + node->mn_pr_root = cred->cr_prison->pr_root; node->mn_type = nodetype; node->mn_refcount = 1; vfs_timestamp(>mn_birth); @@ -644,6 +656,10 @@ mqfs_init(struct vfsconf *vfc) { struct mqfs_node *root; struct mqfs_info *mi; + struct prison *pr; + osd_method_t methods[PR_MAXMETHOD] = { + [PR_METHOD_CREATE] = mqfs_prison_create, + }; mqnode_zone = uma_zcreate("mqnode", sizeof(struct mqfs_node), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0); @@ -670,6 +686,12 @@ mqfs_init(struct vfsconf *vfc) EVENTHANDLER_PRI_ANY); mq_fdclose = mqueue_fdclose; p31b_setcfg(CTL_P1003_1B_MESSAGE_PASSING, _POSIX_MESSAGE_PASSING); + /* Note current jails */ + mqfs_osd_jail_slot = osd_jail_register(mqfs_prison_destructor, methods); + sx_slock(_lock); + TAILQ_FOREACH(pr, , pr_list) + (void)mqfs_prison_create(pr, NULL); + sx_sunlock(_lock); return (0); } @@ -679,10 +701,14 @@ mqfs_init(struct vfsconf *vfc) static int mqfs_uninit(struct vfsconf *vfc) { + unsigned slot; struct mqfs_info *mi; if (!unloadable) return (EOPNOTSUPP); + slot = mqfs_osd_jail_slot; + mqfs_osd_jail_slot = 0; + osd_jail_deregister(slot); EVENTHANDLER_DEREGISTER(process_exit, exit_tag); mi = _data; mqfs_destroy(mi->mi_root); @@ -800,13 +826,17 @@ found: * Search a directory entry */ static struct mqfs_node * -mqfs_search(struct mqfs_node *pd, const char *name, int len) +mqfs_search(struct mqfs_node *pd, const char *name, int len, struct ucred *cred) { struct mqfs_node *pn; + const void *pr_root; sx_assert(>mn_info->mi_lock, SX_LOCKED); + pr_root = cred->cr_prison->pr_root; LIST_FOREACH(pn, >mn_children, mn_sibling) { - if (strncmp(pn->mn_name, name, len) == 0 && + /* Only match names within the same prison root directory */ + if ((pn->mn_pr_root == NULL || pn->mn_pr_root == pr_root) && + strncmp(pn->mn_name, name, len) == 0 && pn->mn_name[len] == '\0') return (pn); } @@ -878,7 +908,7 @@ mqfs_lookupx(struct vop_cachedlookup_arg /* named node */ sx_xlock(>mi_lock); - pn = mqfs_search(pd, pname, namelen); +
svn commit: r297935 - head/sys/kern
Author: jamie Date: Wed Apr 13 20:14:13 2016 New Revision: 297935 URL: https://svnweb.freebsd.org/changeset/base/297935 Log: Separate POSIX sem/shm objects in jails, by prepending the jail's path name to the object's "path". While the objects don't have real path names, it's a filesystem-like namespace, which allows jails to be kept to their own space, but still allows the system / jail parent to access a jail's IPC. PR: 208082 Modified: head/sys/kern/uipc_sem.c head/sys/kern/uipc_shm.c Modified: head/sys/kern/uipc_sem.c == --- head/sys/kern/uipc_sem.cWed Apr 13 20:12:02 2016(r297934) +++ head/sys/kern/uipc_sem.cWed Apr 13 20:14:13 2016(r297935) @@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -258,7 +259,9 @@ ksem_closef(struct file *fp, struct thre static int ksem_fill_kinfo(struct file *fp, struct kinfo_file *kif, struct filedesc *fdp) { + const char *path, *pr_path; struct ksem *ks; + size_t pr_pathlen; kif->kf_type = KF_TYPE_SEM; ks = fp->f_data; @@ -269,7 +272,19 @@ ksem_fill_kinfo(struct file *fp, struct if (ks->ks_path != NULL) { sx_slock(_dict_lock); if (ks->ks_path != NULL) - strlcpy(kif->kf_path, ks->ks_path, sizeof(kif->kf_path)); + { + path = ks->ks_path; + pr_path = curthread->td_ucred->cr_prison->pr_path; + if (strcmp(pr_path, "/") != 0) + { + /* Return the jail-rooted pathname */ + pr_pathlen = strlen(pr_path); + if (strncmp(path, pr_path, pr_pathlen) == 0 && + path[pr_pathlen] == '/') + path += pr_pathlen; + } + strlcpy(kif->kf_path, path, sizeof(kif->kf_path)); + } sx_sunlock(_dict_lock); } return (0); @@ -449,6 +464,8 @@ ksem_create(struct thread *td, const cha struct ksem *ks; struct file *fp; char *path; + const char *pr_path; + size_t pr_pathlen; Fnv32_t fnv; int error, fd; @@ -485,10 +502,15 @@ ksem_create(struct thread *td, const cha ks->ks_flags |= KS_ANONYMOUS; } else { path = malloc(MAXPATHLEN, M_KSEM, M_WAITOK); - error = copyinstr(name, path, MAXPATHLEN, NULL); + pr_path = td->td_ucred->cr_prison->pr_path; + /* Construct a full pathname for jailed callers */ + pr_pathlen = strcmp(pr_path, "/") == 0 ? 0 + : strlcpy(path, pr_path, MAXPATHLEN); + error = copyinstr(name, path + pr_pathlen, + MAXPATHLEN - pr_pathlen, NULL); /* Require paths to start with a '/' character. */ - if (error == 0 && path[0] != '/') + if (error == 0 && path[pr_pathlen] != '/') error = EINVAL; if (error) { fdclose(td, fp, fd); @@ -624,11 +646,17 @@ int sys_ksem_unlink(struct thread *td, struct ksem_unlink_args *uap) { char *path; + const char *pr_path; + size_t pr_pathlen; Fnv32_t fnv; int error; path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK); - error = copyinstr(uap->name, path, MAXPATHLEN, NULL); + pr_path = td->td_ucred->cr_prison->pr_path; + pr_pathlen = strcmp(pr_path, "/") == 0 ? 0 + : strlcpy(path, pr_path, MAXPATHLEN); + error = copyinstr(uap->name, path + pr_pathlen, MAXPATHLEN - pr_pathlen, + NULL); if (error) { free(path, M_TEMP); return (error); Modified: head/sys/kern/uipc_shm.c == --- head/sys/kern/uipc_shm.cWed Apr 13 20:12:02 2016(r297934) +++ head/sys/kern/uipc_shm.cWed Apr 13 20:14:13 2016(r297935) @@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -687,6 +688,8 @@ kern_shm_open(struct thread *td, const c struct shmfd *shmfd; struct file *fp; char *path; + const char *pr_path; + size_t pr_pathlen; Fnv32_t fnv; mode_t cmode; int fd, error; @@ -723,13 +726,18 @@ kern_shm_open(struct thread *td, const c shmfd = shm_alloc(td->td_ucred, cmode); } else { path = malloc(MAXPATHLEN, M_SHMFD, M_WAITOK); - error = copyinstr(userpath, path, MAXPATHLEN, NULL); + pr_path = td->td_ucred->cr_prison->pr_path; +
svn commit: r297424 - head/sys/compat/linux
Author: jamie Date: Wed Mar 30 17:05:04 2016 New Revision: 297424 URL: https://svnweb.freebsd.org/changeset/base/297424 Log: Use osd_reserve / osd_jail_set_reserved, which is known to succeed. Also don't work around nonexistent osd_register failure. Modified: head/sys/compat/linux/linux_mib.c Modified: head/sys/compat/linux/linux_mib.c == --- head/sys/compat/linux/linux_mib.c Wed Mar 30 17:00:33 2016 (r297423) +++ head/sys/compat/linux/linux_mib.c Wed Mar 30 17:05:04 2016 (r297424) @@ -168,9 +168,6 @@ linux_find_prison(struct prison *spr, st struct prison *pr; struct linux_prison *lpr; - if (!linux_osd_jail_slot) - /* In case osd_register failed. */ - spr = for (pr = spr;; pr = pr->pr_parent) { mtx_lock(>pr_mtx); lpr = (pr == ) @@ -189,15 +186,14 @@ linux_find_prison(struct prison *spr, st * Ensure a prison has its own Linux info. If lprp is non-null, point it to * the Linux info and lock the prison. */ -static int +static void linux_alloc_prison(struct prison *pr, struct linux_prison **lprp) { struct prison *ppr; struct linux_prison *lpr, *nlpr; - int error; + void *rsv; /* If this prison already has Linux info, return that. */ - error = 0; lpr = linux_find_prison(pr, ); if (ppr == pr) goto done; @@ -207,29 +203,24 @@ linux_alloc_prison(struct prison *pr, st */ mtx_unlock(>pr_mtx); nlpr = malloc(sizeof(struct linux_prison), M_PRISON, M_WAITOK); + rsv = osd_reserve(linux_osd_jail_slot); lpr = linux_find_prison(pr, ); if (ppr == pr) { free(nlpr, M_PRISON); + osd_free_reserved(rsv); goto done; } /* Inherit the initial values from the ancestor. */ mtx_lock(>pr_mtx); - error = osd_jail_set(pr, linux_osd_jail_slot, nlpr); - if (error == 0) { - bcopy(lpr, nlpr, sizeof(*lpr)); - lpr = nlpr; - } else { - free(nlpr, M_PRISON); - lpr = NULL; - } + (void)osd_jail_set_reserved(pr, linux_osd_jail_slot, rsv, nlpr); + bcopy(lpr, nlpr, sizeof(*lpr)); + lpr = nlpr; mtx_unlock(>pr_mtx); done: if (lprp != NULL) *lprp = lpr; else mtx_unlock(>pr_mtx); - - return (error); } /* @@ -249,7 +240,8 @@ linux_prison_create(void *obj, void *dat * Inherit a prison's initial values from its parent * (different from JAIL_SYS_INHERIT which also inherits changes). */ - return (linux_alloc_prison(pr, NULL)); + linux_alloc_prison(pr, NULL); + return (0); } static int @@ -345,11 +337,7 @@ linux_prison_set(void *obj, void *data) * "linux=new" or "linux.*": * the prison gets its own Linux info. */ - error = linux_alloc_prison(pr, ); - if (error) { - mtx_unlock(>pr_mtx); - return (error); - } + linux_alloc_prison(pr, ); if (osrelease) { error = linux_map_osrel(osrelease, >pr_osrel); if (error) { @@ -449,21 +437,18 @@ linux_osd_jail_register(void) linux_osd_jail_slot = osd_jail_register(linux_prison_destructor, methods); - if (linux_osd_jail_slot > 0) { - /* Copy the system linux info to any current prisons. */ - sx_xlock(_lock); - TAILQ_FOREACH(pr, , pr_list) - (void)linux_alloc_prison(pr, NULL); - sx_xunlock(_lock); - } + /* Copy the system linux info to any current prisons. */ + sx_slock(_lock); + TAILQ_FOREACH(pr, , pr_list) + linux_alloc_prison(pr, NULL); + sx_sunlock(_lock); } void linux_osd_jail_deregister(void) { - if (linux_osd_jail_slot) - osd_jail_deregister(linux_osd_jail_slot); + osd_jail_deregister(linux_osd_jail_slot); } void ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r297422 - in head: share/man/man9 sys/kern sys/sys
Author: jamie Date: Wed Mar 30 16:57:28 2016 New Revision: 297422 URL: https://svnweb.freebsd.org/changeset/base/297422 Log: Add osd_reserve() and osd_set_reserved(), which allow M_WAITOK allocation of an OSD array, Modified: head/share/man/man9/osd.9 head/sys/kern/kern_osd.c head/sys/sys/osd.h Modified: head/share/man/man9/osd.9 == --- head/share/man/man9/osd.9 Wed Mar 30 16:54:18 2016(r297421) +++ head/share/man/man9/osd.9 Wed Mar 30 16:57:28 2016(r297422) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 5, 2011 +.Dd March 30, 2016 .Dt OSD 9 .Os .Sh NAME @@ -33,6 +33,9 @@ .Nm osd_register , .Nm osd_deregister , .Nm osd_set , +.Nm osd_reserve , +.Nm osd_set_reserved , +.Nm osd_free_reserved , .Nm osd_get , .Nm osd_del , .Nm osd_call , @@ -63,6 +66,22 @@ .Fa "void *value" .Fc .Ft void * +.Fo osd_reserve +.Fa "u_int slot" +.Fc +.Ft int +.Fo osd_set_reserved +.Fa "u_int type" +.Fa "struct osd *osd" +.Fa "u_int slot" +.Fa "void *rsv" +.Fa "void *value" +.Fc +.Ft void +.Fo osd_free_reserved +.Fa "void *rsv" +.Fc +.Ft void * .Fo osd_get .Fa "u_int type" .Fa "struct osd *osd" @@ -198,6 +217,15 @@ argument points to a data object to asso .Fa osd . .Pp The +.Fn osd_set_reserved +function does the same as +.Fn osd_set , +but with an extra argument +.Fa rsv +that is internal-use memory previously allocated via +.Fn osd_reserve . +.Pp +The .Fn osd_get function returns the data pointer associated with a kernel data structure's .Vt struct osd @@ -324,6 +352,24 @@ will proceed without any .Xr realloc 9 calls. .Pp +It is possible for +.Fn osd_set +to fail to allocate this array. To ensure that such allocation succeeds, +.Fn osd_reserve +may be called (in a non-blocking context), and it will pre-allocate the +memory via +.Xr malloc 9 +with M_WAITOK. +Then this pre-allocated memory is passed to +.Fn osd_set_reserved , +which will use it if necessary or otherwise discard it. +The memory may also be explicitly discarded by calling +.Fn osd_free_reserved . +As this method always allocates memory whether or not it is ultimately needed, +it should be used only rarely, such as in the unlikely event that +.Fn osd_set +fails. +.Pp The .Nm API is geared towards slot identifiers storing pointers to the same underlying @@ -359,15 +405,27 @@ the kernel including most fast paths. returns the slot identifier for the newly registered data type. .Pp .Fn osd_set -returns zero on success or ENOMEM if the specified type/slot identifier pair +and +.Fn osd_set_reserved +return zero on success or ENOMEM if the specified type/slot identifier pair triggered an internal .Xr realloc 9 -which failed. +which failed +.Fn ( osd_set_reserved +will always succeed when +.Fa rsv +is non-NULL). .Pp .Fn osd_get returns the data pointer for the specified type/slot identifier pair, or NULL if the slot has not been initialised yet. .Pp +.Fn osd_reserve +returns a pointer suitable for passing to +.Fn osd_set_reserved +or +.Fn osd_free_reserved . +.Pp .Fn osd_call returns zero if no method is run or the method for each slot runs successfully. If a method for a slot returns non-zero, Modified: head/sys/kern/kern_osd.c == --- head/sys/kern/kern_osd.cWed Mar 30 16:54:18 2016(r297421) +++ head/sys/kern/kern_osd.cWed Mar 30 16:57:28 2016(r297422) @@ -54,7 +54,7 @@ struct osd_master { struct sxosd_module_lock; struct rmlockosd_object_lock; struct mtx osd_list_lock; - LIST_HEAD(, osd) osd_list; /* (m) */ + LIST_HEAD(, osd) osd_list; /* (l) */ osd_destructor_t*osd_destructors; /* (o) */ osd_method_t*osd_methods; /* (m) */ u_intosd_ntslots; /* (m) */ @@ -198,6 +198,24 @@ osd_deregister(u_int type, u_int slot) int osd_set(u_int type, struct osd *osd, u_int slot, void *value) { + + return (osd_set_reserved(type, osd, slot, NULL, value)); +} + +void * +osd_reserve(u_int slot) +{ + + KASSERT(slot > 0, ("Invalid slot.")); + + OSD_DEBUG("Reserving slot array (slot=%u).", slot); + return (malloc(sizeof(void *) * slot, M_OSD, M_WAITOK | M_ZERO)); +} + +int +osd_set_reserved(u_int type, struct osd *osd, u_int slot, void *rsv, +void *value) +{ struct rm_priotracker tracker; KASSERT(type >= OSD_FIRST && type <= OSD_LAST, ("Invalid type.")); @@ -206,36 +224,34 @@ osd_set(u_int type, struct osd *osd, u_i rm_rlock([type].osd_object_lock, ); if (slot > osd->osd_nslots) { + void *newptr; + if (value == NULL) { OSD_DEBUG( "Not allocating null slot (type=%u, slot=%u).",
svn commit: r297367 - head/sys/kern
Author: jamie Date: Mon Mar 28 22:18:37 2016 New Revision: 297367 URL: https://svnweb.freebsd.org/changeset/base/297367 Log: Move the various per-type arrays of OSD data into a single structure array. Modified: head/sys/kern/kern_osd.c Modified: head/sys/kern/kern_osd.c == --- head/sys/kern/kern_osd.cMon Mar 28 21:51:56 2016(r297366) +++ head/sys/kern/kern_osd.cMon Mar 28 22:18:37 2016(r297367) @@ -44,6 +44,23 @@ __FBSDID("$FreeBSD$"); /* OSD (Object Specific Data) */ +/* + * Lock key: + * (m) osd_module_lock + * (o) osd_object_lock + * (l) osd_list_lock + */ +struct osd_master { + struct sxosd_module_lock; + struct rmlockosd_object_lock; + struct mtx osd_list_lock; + LIST_HEAD(, osd) osd_list; /* (m) */ + osd_destructor_t*osd_destructors; /* (o) */ + osd_method_t*osd_methods; /* (m) */ + u_intosd_ntslots; /* (m) */ + const u_int osd_nmethods; +}; + static MALLOC_DEFINE(M_OSD, "osd", "Object Specific Data"); static int osd_debug = 0; @@ -61,25 +78,12 @@ static void do_osd_del(u_int type, struc int list_locked); /* - * Lists of objects with OSD. - * - * Lock key: - * (m) osd_module_lock - * (o) osd_object_lock - * (l) osd_list_lock + * List of objects with OSD. */ -static LIST_HEAD(, osd)osd_list[OSD_LAST + 1]; /* (m) */ -static osd_method_t *osd_methods[OSD_LAST + 1];/* (m) */ -static u_int osd_nslots[OSD_LAST + 1]; /* (m) */ -static osd_destructor_t *osd_destructors[OSD_LAST + 1];/* (o) */ -static const u_int osd_nmethods[OSD_LAST + 1] = { - [OSD_JAIL] = PR_MAXMETHOD, +struct osd_master osdm[OSD_LAST + 1] = { + [OSD_JAIL] = { .osd_nmethods = PR_MAXMETHOD }, }; -static struct sx osd_module_lock[OSD_LAST + 1]; -static struct rmlock osd_object_lock[OSD_LAST + 1]; -static struct mtx osd_list_lock[OSD_LAST + 1]; - static void osd_default_destructor(void *value __unused) { @@ -101,12 +105,12 @@ osd_register(u_int type, osd_destructor_ if (destructor == NULL) destructor = osd_default_destructor; - sx_xlock(_module_lock[type]); + sx_xlock([type].osd_module_lock); /* * First, we try to find unused slot. */ - for (i = 0; i < osd_nslots[type]; i++) { - if (osd_destructors[type][i] == NULL) { + for (i = 0; i < osdm[type].osd_ntslots; i++) { + if (osdm[type].osd_destructors[i] == NULL) { OSD_DEBUG("Unused slot found (type=%u, slot=%u).", type, i); break; @@ -115,31 +119,31 @@ osd_register(u_int type, osd_destructor_ /* * If no unused slot was found, allocate one. */ - if (i == osd_nslots[type]) { - osd_nslots[type]++; - if (osd_nmethods[type] != 0) - osd_methods[type] = realloc(osd_methods[type], - sizeof(osd_method_t) * osd_nslots[type] * - osd_nmethods[type], M_OSD, M_WAITOK); - newptr = malloc(sizeof(osd_destructor_t) * osd_nslots[type], - M_OSD, M_WAITOK); - rm_wlock(_object_lock[type]); - bcopy(osd_destructors[type], newptr, + if (i == osdm[type].osd_ntslots) { + osdm[type].osd_ntslots++; + if (osdm[type].osd_nmethods != 0) + osdm[type].osd_methods = realloc(osdm[type].osd_methods, + sizeof(osd_method_t) * osdm[type].osd_ntslots * + osdm[type].osd_nmethods, M_OSD, M_WAITOK); + newptr = malloc(sizeof(osd_destructor_t) * + osdm[type].osd_ntslots, M_OSD, M_WAITOK); + rm_wlock([type].osd_object_lock); + bcopy(osdm[type].osd_destructors, newptr, sizeof(osd_destructor_t) * i); - free(osd_destructors[type], M_OSD); - osd_destructors[type] = newptr; - rm_wunlock(_object_lock[type]); + free(osdm[type].osd_destructors, M_OSD); + osdm[type].osd_destructors = newptr; + rm_wunlock([type].osd_object_lock); OSD_DEBUG("New slot allocated (type=%u, slot=%u).", type, i + 1); } - osd_destructors[type][i] = destructor; - if (osd_nmethods[type] != 0) { - for (m = 0; m < osd_nmethods[type]; m++) - osd_methods[type][i * osd_nmethods[type] + m] = - methods != NULL ? methods[m] : NULL; + osdm[type].osd_destructors[i] = destructor; + if (osdm[type].osd_nmethods != 0) { +
svn commit: r295468 - in head: lib/libc/sys usr.sbin/jail
Author: jamie Date: Wed Feb 10 14:48:49 2016 New Revision: 295468 URL: https://svnweb.freebsd.org/changeset/base/295468 Log: Remove man page references to rndassociates.com, which has been taken over by a domain squatter. Modified: head/lib/libc/sys/jail.2 head/usr.sbin/jail/jail.8 head/usr.sbin/jail/jail.conf.5 Modified: head/lib/libc/sys/jail.2 == --- head/lib/libc/sys/jail.2Wed Feb 10 12:14:56 2016(r295467) +++ head/lib/libc/sys/jail.2Wed Feb 10 14:48:49 2016(r295468) @@ -405,7 +405,6 @@ system calls appeared in The jail feature was written by .An Poul-Henning Kamp for R Associates -.Dq Li http://www.rndassociates.com/ who contributed it to .Fx . .An James Gritton Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Wed Feb 10 12:14:56 2016(r295467) +++ head/usr.sbin/jail/jail.8 Wed Feb 10 14:48:49 2016(r295468) @@ -1260,7 +1260,6 @@ The configuration file was introduced in The jail feature was written by .An Poul-Henning Kamp for R Associates -.Pa http://www.rndassociates.com/ who contributed it to .Fx . .Pp Modified: head/usr.sbin/jail/jail.conf.5 == --- head/usr.sbin/jail/jail.conf.5 Wed Feb 10 12:14:56 2016 (r295467) +++ head/usr.sbin/jail/jail.conf.5 Wed Feb 10 14:48:49 2016 (r295468) @@ -224,7 +224,6 @@ file was added in The jail feature was written by .An Poul-Henning Kamp for R Associates -.Pa http://www.rndassociates.com/ who contributed it to .Fx . .Pp ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r294749 - head/etc/rc.d
Author: jamie Date: Mon Jan 25 22:14:31 2016 New Revision: 294749 URL: https://svnweb.freebsd.org/changeset/base/294749 Log: Allow the (old rc-style) exec_afterstart jail parameters to start numbering at 0, like exec_prestart and the others do. Make param0 optional, i.e. still look for param1. PR: 142973 MFC after:3 days Modified: head/etc/rc.d/jail Modified: head/etc/rc.d/jail == --- head/etc/rc.d/jail Mon Jan 25 22:12:03 2016(r294748) +++ head/etc/rc.d/jail Mon Jan 25 22:14:31 2016(r294749) @@ -32,7 +32,7 @@ need_dad_wait= # Extract value from ${jail_$jv_$name} or ${jail_$name} and # set it to $param. If not defined, $defval is used. # When $num is [0-9]*, ${jail_$jv_$name$num} are looked up and -# $param is set by using +=. +# $param is set by using +=. $num=0 is optional (params may start at 1). # When $num is YN or NY, the value is interpret as boolean. extract_var() { @@ -72,7 +72,7 @@ extract_var() eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" if [ -n "$_tmpargs" ]; then echo " $_param += \"$_tmpargs\";" - else + elif [ $i != 0 ]; then break; fi i=$(($i + 1)) @@ -202,7 +202,7 @@ parse_options() extract_var $_jv exec_poststop exec.poststop 0 "" echo " exec.start += \"$_exec_start\";" - extract_var $_jv exec_afterstart exec.start 1 "" + extract_var $_jv exec_afterstart exec.start 0 "" echo " exec.stop = \"$_exec_stop\";" extract_var $_jv consolelog exec.consolelog - \ ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r294196 - head/usr.sbin/jail
Author: jamie Date: Sat Jan 16 22:32:57 2016 New Revision: 294196 URL: https://svnweb.freebsd.org/changeset/base/294196 Log: Don't bother checking an ip[46].addr netmask/prefixlen. This is already handled by ifconfig, and it was doing it wrong when the paramater included extra ifconfig options. PR: 205926 MFC after:5 days Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Sat Jan 16 21:24:12 2016(r294195) +++ head/usr.sbin/jail/config.c Sat Jan 16 22:32:57 2016(r294196) @@ -454,7 +454,7 @@ check_intparams(struct cfjail *j) struct addrinfo hints; struct addrinfo *ai0, *ai; const char *hostname; - int gicode, defif, prefix; + int gicode, defif; #endif #ifdef INET struct in_addr addr4; @@ -597,15 +597,7 @@ check_intparams(struct cfjail *j) strcpy(s->s, cs + 1); s->len -= cs + 1 - s->s; } - if ((cs = strchr(s->s, '/'))) { - prefix = strtol(cs + 1, , 10); - if (*ep == '.' - ? inet_pton(AF_INET, cs + 1, ) != 1 - : *ep || prefix < 0 || prefix > 32) { - jail_warnx(j, - "ip4.addr: bad netmask \"%s\"", cs); - error = -1; - } + if ((cs = strchr(s->s, '/')) != NULL) { *cs = '\0'; s->len = cs - s->s; } @@ -626,14 +618,7 @@ check_intparams(struct cfjail *j) strcpy(s->s, cs + 1); s->len -= cs + 1 - s->s; } - if ((cs = strchr(s->s, '/'))) { - prefix = strtol(cs + 1, , 10); - if (*ep || prefix < 0 || prefix > 128) { - jail_warnx(j, - "ip6.addr: bad prefixlen \"%s\"", - cs); - error = -1; - } + if ((cs = strchr(s->s, '/')) != NULL) { *cs = '\0'; s->len = cs - s->s; } ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r294183 - head/usr.sbin/jail
Author: jamie Date: Sat Jan 16 18:13:28 2016 New Revision: 294183 URL: https://svnweb.freebsd.org/changeset/base/294183 Log: Clear errno before calling getpw*. Modified: head/usr.sbin/jail/command.c Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cSat Jan 16 18:11:17 2016 (r294182) +++ head/usr.sbin/jail/command.cSat Jan 16 18:13:28 2016 (r294183) @@ -877,6 +877,7 @@ get_user_info(struct cfjail *j, const ch { const struct passwd *pwd; + errno = 0; *pwdp = pwd = username ? getpwnam(username) : getpwuid(getuid()); if (pwd == NULL) { if (errno) ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r292759 - head/etc/rc.d
Author: jamie Date: Sat Dec 26 23:01:34 2015 New Revision: 292759 URL: https://svnweb.freebsd.org/changeset/base/292759 Log: Let old-style (shell-based) jail configuration handle jail names that contain characters not allowed in a shell variable (such as "-"). These will be replaced by an underscore in jail config variables, e.g. for jail "foo-bar" you would set "jail_foo_bar_hostname". This is separate from the current code that changes the jail names if they contain "." or "/". It also doesn't apply to jails defined in a jail.conf file. PR: 191181 MFC after:5 days Modified: head/etc/rc.d/jail Modified: head/etc/rc.d/jail == --- head/etc/rc.d/jail Sat Dec 26 22:27:48 2015(r292758) +++ head/etc/rc.d/jail Sat Dec 26 23:01:34 2015(r292759) @@ -28,16 +28,16 @@ extra_commands="config console status" need_dad_wait= -# extract_var jail name param num defval -# Extract value from ${jail_$jail_$name} or ${jail_$name} and +# extract_var jv name param num defval +# Extract value from ${jail_$jv_$name} or ${jail_$name} and # set it to $param. If not defined, $defval is used. -# When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and +# When $num is [0-9]*, ${jail_$jv_$name$num} are looked up and # $param is set by using +=. # When $num is YN or NY, the value is interpret as boolean. extract_var() { - local i _j _name _param _num _def _name1 _name2 - _j=$1 + local i _jv _name _param _num _def _name1 _name2 + _jv=$1 _name=$2 _param=$3 _num=$4 @@ -45,7 +45,7 @@ extract_var() case $_num in YN) - _name1=jail_${_j}_${_name} + _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" if checkyesno $_name1; then @@ -55,7 +55,7 @@ extract_var() fi ;; NY) - _name1=jail_${_j}_${_name} + _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval $_name1=\"\${$_name1:-\${$_name2:-$_def}}\" if checkyesno $_name1; then @@ -67,7 +67,7 @@ extract_var() [0-9]*) i=$_num while : ; do - _name1=jail_${_j}_${_name}${i} + _name1=jail_${_jv}_${_name}${i} _name2=jail_${_name}${i} eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" if [ -n "$_tmpargs" ]; then @@ -79,7 +79,7 @@ extract_var() done ;; *) - _name1=jail_${_j}_${_name} + _name1=jail_${_jv}_${_name} _name2=jail_${_name} eval _tmpargs=\"\${$_name1:-\${$_name2:-$_def}}\" if [ -n "$_tmpargs" ]; then @@ -89,22 +89,23 @@ extract_var() esac } -# parse_options _j +# parse_options _j _jv # Parse options and create a temporary configuration file if necessary. # parse_options() { - local _j _p + local _j _jv _p _j=$1 + _jv=$2 _confwarn=0 if [ -z "$_j" ]; then warn "parse_options: you must specify a jail" return fi - eval _jconf=\"\${jail_${_j}_conf:-/etc/jail.${_j}.conf}\" - eval _rootdir=\"\$jail_${_j}_rootdir\" - eval _hostname=\"\$jail_${_j}_hostname\" + eval _jconf=\"\${jail_${_jv}_conf:-/etc/jail.${_j}.conf}\" + eval _rootdir=\"\$jail_${_jv}_rootdir\" + eval _hostname=\"\$jail_${_jv}_hostname\" if [ -z "$_rootdir" -o \ -z "$_hostname" ]; then if [ -r "$_jconf" ]; then @@ -120,7 +121,7 @@ parse_options() fi return 1 fi - eval _ip=\"\$jail_${_j}_ip\" + eval _ip=\"\$jail_${_jv}_ip\" if [ -z "$_ip" ] && ! check_kern_features vimage; then warn "no ipaddress specified and no vimage support. " \ "Jail $_j was ignored." @@ -138,10 +139,10 @@ parse_options() fi /usr/bin/install -m 0644 -o root -g wheel /dev/null $_conf || return 1 - eval : \${jail_${_j}_flags:=${jail_flags}} - eval _exec=\"\$jail_${_j}_exec\" - eval _exec_start=\"\$jail_${_j}_exec_start\" - eval _exec_stop=\"\$jail_${_j}_exec_stop\" + eval : \${jail_${_jv}_flags:=${jail_flags}} + eval _exec=\"\$jail_${_jv}_exec\" + eval _exec_start=\"\$jail_${_jv}_exec_start\" + eval _exec_stop=\"\$jail_${_jv}_exec_stop\" if [ -n "${_exec}" ]; then # simple/backward-compatible execution _exec_start="${_exec}" @@ -155,20 +156,20 @@ parse_options() fi fi fi - eval
svn commit: r292277 - head/sys/kern
Author: jamie Date: Tue Dec 15 17:25:00 2015 New Revision: 292277 URL: https://svnweb.freebsd.org/changeset/base/292277 Log: Fix jail name checking that disallowed anything that starts with '0'. The intention was to just limit leading zeroes on numeric names. That check is now improved to also catch the leading spaces and '+' that strtoul can pass through. PR: 204897 MFC after:3 days Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Tue Dec 15 16:04:45 2015(r292276) +++ head/sys/kern/kern_jail.c Tue Dec 15 17:25:00 2015(r292277) @@ -1580,11 +1580,14 @@ kern_jail_set(struct thread *td, struct #endif onamelen = namelen = 0; if (name != NULL) { - /* Give a default name of the jid. */ + /* Give a default name of the jid. Also allow the name to be +* explicitly the jid - but not any other number, and only in +* normal form (no leading zero/etc). +*/ if (name[0] == '\0') snprintf(name = numbuf, sizeof(numbuf), "%d", jid); - else if (*namelc == '0' || (strtoul(namelc, , 10) != jid && - *p == '\0')) { + else if ((strtoul(namelc, , 10) != jid || + namelc[0] < '1' || namelc[0] > '9') && *p == '\0') { error = EINVAL; vfs_opterror(opts, "name cannot be numeric (unless it is the jid)"); ___ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r287012 - in head/bin/pkill: . tests
Author: jamie Date: Sat Aug 22 05:04:36 2015 New Revision: 287012 URL: https://svnweb.freebsd.org/changeset/base/287012 Log: Make pkill/pgrep -j ARG take jname, not just jid. PR: 201588 Submitted by: Daniel Shahaf danielsh at apache.org MFC after:3 days Modified: head/bin/pkill/Makefile head/bin/pkill/Makefile.depend head/bin/pkill/pkill.1 head/bin/pkill/pkill.c head/bin/pkill/tests/pgrep-j_test.sh head/bin/pkill/tests/pkill-j_test.sh Modified: head/bin/pkill/Makefile == --- head/bin/pkill/Makefile Sat Aug 22 03:29:12 2015(r287011) +++ head/bin/pkill/Makefile Sat Aug 22 05:04:36 2015(r287012) @@ -5,7 +5,7 @@ PROG= pkill -LIBADD=kvm +LIBADD=kvm jail LINKS= ${BINDIR}/pkill ${BINDIR}/pgrep MLINKS=pkill.1 pgrep.1 Modified: head/bin/pkill/Makefile.depend == --- head/bin/pkill/Makefile.depend Sat Aug 22 03:29:12 2015 (r287011) +++ head/bin/pkill/Makefile.depend Sat Aug 22 05:04:36 2015 (r287012) @@ -9,6 +9,7 @@ DIRDEPS = \ lib/${CSU_DIR} \ lib/libc \ lib/libcompiler_rt \ + lib/libjail \ lib/libkvm \ Modified: head/bin/pkill/pkill.1 == --- head/bin/pkill/pkill.1 Sat Aug 22 03:29:12 2015(r287011) +++ head/bin/pkill/pkill.1 Sat Aug 22 05:04:36 2015(r287012) @@ -29,7 +29,7 @@ .\ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\ POSSIBILITY OF SUCH DAMAGE. .\ -.Dd August 9, 2013 +.Dd August 21, 2015 .Dt PKILL 1 .Os .Sh NAME @@ -47,7 +47,7 @@ .Op Fl c Ar class .Op Fl d Ar delim .Op Fl g Ar pgrp -.Op Fl j Ar jid +.Op Fl j Ar jail .Op Fl s Ar sid .Op Fl t Ar tty .Op Fl u Ar euid @@ -63,7 +63,7 @@ .Op Fl U Ar uid .Op Fl c Ar class .Op Fl g Ar pgrp -.Op Fl j Ar jid +.Op Fl j Ar jail .Op Fl s Ar sid .Op Fl t Ar tty .Op Fl u Ar euid @@ -149,16 +149,16 @@ or command. .It Fl i Ignore case distinctions in both the process table and the supplied pattern. -.It Fl j Ar jid -Restrict matches to processes inside jails with a jail ID in the comma-separated -list -.Ar jid . -The value +.It Fl j Ar jail +Restrict matches to processes inside the specified jails. +The argument +.Ar jail +may be .Dq Li any -matches processes in any jail. -The value +to match processes in any jail, .Dq Li none -matches processes not in jail. +to match processes not in jail, +or a comma-separated list of jail IDs or names. .It Fl l Long output. For Modified: head/bin/pkill/pkill.c == --- head/bin/pkill/pkill.c Sat Aug 22 03:29:12 2015(r287011) +++ head/bin/pkill/pkill.c Sat Aug 22 05:04:36 2015(r287012) @@ -59,6 +59,7 @@ __FBSDID($FreeBSD$); #include grp.h #include errno.h #include locale.h +#include jail.h #defineSTATUS_MATCH0 #defineSTATUS_NOMATCH 1 @@ -78,7 +79,7 @@ enum listtype { LT_GROUP, LT_TTY, LT_PGRP, - LT_JID, + LT_JAIL, LT_SID, LT_CLASS }; @@ -245,7 +246,7 @@ main(int argc, char **argv) cflags |= REG_ICASE; break; case 'j': - makelist(jidlist, LT_JID, optarg); + makelist(jidlist, LT_JAIL, optarg); criteria = 1; break; case 'l': @@ -585,7 +586,7 @@ usage(void) fprintf(stderr, usage: %s %s [-F pidfile] [-G gid] [-M core] [-N system]\n -[-P ppid] [-U uid] [-c class] [-g pgrp] [-j jid]\n +[-P ppid] [-U uid] [-c class] [-g pgrp] [-j jail]\n [-s sid] [-t tty] [-u euid] pattern ...\n, getprogname(), ustr); @@ -700,7 +701,7 @@ makelist(struct listhead *head, enum lis if (li-li_number == 0) li-li_number = getsid(mypid); break; - case LT_JID: + case LT_JAIL: if (li-li_number 0) errx(STATUS_BADUSAGE, Negative jail ID `%s', sp); @@ -766,15 +767,20 @@ foundtty: if ((st.st_mode S_IFCHR) == li-li_number = st.st_rdev; break; - case LT_JID: + case LT_JAIL: { + int jid; + if (strcmp(sp, none) == 0) li-li_number = 0; else if (strcmp(sp, any) == 0)
svn commit: r285420 - head/usr.sbin/jexec
Author: jamie Date: Sun Jul 12 17:03:50 2015 New Revision: 285420 URL: https://svnweb.freebsd.org/changeset/base/285420 Log: Run a shell in the jail when no command is specified. Add a new flag, -l, for a clean environment, same as jail(8) exec.clean. Change the GET_USER_INFO macro into a function. PR: 201300 Submitted by: Willem Jan Withagen MFC after:3 days Modified: head/usr.sbin/jexec/jexec.8 head/usr.sbin/jexec/jexec.c Modified: head/usr.sbin/jexec/jexec.8 == --- head/usr.sbin/jexec/jexec.8 Sun Jul 12 15:24:05 2015(r285419) +++ head/usr.sbin/jexec/jexec.8 Sun Jul 12 17:03:50 2015(r285420) @@ -25,7 +25,7 @@ .\ .\ $FreeBSD$ .\ -.Dd May 27, 2009 +.Dd Jul 11, 2015 .Dt JEXEC 8 .Os .Sh NAME @@ -33,8 +33,9 @@ .Nd execute a command inside an existing jail .Sh SYNOPSIS .Nm +.Op Fl l .Op Fl u Ar username | Fl U Ar username -.Ar jail command ... +.Ar jail Op Ar command ... .Sh DESCRIPTION The .Nm @@ -43,9 +44,17 @@ utility executes inside the .Ar jail identified by its jid or name. +If +.Ar command +is not specified then the user's shell is used. .Pp The following options are available: .Bl -tag -width indent +.It Fl l +Execute in a clean environment. +The environment is discarded except for +.Ev HOME , SHELL , TERM , USER , +and anything from the login class capability database for the user. .It Fl u Ar username The user name from host environment as whom the .Ar command Modified: head/usr.sbin/jexec/jexec.c == --- head/usr.sbin/jexec/jexec.c Sun Jul 12 15:24:05 2015(r285419) +++ head/usr.sbin/jexec/jexec.c Sun Jul 12 17:03:50 2015(r285420) @@ -40,49 +40,37 @@ #include jail.h #include limits.h #include login_cap.h +#include paths.h +#include pwd.h #include stdio.h #include stdlib.h #include string.h -#include pwd.h #include unistd.h -static voidusage(void); +extern char **environ; -#define GET_USER_INFO do { \ - pwd = getpwnam(username); \ - if (pwd == NULL) { \ - if (errno) \ - err(1, getpwnam: %s, username); \ - else\ - errx(1, %s: no such user, username); \ - } \ - lcap = login_getpwclass(pwd); \ - if (lcap == NULL) \ - err(1, getpwclass: %s, username); \ - ngroups = ngroups_max; \ - if (getgrouplist(username, pwd-pw_gid, groups, ngroups) != 0) \ - err(1, getgrouplist: %s, username); \ -} while (0) +static voidget_user_info(const char *username, const struct passwd **pwdp, +login_cap_t **lcapp); +static voidusage(void); int main(int argc, char *argv[]) { int jid; login_cap_t *lcap = NULL; - struct passwd *pwd = NULL; - gid_t *groups = NULL; - int ch, ngroups, uflag, Uflag; - long ngroups_max; - char *username; + int ch, clean, uflag, Uflag; + char *cleanenv; + const struct passwd *pwd = NULL; + const char *username, *shell, *term; - ch = uflag = Uflag = 0; + ch = clean = uflag = Uflag = 0; username = NULL; - ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1; - if ((groups = malloc(sizeof(gid_t) * ngroups_max)) == NULL) - err(1, malloc); - while ((ch = getopt(argc, argv, nu:U:)) != -1) { + while ((ch = getopt(argc, argv, lnu:U:)) != -1) { switch (ch) { + case 'l': + clean = 1; + break; case 'n': /* Specified name, now unused */ break; @@ -100,12 +88,15 @@ main(int argc, char *argv[]) } argc -= optind; argv += optind; - if (argc 2) + if (argc 1) usage(); if (uflag Uflag) usage(); - if (uflag) - GET_USER_INFO; + if (uflag || (clean !Uflag)) + /* User info from the home environment */ + get_user_info(username, pwd, lcap); + + /* Attach to the jail */ jid = jail_getid(argv[0]); if (jid 0) errx(1, %s, jail_errmsg); @@ -113,28 +104,88 @@ main(int argc, char *argv[]) err(1, jail_attach(%d), jid); if (chdir(/) == -1) err(1, chdir(): /); - if (username != NULL) { + + /*
svn commit: r279123 - head/usr.sbin/jls
Author: jamie Date: Sun Feb 22 00:00:10 2015 New Revision: 279123 URL: https://svnweb.freebsd.org/changeset/base/279123 Log: Allow for parameters added with the JP_OPT flag to not exist. That's why the flag exists in the first place. MFC after:1 week Modified: head/usr.sbin/jls/jls.c Modified: head/usr.sbin/jls/jls.c == --- head/usr.sbin/jls/jls.c Sat Feb 21 23:47:20 2015(r279122) +++ head/usr.sbin/jls/jls.c Sun Feb 22 00:00:10 2015(r279123) @@ -294,10 +294,8 @@ add_param(const char *name, void *value, param-jp_flags |= flags; return param - params; } - if (jailparam_init(param, name) 0) - errx(1, %s, jail_errmsg); - param-jp_flags = flags; - if ((value != NULL ? jailparam_import_raw(param, value, valuelen) + if (jailparam_init(param, name) 0 || + (value != NULL ? jailparam_import_raw(param, value, valuelen) : jailparam_import(param, value)) 0) { if (flags JP_OPT) { nparams--; @@ -305,6 +303,7 @@ add_param(const char *name, void *value, } errx(1, %s, jail_errmsg); } + param-jp_flags = flags; return param - params; } ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r279081 - head/usr.sbin/jls
Author: jamie Date: Fri Feb 20 19:48:24 2015 New Revision: 279081 URL: https://svnweb.freebsd.org/changeset/base/279081 Log: Allow parameters listed on the command line to override the -v option, instead of crashing. PR: 197701 MFC after:1 week Modified: head/usr.sbin/jls/jls.8 head/usr.sbin/jls/jls.c Modified: head/usr.sbin/jls/jls.8 == --- head/usr.sbin/jls/jls.8 Fri Feb 20 19:44:02 2015(r279080) +++ head/usr.sbin/jls/jls.8 Fri Feb 20 19:48:24 2015(r279081) @@ -92,7 +92,8 @@ skipping read-only and unused parameters Implies .Fl nq . .It Fl v -Print a multiple-line summary per jail, with the following parameters: +Extend the standard display with a multiple-line summary per jail, +containing the following parameters: jail identifier (jid), hostname (host.hostname), path (path), jail name (name), jail state (dying), cpuset ID (cpuset), IP address(es) (ip4.addr and ip6.addr). Modified: head/usr.sbin/jls/jls.c == --- head/usr.sbin/jls/jls.c Fri Feb 20 19:44:02 2015(r279080) +++ head/usr.sbin/jls/jls.c Fri Feb 20 19:48:24 2015(r279081) @@ -166,10 +166,12 @@ main(int argc, char **argv) JP_USER); add_param(path, NULL, (size_t)0, NULL, JP_USER); } - } else + } else { + pflags = ~PRINT_VERBOSE; while (optind argc) add_param(argv[optind++], NULL, (size_t)0, NULL, JP_USER); + } if (pflags PRINT_SKIP) { /* Check for parameters with jailsys parents. */ ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r279083 - head/usr.sbin/jls
Author: jamie Date: Fri Feb 20 20:12:05 2015 New Revision: 279083 URL: https://svnweb.freebsd.org/changeset/base/279083 Log: Fix the logic for skipping parameters (with -s) that have jailsys parents (such as host.hostname); these were being skipped all the time. That it went this long without anyone noticing is a sign that this feature isn't actually used by anyone, but it's there so it might as well work. MFC after:1 week Modified: head/usr.sbin/jls/jls.c Modified: head/usr.sbin/jls/jls.c == --- head/usr.sbin/jls/jls.c Fri Feb 20 20:02:47 2015(r279082) +++ head/usr.sbin/jls/jls.c Fri Feb 20 20:12:05 2015(r279083) @@ -78,7 +78,7 @@ static void quoted_print(char *str); int main(int argc, char **argv) { - char *dot, *ep, *jname; + char *dot, *ep, *jname, *pname; int c, i, jflags, jid, lastjid, pflags, spc; jname = NULL; @@ -178,10 +178,11 @@ main(int argc, char **argv) for (i = 0; i nparams; i++) { if ((params[i].jp_flags JP_USER) (dot = strchr(params[i].jp_name, '.'))) { - *dot = 0; - param_parent[i] = add_param(params[i].jp_name, + pname = alloca((dot - params[i].jp_name) + 1); + strlcpy(pname, params[i].jp_name, + (dot - params[i].jp_name) + 1); + param_parent[i] = add_param(pname, NULL, (size_t)0, NULL, JP_OPT); - *dot = '.'; } } } ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r278480 - head/etc/rc.d
Author: jamie Date: Tue Feb 10 00:48:51 2015 New Revision: 278480 URL: https://svnweb.freebsd.org/changeset/base/278480 Log: Un-revert the r278323 again - whatever Jenkins/kyua is up it, it has nothing to do with this. Modified: head/etc/rc.d/jail Modified: head/etc/rc.d/jail == --- head/etc/rc.d/jail Mon Feb 9 23:13:50 2015(r278479) +++ head/etc/rc.d/jail Tue Feb 10 00:48:51 2015(r278480) @@ -233,8 +233,7 @@ parse_options() fi eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}} if checkyesno jail_${_j}_procfs_enable; then - echo mount += \ - \procfs ${_rootdir%/}/proc procfs rw 0 0\; + echo mount.procfs; fi eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}} ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r278343 - head/etc/rc.d
Author: jamie Date: Sat Feb 7 05:02:10 2015 New Revision: 278343 URL: https://svnweb.freebsd.org/changeset/base/278343 Log: Revert the rc part of r278323 until I can figure out what Jenkins is doing. Modified: head/etc/rc.d/jail Modified: head/etc/rc.d/jail == --- head/etc/rc.d/jail Sat Feb 7 01:50:32 2015(r278342) +++ head/etc/rc.d/jail Sat Feb 7 05:02:10 2015(r278343) @@ -233,7 +233,8 @@ parse_options() fi eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}} if checkyesno jail_${_j}_procfs_enable; then - echo mount.procfs; + echo mount += \ + \procfs ${_rootdir%/}/proc procfs rw 0 0\; fi eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}} ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r278323 - in head: etc/rc.d usr.sbin/jail
Author: jamie Date: Fri Feb 6 17:54:53 2015 New Revision: 278323 URL: https://svnweb.freebsd.org/changeset/base/278323 Log: Add mount.procfs jail parameter, so procfs can be mounted when a prison's root is in its fstab. Also fix a typo while I'm at it. PR: 197237 197066 MFC after:3 days Modified: head/etc/rc.d/jail head/usr.sbin/jail/command.c head/usr.sbin/jail/config.c head/usr.sbin/jail/jail.8 head/usr.sbin/jail/jail.c head/usr.sbin/jail/jailp.h Modified: head/etc/rc.d/jail == --- head/etc/rc.d/jail Fri Feb 6 17:43:13 2015(r278322) +++ head/etc/rc.d/jail Fri Feb 6 17:54:53 2015(r278323) @@ -28,7 +28,7 @@ extra_commands=config console status need_dad_wait= -# extact_var jail name param num defval +# extract_var jail name param num defval # Extract value from ${jail_$jail_$name} or ${jail_$name} and # set it to $param. If not defined, $defval is used. # When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and @@ -233,8 +233,7 @@ parse_options() fi eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}} if checkyesno jail_${_j}_procfs_enable; then - echo mount += \ - \procfs ${_rootdir%/}/proc procfs rw 0 0\; + echo mount.procfs; fi eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}} Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cFri Feb 6 17:43:13 2015 (r278322) +++ head/usr.sbin/jail/command.cFri Feb 6 17:54:53 2015 (r278323) @@ -112,6 +112,12 @@ next_command(struct cfjail *j) if (!bool_param(j-intparams[IP_MOUNT_FDESCFS])) continue; j-comstring = dummystring; + break; + case IP_MOUNT_PROCFS: + if (!bool_param(j-intparams[IP_MOUNT_PROCFS])) + continue; + j-comstring = dummystring; + break; case IP__OP: case IP_STOP_TIMEOUT: j-comstring = dummystring; @@ -528,6 +534,32 @@ run_command(struct cfjail *j) } break; + case IP_MOUNT_PROCFS: + argv = alloca(7 * sizeof(char *)); + path = string_param(j-intparams[KP_PATH]); + if (path == NULL) { + jail_warnx(j, mount.procfs: no path); + return -1; + } + devpath = alloca(strlen(path) + 6); + sprintf(devpath, %s/proc, path); + if (check_path(j, mount.procfs, devpath, 0, + down ? procfs : NULL) 0) + return -1; + if (down) { + argv[0] = /sbin/umount; + argv[1] = devpath; + argv[2] = NULL; + } else { + argv[0] = _PATH_MOUNT; + argv[1] = -t; + argv[2] = procfs; + argv[3] = .; + argv[4] = devpath; + argv[5] = NULL; + } + break; + case IP_COMMAND: if (j-name != NULL) goto default_command; Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Fri Feb 6 17:43:13 2015(r278322) +++ head/usr.sbin/jail/config.c Fri Feb 6 17:54:53 2015(r278323) @@ -84,6 +84,7 @@ static const struct ipspec intparams[] = [IP_MOUNT] = {mount, PF_INTERNAL | PF_REV}, [IP_MOUNT_DEVFS] = {mount.devfs, PF_INTERNAL | PF_BOOL}, [IP_MOUNT_FDESCFS] = {mount.fdescfs, PF_INTERNAL | PF_BOOL}, +[IP_MOUNT_PROCFS] ={mount.procfs,PF_INTERNAL | PF_BOOL}, [IP_MOUNT_FSTAB] = {mount.fstab, PF_INTERNAL}, [IP_STOP_TIMEOUT] ={stop.timeout,PF_INTERNAL | PF_INT}, [IP_VNET_INTERFACE] = {vnet.interface, PF_INTERNAL}, Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Fri Feb 6 17:43:13 2015(r278322) +++ head/usr.sbin/jail/jail.8 Fri Feb 6 17:54:53 2015(r278323) @@ -25,7 +25,7 @@ .\ .\ $FreeBSD$ .\ -.Dd January 28, 2015 +.Dd February 6, 2015 .Dt JAIL 8 .Os .Sh NAME @@ -753,6 +753,12 @@
svn commit: r277855 - in head: sys/fs/fdescfs sys/kern sys/sys usr.sbin/jail
Author: jamie Date: Wed Jan 28 21:08:09 2015 New Revision: 277855 URL: https://svnweb.freebsd.org/changeset/base/277855 Log: Add allow.mount.fdescfs jail flag. PR: 192951 Submitted by: ru...@verweg.com MFC after:3 days Modified: head/sys/fs/fdescfs/fdesc_vfsops.c head/sys/kern/kern_jail.c head/sys/sys/jail.h head/usr.sbin/jail/jail.8 Modified: head/sys/fs/fdescfs/fdesc_vfsops.c == --- head/sys/fs/fdescfs/fdesc_vfsops.c Wed Jan 28 21:01:55 2015 (r277854) +++ head/sys/fs/fdescfs/fdesc_vfsops.c Wed Jan 28 21:08:09 2015 (r277855) @@ -42,6 +42,7 @@ #include sys/systm.h #include sys/filedesc.h #include sys/kernel.h +#include sys/jail.h #include sys/lock.h #include sys/mutex.h #include sys/malloc.h @@ -78,8 +79,12 @@ fdesc_mount(struct mount *mp) { int error = 0; struct fdescmount *fmp; + struct thread *td = curthread; struct vnode *rvp; + if (!prison_allow(td-td_ucred, PR_ALLOW_MOUNT_FDESCFS)) + return (EPERM); + /* * Update is a no-op */ @@ -237,4 +242,4 @@ static struct vfsops fdesc_vfsops = { .vfs_unmount = fdesc_unmount, }; -VFS_SET(fdesc_vfsops, fdescfs, VFCF_SYNTHETIC); +VFS_SET(fdesc_vfsops, fdescfs, VFCF_SYNTHETIC | VFCF_JAIL); Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Wed Jan 28 21:01:55 2015(r277854) +++ head/sys/kern/kern_jail.c Wed Jan 28 21:08:09 2015(r277855) @@ -208,6 +208,7 @@ static char *pr_allow_names[] = { allow.mount.zfs, allow.mount.procfs, allow.mount.tmpfs, + allow.mount.fdescfs, }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -224,6 +225,7 @@ static char *pr_allow_nonames[] = { allow.mount.nozfs, allow.mount.noprocfs, allow.mount.notmpfs, + allow.mount.nofdescfs, }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -4213,6 +4215,10 @@ SYSCTL_PROC(_security_jail, OID_AUTO, mo CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_DEVFS, sysctl_jail_default_allow, I, Processes in jail can mount the devfs file system); +SYSCTL_PROC(_security_jail, OID_AUTO, mount_fdescfs_allowed, +CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, +NULL, PR_ALLOW_MOUNT_FDESCFS, sysctl_jail_default_allow, I, +Processes in jail can mount the fdescfs file system); SYSCTL_PROC(_security_jail, OID_AUTO, mount_nullfs_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT_NULLFS, sysctl_jail_default_allow, I, @@ -4373,6 +4379,8 @@ SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYP B, Jail may mount/unmount jail-friendly file systems in general); SYSCTL_JAIL_PARAM(_allow_mount, devfs, CTLTYPE_INT | CTLFLAG_RW, B, Jail may mount the devfs file system); +SYSCTL_JAIL_PARAM(_allow_mount, fdescfs, CTLTYPE_INT | CTLFLAG_RW, +B, Jail may mount the fdescfs file system); SYSCTL_JAIL_PARAM(_allow_mount, nullfs, CTLTYPE_INT | CTLFLAG_RW, B, Jail may mount the nullfs file system); SYSCTL_JAIL_PARAM(_allow_mount, procfs, CTLTYPE_INT | CTLFLAG_RW, Modified: head/sys/sys/jail.h == --- head/sys/sys/jail.h Wed Jan 28 21:01:55 2015(r277854) +++ head/sys/sys/jail.h Wed Jan 28 21:08:09 2015(r277855) @@ -226,7 +226,8 @@ struct prison_racct { #definePR_ALLOW_MOUNT_ZFS 0x0200 #definePR_ALLOW_MOUNT_PROCFS 0x0400 #definePR_ALLOW_MOUNT_TMPFS0x0800 -#definePR_ALLOW_ALL0x0fff +#definePR_ALLOW_MOUNT_FDESCFS 0x1000 +#definePR_ALLOW_ALL0x1fff /* * OSD methods Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Wed Jan 28 21:01:55 2015(r277854) +++ head/usr.sbin/jail/jail.8 Wed Jan 28 21:08:09 2015(r277855) @@ -25,7 +25,7 @@ .\ .\ $FreeBSD$ .\ -.Dd August 4, 2014 +.Dd January 28, 2015 .Dt JAIL 8 .Os .Sh NAME @@ -362,7 +362,7 @@ A set of IPv6 options for the jail, the and .Va ip4 above. -.It vnet +.It Va vnet Create the jail with its own virtual network stack, with its own network interfaces, addresses, routing table, etc. The kernel must have been compiled with the @@ -531,6 +531,14 @@ is set to a value lower than 2. The devfs ruleset should be restricted from the default by using the .Va devfs_ruleset option. +.It Va allow.mount.fdescfs +privileged users inside the jail will be able to mount and unmount the +fdescfs file system. +This permission is effective only together with +.Va allow.mount +and only when +.Va enforce_statfs +is set to a value lower than 2. .It Va
svn commit: r277159 - in head/sys: kern sys
Author: jamie Date: Wed Jan 14 04:50:28 2015 New Revision: 277159 URL: https://svnweb.freebsd.org/changeset/base/277159 Log: Remove the prison flags PR_IP4_DISABLE and PR_IP6_DISABLE, which have been write-only for as long as they've existed. Modified: head/sys/kern/kern_jail.c head/sys/sys/jail.h Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Wed Jan 14 03:52:41 2015(r277158) +++ head/sys/kern/kern_jail.c Wed Jan 14 04:50:28 2015(r277159) @@ -187,10 +187,10 @@ struct jailsys_flags { { vnet, 0, PR_VNET }, #endif #ifdef INET - { ip4, PR_IP4_USER | PR_IP4_DISABLE, PR_IP4_USER }, + { ip4, PR_IP4_USER, PR_IP4_USER }, #endif #ifdef INET6 - { ip6, PR_IP6_USER | PR_IP6_DISABLE, PR_IP6_USER }, + { ip6, PR_IP6_USER, PR_IP6_USER }, #endif }; const size_t pr_flag_jailsys_size = sizeof(pr_flag_jailsys); @@ -807,11 +807,9 @@ kern_jail_set(struct thread *td, struct error = EINVAL; goto done_free; } else { - ch_flags |= PR_IP4_USER | PR_IP4_DISABLE; - if (ip4s == 0) - pr_flags |= PR_IP4_USER | PR_IP4_DISABLE; - else { - pr_flags = (pr_flags ~PR_IP4_DISABLE) | PR_IP4_USER; + ch_flags |= PR_IP4_USER; + pr_flags |= PR_IP4_USER; + if (ip4s 0) { ip4s /= sizeof(*ip4); if (ip4s jail_max_af_ips) { error = EINVAL; @@ -865,11 +863,9 @@ kern_jail_set(struct thread *td, struct error = EINVAL; goto done_free; } else { - ch_flags |= PR_IP6_USER | PR_IP6_DISABLE; - if (ip6s == 0) - pr_flags |= PR_IP6_USER | PR_IP6_DISABLE; - else { - pr_flags = (pr_flags ~PR_IP6_DISABLE) | PR_IP6_USER; + ch_flags |= PR_IP6_USER; + pr_flags |= PR_IP6_USER; + if (ip6s 0) { ip6s /= sizeof(*ip6); if (ip6s jail_max_af_ips) { error = EINVAL; @@ -1249,8 +1245,7 @@ kern_jail_set(struct thread *td, struct { #ifdef INET if (!(ch_flags PR_IP4_USER)) - pr-pr_flags |= - PR_IP4 | PR_IP4_USER | PR_IP4_DISABLE; + pr-pr_flags |= PR_IP4 | PR_IP4_USER; else if (!(pr_flags PR_IP4_USER)) { pr-pr_flags |= ppr-pr_flags PR_IP4; if (ppr-pr_ip4 != NULL) { @@ -1265,8 +1260,7 @@ kern_jail_set(struct thread *td, struct #endif #ifdef INET6 if (!(ch_flags PR_IP6_USER)) - pr-pr_flags |= - PR_IP6 | PR_IP6_USER | PR_IP6_DISABLE; + pr-pr_flags |= PR_IP6 | PR_IP6_USER; else if (!(pr_flags PR_IP6_USER)) { pr-pr_flags |= ppr-pr_flags PR_IP6; if (ppr-pr_ip6 != NULL) { @@ -2724,7 +2718,6 @@ prison_restrict_ip4(struct prison *pr, s } } if (pr-pr_ip4s == 0) { - pr-pr_flags |= PR_IP4_DISABLE; free(pr-pr_ip4, M_PRISON); pr-pr_ip4 = NULL; } @@ -3065,7 +3058,6 @@ prison_restrict_ip6(struct prison *pr, s } } if (pr-pr_ip6s == 0) { - pr-pr_flags |= PR_IP6_DISABLE; free(pr-pr_ip6, M_PRISON); pr-pr_ip6 = NULL; } Modified: head/sys/sys/jail.h == --- head/sys/sys/jail.h Wed Jan 14 03:52:41 2015(r277158) +++ head/sys/sys/jail.h Wed Jan 14 04:50:28 2015(r277159) @@ -201,8 +201,6 @@ struct prison_racct { #definePR_IP4_USER 0x0004 /* Restrict IPv4 addresses */ #definePR_IP6_USER 0x0008 /* Restrict IPv6 addresses */ #definePR_VNET 0x0010 /* Virtual network stack */ -#definePR_IP4_DISABLE 0x0020 /* Disable IPv4 */ -#definePR_IP6_DISABLE 0x0040 /* Disable IPv6 */ #definePR_IP4_SADDRSEL 0x0080 /* Do IPv4 src addr sel. or use the */ /* primary jail address. */ #definePR_IP6_SADDRSEL 0x0100 /* Do IPv6 src addr sel. or use the */ ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To
svn commit: r277158 - head/sys/kern
Author: jamie Date: Wed Jan 14 03:52:41 2015 New Revision: 277158 URL: https://svnweb.freebsd.org/changeset/base/277158 Log: Don't set prison's pr_ip4s or pr_ip6s to -1. PR: 196474 MFC after:3 days Modified: head/sys/kern/kern_jail.c Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Wed Jan 14 02:18:29 2015(r277157) +++ head/sys/kern/kern_jail.c Wed Jan 14 03:52:41 2015(r277158) @@ -800,7 +800,7 @@ kern_jail_set(struct thread *td, struct #ifdef INET error = vfs_getopt(opts, ip4.addr, op, ip4s); if (error == ENOENT) - ip4s = (pr_flags PR_IP4_DISABLE) ? 0 : -1; + ip4s = 0; else if (error != 0) goto done_free; else if (ip4s (sizeof(*ip4) - 1)) { @@ -858,7 +858,7 @@ kern_jail_set(struct thread *td, struct #ifdef INET6 error = vfs_getopt(opts, ip6.addr, op, ip6s); if (error == ENOENT) - ip6s = (pr_flags PR_IP6_DISABLE) ? 0 : -1; + ip6s = 0; else if (error != 0) goto done_free; else if (ip6s (sizeof(*ip6) - 1)) { ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r275906 - head/usr.sbin/jail
Author: jamie Date: Thu Dec 18 18:10:39 2014 New Revision: 275906 URL: https://svnweb.freebsd.org/changeset/base/275906 Log: Setgid before running a command as a specified user. Previously only initgroups(3) was called, what isn't quite enough. This brings jail(8) in line with jexec(8), which was already doing the right thing. PR: 195984 MFC after:1 week Modified: head/usr.sbin/jail/command.c Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cThu Dec 18 16:57:22 2014 (r275905) +++ head/usr.sbin/jail/command.cThu Dec 18 18:10:39 2014 (r275906) @@ -667,6 +667,11 @@ run_command(struct cfjail *j) if (term != NULL) setenv(TERM, term, 1); } + if (setgid(pwd-pw_gid) 0) { + jail_warnx(j, setgid %d: %s, pwd-pw_gid, + strerror(errno)); + exit(1); + } if (setusercontext(lcap, pwd, pwd-pw_uid, username ? LOGIN_SETALL ~LOGIN_SETGROUP ~LOGIN_SETLOGIN : LOGIN_SETPATH | LOGIN_SETENV) 0) { ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r275073 - in head: lib/libjail usr.sbin/jail
Author: jamie Date: Tue Nov 25 21:01:08 2014 New Revision: 275073 URL: https://svnweb.freebsd.org/changeset/base/275073 Log: In preparation for using clang's -Wcast-qual: Use __DECONST (instead of my own attempted re-invention) for the iov parameters to jail_get/set(2). Similarly remove the decost-ish hack from execvp's argv, except the __DECONST is only added at very end. While I'm at it, remove an unused variable and fix a comment typo. Modified: head/lib/libjail/jail.c head/lib/libjail/jail_getid.c head/usr.sbin/jail/command.c head/usr.sbin/jail/jail.c head/usr.sbin/jail/state.c Modified: head/lib/libjail/jail.c == --- head/lib/libjail/jail.c Tue Nov 25 21:00:58 2014(r275072) +++ head/lib/libjail/jail.c Tue Nov 25 21:01:08 2014(r275073) @@ -531,7 +531,7 @@ jailparam_set(struct jailparam *jp, unsi } i++; } - *(const void **)jiov[i].iov_base = errmsg; + jiov[i].iov_base = __DECONST(char *, errmsg); jiov[i].iov_len = sizeof(errmsg); i++; jiov[i].iov_base = jail_errmsg; @@ -601,7 +601,7 @@ jailparam_get(struct jailparam *jp, unsi jiov[ki].iov_len = (jp_key-jp_ctltype CTLTYPE) == CTLTYPE_STRING ? strlen(jp_key-jp_value) + 1 : jp_key-jp_valuelen; ki++; - *(const void **)jiov[ki].iov_base = errmsg; + jiov[ki].iov_base = __DECONST(char *, errmsg); jiov[ki].iov_len = sizeof(errmsg); ki++; jiov[ki].iov_base = jail_errmsg; Modified: head/lib/libjail/jail_getid.c == --- head/lib/libjail/jail_getid.c Tue Nov 25 21:00:58 2014 (r275072) +++ head/lib/libjail/jail_getid.c Tue Nov 25 21:01:08 2014 (r275073) @@ -53,12 +53,12 @@ jail_getid(const char *name) jid = strtoul(name, ep, 10); if (*name !*ep) return jid; - *(const void **)jiov[0].iov_base = name; + jiov[0].iov_base = __DECONST(char *, name); jiov[0].iov_len = sizeof(name); jiov[1].iov_len = strlen(name) + 1; jiov[1].iov_base = alloca(jiov[1].iov_len); strcpy(jiov[1].iov_base, name); - *(const void **)jiov[2].iov_base = errmsg; + jiov[2].iov_base = __DECONST(char *, errmsg); jiov[2].iov_len = sizeof(errmsg); jiov[3].iov_base = jail_errmsg; jiov[3].iov_len = JAIL_ERRMSGLEN; @@ -80,15 +80,15 @@ jail_getname(int jid) char *name; char namebuf[MAXHOSTNAMELEN]; - *(const void **)jiov[0].iov_base = jid; + jiov[0].iov_base = __DECONST(char *, jid); jiov[0].iov_len = sizeof(jid); jiov[1].iov_base = jid; jiov[1].iov_len = sizeof(jid); - *(const void **)jiov[2].iov_base = name; + jiov[2].iov_base = __DECONST(char *, name); jiov[2].iov_len = sizeof(name); jiov[3].iov_base = namebuf; jiov[3].iov_len = sizeof(namebuf); - *(const void **)jiov[4].iov_base = errmsg; + jiov[4].iov_base = __DECONST(char *, errmsg); jiov[4].iov_len = sizeof(errmsg); jiov[5].iov_base = jail_errmsg; jiov[5].iov_len = JAIL_ERRMSGLEN; Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cTue Nov 25 21:00:58 2014 (r275072) +++ head/usr.sbin/jail/command.cTue Nov 25 21:01:08 2014 (r275073) @@ -260,8 +260,8 @@ run_command(struct cfjail *j) const struct passwd *pwd; const struct cfstring *comstring, *s; login_cap_t *lcap; - char **argv; - char *cs, *comcs, *devpath; + const char **argv; + char *acs, *cs, *comcs, *devpath; const char *jidstr, *conslog, *path, *ruleset, *term, *username; enum intparam comparam; size_t comlen; @@ -332,27 +332,26 @@ run_command(struct cfjail *j) } argv = alloca((8 + argc) * sizeof(char *)); - *(const char **)argv[0] = _PATH_IFCONFIG; + argv[0] = _PATH_IFCONFIG; if ((cs = strchr(val, '|'))) { - argv[1] = alloca(cs - val + 1); - strlcpy(argv[1], val, cs - val + 1); + argv[1] = acs = alloca(cs - val + 1); + strlcpy(acs, val, cs - val + 1); addr = cs + 1; } else { - *(const char **)argv[1] = - string_param(j-intparams[IP_INTERFACE]); + argv[1] = string_param(j-intparams[IP_INTERFACE]); addr = val; } - *(const char **)argv[2] = inet; + argv[2] = inet; if (!(cs = strchr(addr, '/'))) { argv[3] = addr; -
svn commit: r261326 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
Author: jamie Date: Fri Jan 31 17:39:51 2014 New Revision: 261326 URL: http://svnweb.freebsd.org/changeset/base/261326 Log: Back out r261266 pending security buy-in. r261266: Add a jail parameter, allow.kmem, which lets jailed processes access /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE). This in conjunction with changing the drm driver's permission check from PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server. Modified: head/sys/dev/drm/drmP.h head/sys/kern/kern_jail.c head/sys/sys/jail.h head/usr.sbin/jail/jail.8 Modified: head/sys/dev/drm/drmP.h == --- head/sys/dev/drm/drmP.h Fri Jan 31 17:26:15 2014(r261325) +++ head/sys/dev/drm/drmP.h Fri Jan 31 17:39:51 2014(r261326) @@ -227,9 +227,7 @@ enum { #define PAGE_ALIGN(addr) round_page(addr) /* DRM_SUSER returns true if the user is superuser */ -#if __FreeBSD_version = 100 -#define DRM_SUSER(p) (priv_check(p, PRIV_KMEM_WRITE) == 0) -#elif __FreeBSD_version = 70 +#if __FreeBSD_version = 70 #define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0) #else #define DRM_SUSER(p) (suser(p) == 0) Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Fri Jan 31 17:26:15 2014(r261325) +++ head/sys/kern/kern_jail.c Fri Jan 31 17:39:51 2014(r261326) @@ -208,7 +208,6 @@ static char *pr_allow_names[] = { allow.mount.zfs, allow.mount.procfs, allow.mount.tmpfs, - allow.kmem, }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -225,7 +224,6 @@ static char *pr_allow_nonames[] = { allow.mount.nozfs, allow.mount.noprocfs, allow.mount.notmpfs, - allow.nokmem, }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -3953,27 +3951,6 @@ prison_priv_check(struct ucred *cred, in return (0); /* -* Allow access to /dev/io in a jail if the non-jailed admin -* requests this and if /dev/io exists in the jail. This -* allows Xorg to probe a card. -*/ - case PRIV_IO: - if (cred-cr_prison-pr_allow PR_ALLOW_KMEM) - return (0); - else - return (EPERM); - - /* -* Allow low level access to KMEM-like devices (e.g. to -* allow Xorg to use DRI). -*/ - case PRIV_KMEM_WRITE: - if (cred-cr_prison-pr_allow PR_ALLOW_KMEM) - return (0); - else - return (EPERM); - - /* * Allow jailed root to set loginclass. */ case PRIV_PROC_SETLOGINCLASS: @@ -4407,8 +4384,6 @@ SYSCTL_JAIL_PARAM(_allow, quotas, CTLTYP B, Jail may set file quotas); SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW, B, Jail may create sockets other than just UNIX/IPv4/IPv6/route); -SYSCTL_JAIL_PARAM(_allow, kmem, CTLTYPE_INT | CTLFLAG_RW, -B, Jail may access kmem-like devices (io, dri) if they exist); SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, Jail mount/unmount permission flags); SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, Modified: head/sys/sys/jail.h == --- head/sys/sys/jail.h Fri Jan 31 17:26:15 2014(r261325) +++ head/sys/sys/jail.h Fri Jan 31 17:39:51 2014(r261326) @@ -228,8 +228,7 @@ struct prison_racct { #definePR_ALLOW_MOUNT_ZFS 0x0200 #definePR_ALLOW_MOUNT_PROCFS 0x0400 #definePR_ALLOW_MOUNT_TMPFS0x0800 -#definePR_ALLOW_KMEM 0x1000 -#definePR_ALLOW_ALL0x1fff +#definePR_ALLOW_ALL0x0fff /* * OSD methods Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Fri Jan 31 17:26:15 2014(r261325) +++ head/usr.sbin/jail/jail.8 Fri Jan 31 17:39:51 2014(r261326) @@ -573,17 +573,6 @@ with non-jailed parts of the system. Sockets within a jail are normally restricted to IPv4, IPv6, local (UNIX), and route. This allows access to other protocol stacks that have not had jail functionality added to them. -.It Va allow.kmem -Jailed processes may access -.Pa /dev/kmem -and similar devices (e.g. io, dri) if they have sufficient permission -(via the usual file permissions). -Note that the device files must exist within the jail for this parameter -to be of any use; -the default devfs ruleset for jails does not include any such devices. -Giving a jail access to kernel memory
svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
Author: jamie Date: Wed Jan 29 13:41:13 2014 New Revision: 261266 URL: http://svnweb.freebsd.org/changeset/base/261266 Log: Add a jail parameter, allow.kmem, which lets jailed processes access /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE). This in conjunction with changing the drm driver's permission check from PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server. Submitted by: netchild MFC after:1 week Modified: head/sys/dev/drm/drmP.h head/sys/kern/kern_jail.c head/sys/sys/jail.h head/usr.sbin/jail/jail.8 Modified: head/sys/dev/drm/drmP.h == --- head/sys/dev/drm/drmP.h Wed Jan 29 13:35:12 2014(r261265) +++ head/sys/dev/drm/drmP.h Wed Jan 29 13:41:13 2014(r261266) @@ -227,7 +227,9 @@ enum { #define PAGE_ALIGN(addr) round_page(addr) /* DRM_SUSER returns true if the user is superuser */ -#if __FreeBSD_version = 70 +#if __FreeBSD_version = 100 +#define DRM_SUSER(p) (priv_check(p, PRIV_KMEM_WRITE) == 0) +#elif __FreeBSD_version = 70 #define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0) #else #define DRM_SUSER(p) (suser(p) == 0) Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Wed Jan 29 13:35:12 2014(r261265) +++ head/sys/kern/kern_jail.c Wed Jan 29 13:41:13 2014(r261266) @@ -208,6 +208,7 @@ static char *pr_allow_names[] = { allow.mount.zfs, allow.mount.procfs, allow.mount.tmpfs, + allow.kmem, }; const size_t pr_allow_names_size = sizeof(pr_allow_names); @@ -224,6 +225,7 @@ static char *pr_allow_nonames[] = { allow.mount.nozfs, allow.mount.noprocfs, allow.mount.notmpfs, + allow.nokmem, }; const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames); @@ -3951,6 +3953,27 @@ prison_priv_check(struct ucred *cred, in return (0); /* +* Allow access to /dev/io in a jail if the non-jailed admin +* requests this and if /dev/io exists in the jail. This +* allows Xorg to probe a card. +*/ + case PRIV_IO: + if (cred-cr_prison-pr_allow PR_ALLOW_KMEM) + return (0); + else + return (EPERM); + + /* +* Allow low level access to KMEM-like devices (e.g. to +* allow Xorg to use DRI). +*/ + case PRIV_KMEM_WRITE: + if (cred-cr_prison-pr_allow PR_ALLOW_KMEM) + return (0); + else + return (EPERM); + + /* * Allow jailed root to set loginclass. */ case PRIV_PROC_SETLOGINCLASS: @@ -4384,6 +4407,8 @@ SYSCTL_JAIL_PARAM(_allow, quotas, CTLTYP B, Jail may set file quotas); SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW, B, Jail may create sockets other than just UNIX/IPv4/IPv6/route); +SYSCTL_JAIL_PARAM(_allow, kmem, CTLTYPE_INT | CTLFLAG_RW, +B, Jail may access kmem-like devices (io, dri) if they exist); SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, Jail mount/unmount permission flags); SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW, Modified: head/sys/sys/jail.h == --- head/sys/sys/jail.h Wed Jan 29 13:35:12 2014(r261265) +++ head/sys/sys/jail.h Wed Jan 29 13:41:13 2014(r261266) @@ -228,7 +228,8 @@ struct prison_racct { #definePR_ALLOW_MOUNT_ZFS 0x0200 #definePR_ALLOW_MOUNT_PROCFS 0x0400 #definePR_ALLOW_MOUNT_TMPFS0x0800 -#definePR_ALLOW_ALL0x0fff +#definePR_ALLOW_KMEM 0x1000 +#definePR_ALLOW_ALL0x1fff /* * OSD methods Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Wed Jan 29 13:35:12 2014(r261265) +++ head/usr.sbin/jail/jail.8 Wed Jan 29 13:41:13 2014(r261266) @@ -573,6 +573,17 @@ with non-jailed parts of the system. Sockets within a jail are normally restricted to IPv4, IPv6, local (UNIX), and route. This allows access to other protocol stacks that have not had jail functionality added to them. +.It Va allow.kmem +Jailed processes may access +.Pa /dev/kmem +and similar devices (e.g. io, dri) if they have sufficient permission +(via the usual file permissions). +Note that the device files must exist within the jail for this parameter +to be of any use; +the default devfs ruleset for jails does not include any such devices. +Giving a jail access to kernel memory obviates much of
Re: svn commit: r255316 - head/sys/kern
On 09/06/13 12:18, Gleb Smirnoff wrote: On Fri, Sep 06, 2013 at 05:32:29PM +, Jamie Gritton wrote: J Author: jamie J Date: Fri Sep 6 17:32:29 2013 J New Revision: 255316 J URL: http://svnweb.freebsd.org/changeset/base/255316 J J Log: J Keep PRIV_KMEM_READ permitted inside jails as it is on the outside. J J Modified: J head/sys/kern/kern_jail.c J J Modified: head/sys/kern/kern_jail.c J == J --- head/sys/kern/kern_jail.c Fri Sep 6 17:19:57 2013 (r255315) J +++ head/sys/kern/kern_jail.c Fri Sep 6 17:32:29 2013 (r255316) J @@ -3885,6 +3885,13 @@ prison_priv_check(struct ucred *cred, in Jcase PRIV_VFS_SETGID: Jcase PRIV_VFS_STAT: Jcase PRIV_VFS_STICKYFILE: J + J + /* J + * As in the non-jail case, non-root users are expected to be J + * able to read kernel/phyiscal memory (provided /dev/[k]mem J + * exists in the jail and they have permission to access it). J + */ J + case PRIV_KMEM_READ: Jreturn (0); J J/* Was that discussed anywhere or reviewed by anyone? Yes, it was brought up by jase@ in src-committers last week, noting that my original PRIV_KMEM_* commit (r252841) broke existing jail behavior. The entire discussion was the mention of the problem and my mention of what it would take to fix it. There was no code review as such, but that seemed appropriate for an obvious one-liner. - Jamie ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
Re: svn commit: r252841 - in head/sys: dev/mem kern sys
On 08/30/13 11:13, Jase Thew wrote: On 05/07/2013 22:31, Jamie Gritton wrote: Author: jamie Date: Fri Jul 5 21:31:16 2013 New Revision: 252841 URL: http://svnweb.freebsd.org/changeset/base/252841 Log: Add new privileges, PRIV_KMEM_READ and PRIV_KMEM_WRITE, used in opening /dev/kmem and /dev/mem (in addition to traditional file permission checks). PRIV_KMEM_READ is different from other PRIV_* checks in that it's allowed by default. Reviewed by:kib, mckusick Hi Jamie, As a result of this commit (and r252845), it is no longer possible to access /dev/mem and /dev/kmem inside of a jail - is this behaviour intentional? # dd if=/dev/mem bs=64 count=1 dd: /dev/mem: Operation not permitted It's intentional, but it's not intended to be the full solution. I also need to add a permission flag to jails to allow kmem access. However I didn't intend to disrupt read permission, though clearly it does since it now passes through prison_priv_check. So I ought to add some code in prison_priv_check that mirrors the code in priv_check_cred to allow PRIV_KMEM_READ by default. - Jamie ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r252841 - in head/sys: dev/mem kern sys
Author: jamie Date: Fri Jul 5 21:31:16 2013 New Revision: 252841 URL: http://svnweb.freebsd.org/changeset/base/252841 Log: Add new privileges, PRIV_KMEM_READ and PRIV_KMEM_WRITE, used in opening /dev/kmem and /dev/mem (in addition to traditional file permission checks). PRIV_KMEM_READ is different from other PRIV_* checks in that it's allowed by default. Reviewed by: kib, mckusick Modified: head/sys/dev/mem/memdev.c head/sys/kern/kern_priv.c head/sys/sys/priv.h Modified: head/sys/dev/mem/memdev.c == --- head/sys/dev/mem/memdev.c Fri Jul 5 21:29:59 2013(r252840) +++ head/sys/dev/mem/memdev.c Fri Jul 5 21:31:16 2013(r252841) @@ -37,6 +37,7 @@ __FBSDID($FreeBSD$); #include sys/memrange.h #include sys/module.h #include sys/mutex.h +#include sys/priv.h #include sys/proc.h #include sys/signalvar.h #include sys/systm.h @@ -67,8 +68,14 @@ memopen(struct cdev *dev __unused, int f { int error = 0; - if (flags FWRITE) - error = securelevel_gt(td-td_ucred, 0); + if (flags FREAD) + error = priv_check(td, PRIV_KMEM_READ); + if (flags FWRITE) { + if (error == 0) + error = priv_check(td, PRIV_KMEM_WRITE); + if (error == 0) + error = securelevel_gt(td-td_ucred, 0); + } return (error); } Modified: head/sys/kern/kern_priv.c == --- head/sys/kern/kern_priv.c Fri Jul 5 21:29:59 2013(r252840) +++ head/sys/kern/kern_priv.c Fri Jul 5 21:31:16 2013(r252841) @@ -142,6 +142,15 @@ priv_check_cred(struct ucred *cred, int } /* +* Writes to kernel memory are a typical root-only operation, +* but non-root users are expected to be able to read it. +*/ + if (priv == PRIV_KMEM_READ) { + error = 0; + goto out; + } + + /* * Now check with MAC, if enabled, to see if a policy module grants * privilege. */ Modified: head/sys/sys/priv.h == --- head/sys/sys/priv.h Fri Jul 5 21:29:59 2013(r252840) +++ head/sys/sys/priv.h Fri Jul 5 21:31:16 2013(r252841) @@ -494,6 +494,12 @@ #definePRIV_RCTL_REMOVE_RULE 674 /* + * Kernel memory privileges. + */ +#definePRIV_KMEM_READ 680 /* Read from kernel memory. */ +#definePRIV_KMEM_WRITE 681 /* Write to kernel memory. */ + +/* * Track end of privilege list. */ #define_PRIV_HIGHEST 675 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r252845 - head/sys/sys
Author: jamie Date: Fri Jul 5 21:41:05 2013 New Revision: 252845 URL: http://svnweb.freebsd.org/changeset/base/252845 Log: Bump up _PRIV_HIGHEST to account for PRIV_KMEM_READ/WRITE. Submitted by: mdf Modified: head/sys/sys/priv.h Modified: head/sys/sys/priv.h == --- head/sys/sys/priv.h Fri Jul 5 21:40:31 2013(r252844) +++ head/sys/sys/priv.h Fri Jul 5 21:41:05 2013(r252845) @@ -502,7 +502,7 @@ /* * Track end of privilege list. */ -#define_PRIV_HIGHEST 675 +#define_PRIV_HIGHEST 682 /* * Validate that a named privilege is known by the privilege system. Invalid ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r252855 - in head/sys: kern sys
Author: jamie Date: Sat Jul 6 00:10:52 2013 New Revision: 252855 URL: http://svnweb.freebsd.org/changeset/base/252855 Log: Make the comments a little more clear about PRIV_KMEM_*, explicitly referring to /dev/[k]mem and noting it's about opening the files rather than actually reading and writing. Reviewed by: jmallett Modified: head/sys/kern/kern_priv.c head/sys/sys/priv.h Modified: head/sys/kern/kern_priv.c == --- head/sys/kern/kern_priv.c Fri Jul 5 23:40:08 2013(r252854) +++ head/sys/kern/kern_priv.c Sat Jul 6 00:10:52 2013(r252855) @@ -142,8 +142,9 @@ priv_check_cred(struct ucred *cred, int } /* -* Writes to kernel memory are a typical root-only operation, -* but non-root users are expected to be able to read it. +* Writes to kernel/physical memory are a typical root-only operation, +* but non-root users are expected to be able to read it (provided they +* have permission to access /dev/[k]mem). */ if (priv == PRIV_KMEM_READ) { error = 0; Modified: head/sys/sys/priv.h == --- head/sys/sys/priv.h Fri Jul 5 23:40:08 2013(r252854) +++ head/sys/sys/priv.h Sat Jul 6 00:10:52 2013(r252855) @@ -494,10 +494,10 @@ #definePRIV_RCTL_REMOVE_RULE 674 /* - * Kernel memory privileges. + * mem(4) privileges. */ -#definePRIV_KMEM_READ 680 /* Read from kernel memory. */ -#definePRIV_KMEM_WRITE 681 /* Write to kernel memory. */ +#definePRIV_KMEM_READ 680 /* Open mem/kmem for reading. */ +#definePRIV_KMEM_WRITE 681 /* Open mem/kmem for writing. */ /* * Track end of privilege list. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r250968 - head/share/man/man8
Author: jamie Date: Fri May 24 14:57:38 2013 New Revision: 250968 URL: http://svnweb.freebsd.org/changeset/base/250968 Log: Mention the nojailvnet keyword. MFC after:3 days Modified: head/share/man/man8/rc.8 Modified: head/share/man/man8/rc.8 == --- head/share/man/man8/rc.8Fri May 24 11:27:06 2013(r250967) +++ head/share/man/man8/rc.8Fri May 24 14:57:38 2013(r250968) @@ -124,7 +124,9 @@ Load the configuration files. Determine if booting in a jail, and add .Dq Li nojail -to the list of KEYWORDS to skip in +(no jails allowed) or +.Dq Li nojailvnet +(only allow vnet-enabled jails) to the list of KEYWORDS to skip in .Xr rcorder 8 . .It Invoke ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r250804 - in head: etc etc/rc.d sys/kern
Author: jamie Date: Sun May 19 04:10:34 2013 New Revision: 250804 URL: http://svnweb.freebsd.org/changeset/base/250804 Log: Refine the nojail rc keyword, adding nojailvnet for files that don't apply to most jails but do apply to vnet jails. This includes adding a new sysctl security.jail.vnet to identify vnet jails. PR: conf/149050 Submitted by: mdodd MFC after:3 days Modified: head/etc/rc head/etc/rc.d/ipfw head/etc/rc.d/netif head/etc/rc.d/routing head/etc/rc.shutdown head/sys/kern/kern_jail.c Modified: head/etc/rc == --- head/etc/rc Sun May 19 03:04:34 2013(r250803) +++ head/etc/rc Sun May 19 04:10:34 2013(r250804) @@ -77,6 +77,9 @@ if [ `/sbin/sysctl -n security.jail.jail if [ $early_late_divider = FILESYSTEMS ]; then early_late_divider=NETWORKING fi + if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + skip=$skip -s nojailvnet + fi fi # Do a first pass to get everything up to $early_late_divider so that Modified: head/etc/rc.d/ipfw == --- head/etc/rc.d/ipfw Sun May 19 03:04:34 2013(r250803) +++ head/etc/rc.d/ipfw Sun May 19 04:10:34 2013(r250804) @@ -5,7 +5,7 @@ # PROVIDE: ipfw # REQUIRE: ppp -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr Modified: head/etc/rc.d/netif == --- head/etc/rc.d/netif Sun May 19 03:04:34 2013(r250803) +++ head/etc/rc.d/netif Sun May 19 04:10:34 2013(r250804) @@ -28,7 +28,7 @@ # PROVIDE: netif # REQUIRE: atm1 FILESYSTEMS serial sppp sysctl # REQUIRE: ipfilter ipfs -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr Modified: head/etc/rc.d/routing == --- head/etc/rc.d/routing Sun May 19 03:04:34 2013(r250803) +++ head/etc/rc.d/routing Sun May 19 04:10:34 2013(r250804) @@ -7,7 +7,7 @@ # PROVIDE: routing # REQUIRE: faith netif ppp stf -# KEYWORD: nojail +# KEYWORD: nojailvnet . /etc/rc.subr . /etc/network.subr Modified: head/etc/rc.shutdown == --- head/etc/rc.shutdownSun May 19 03:04:34 2013(r250803) +++ head/etc/rc.shutdownSun May 19 04:10:34 2013(r250804) @@ -81,7 +81,12 @@ fi # and perform the operation # rcorder_opts=-k shutdown -[ `/sbin/sysctl -n security.jail.jailed` -eq 1 ] rcorder_opts=$rcorder_opts -s nojail +if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then + rcorder_opts=$rcorder_opts -s nojail + if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then + rcorder_opts=$rcorder_opts -s nojailvnet + fi +fi case ${local_startup} in [Nn][Oo] | '') ;; Modified: head/sys/kern/kern_jail.c == --- head/sys/kern/kern_jail.c Sun May 19 03:04:34 2013(r250803) +++ head/sys/kern/kern_jail.c Sun May 19 04:10:34 2013(r250804) @@ -4132,6 +4132,26 @@ SYSCTL_PROC(_security_jail, OID_AUTO, ja CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_jailed, I, Process in jail?); +static int +sysctl_jail_vnet(SYSCTL_HANDLER_ARGS) +{ + int error, havevnet; +#ifdef VIMAGE + struct ucred *cred = req-td-td_ucred; + + havevnet = jailed(cred) prison_owns_vnet(cred); +#else + havevnet = 0; +#endif + error = SYSCTL_OUT(req, havevnet, sizeof(havevnet)); + + return (error); +} + +SYSCTL_PROC(_security_jail, OID_AUTO, vnet, +CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, +sysctl_jail_vnet, I, Jail owns VNET?); + #if defined(INET) || defined(INET6) SYSCTL_UINT(_security_jail, OID_AUTO, jail_max_af_ips, CTLFLAG_RW, jail_max_af_ips, 0, ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r248854 - head/usr.sbin/jail
Author: jamie Date: Thu Mar 28 21:02:49 2013 New Revision: 248854 URL: http://svnweb.freebsd.org/changeset/base/248854 Log: Reverse the order of some implicit commands (FS mounts and ifconfigs) when stopping jails. This matters particularly for nested filesystem mounts. PR: kern/177325 Submitted by: Harald Schmalzbauer MFC after:3 days Modified: head/usr.sbin/jail/command.c head/usr.sbin/jail/config.c head/usr.sbin/jail/jailp.h Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cThu Mar 28 20:48:58 2013 (r248853) +++ head/usr.sbin/jail/command.cThu Mar 28 21:02:49 2013 (r248854) @@ -88,13 +88,14 @@ int next_command(struct cfjail *j) { enum intparam comparam; - int create_failed; + int create_failed, stopping; if (paralimit == 0) { requeue(j, runnable); return 1; } create_failed = (j-flags (JF_STOP | JF_FAILED)) == JF_FAILED; + stopping = (j-flags JF_STOP) != 0; comparam = *j-comparam; for (;;) { if (j-comstring == NULL) { @@ -113,14 +114,16 @@ next_command(struct cfjail *j) default: if (j-intparams[comparam] == NULL) continue; - j-comstring = create_failed + j-comstring = create_failed || (stopping + (j-intparams[comparam]-flags PF_REV)) ? TAILQ_LAST(j-intparams[comparam]-val, cfstrings) : TAILQ_FIRST(j-intparams[comparam]-val); } } else { j-comstring = j-comstring == dummystring ? NULL : - create_failed + create_failed || (stopping + (j-intparams[comparam]-flags PF_REV)) ? TAILQ_PREV(j-comstring, cfstrings, tq) : TAILQ_NEXT(j-comstring, tq); } Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Thu Mar 28 20:48:58 2013(r248853) +++ head/usr.sbin/jail/config.c Thu Mar 28 21:02:49 2013(r248854) @@ -81,18 +81,18 @@ static const struct ipspec intparams[] = [IP_INTERFACE] = {interface, PF_INTERNAL}, [IP_IP_HOSTNAME] = {ip_hostname, PF_INTERNAL | PF_BOOL}, #endif -[IP_MOUNT] = {mount, PF_INTERNAL}, +[IP_MOUNT] = {mount, PF_INTERNAL | PF_REV}, [IP_MOUNT_DEVFS] = {mount.devfs, PF_INTERNAL | PF_BOOL}, [IP_MOUNT_FSTAB] = {mount.fstab, PF_INTERNAL}, [IP_STOP_TIMEOUT] ={stop.timeout,PF_INTERNAL | PF_INT}, [IP_VNET_INTERFACE] = {vnet.interface, PF_INTERNAL}, #ifdef INET -[IP__IP4_IFADDR] = {ip4.addr,PF_INTERNAL | PF_CONV}, +[IP__IP4_IFADDR] = {ip4.addr,PF_INTERNAL | PF_CONV | PF_REV}, #endif #ifdef INET6 -[IP__IP6_IFADDR] = {ip6.addr,PF_INTERNAL | PF_CONV}, +[IP__IP6_IFADDR] = {ip6.addr,PF_INTERNAL | PF_CONV | PF_REV}, #endif -[IP__MOUNT_FROM_FSTAB] = {mount.fstab, PF_INTERNAL | PF_CONV}, +[IP__MOUNT_FROM_FSTAB] = {mount.fstab, PF_INTERNAL | PF_CONV | PF_REV}, [IP__OP] = {NULL, PF_CONV}, [KP_ALLOW_CHFLAGS] = {allow.chflags, 0}, [KP_ALLOW_MOUNT] = {allow.mount, 0}, Modified: head/usr.sbin/jail/jailp.h == --- head/usr.sbin/jail/jailp.h Thu Mar 28 20:48:58 2013(r248853) +++ head/usr.sbin/jail/jailp.h Thu Mar 28 21:02:49 2013(r248854) @@ -50,6 +50,7 @@ #define PF_BOOL0x10/* Boolean parameter */ #define PF_INT 0x20/* Integer parameter */ #define PF_CONV0x40/* Parameter duplicated in converted form */ +#define PF_REV 0x80/* Run commands in reverse order on stopping */ #define JF_START 0x0001 /* -c */ #define JF_SET 0x0002 /* -m */ ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r247071 - head/sys/kern
Author: jamie Date: Thu Feb 21 02:41:37 2013 New Revision: 247071 URL: http://svnweb.freebsd.org/changeset/base/247071 Log: Don't worry if a module is already loaded when looking for a fstype to mount (possible in a race condition). Reviewed by: kib MFC after:1 week Modified: head/sys/kern/vfs_init.c Modified: head/sys/kern/vfs_init.c == --- head/sys/kern/vfs_init.cThu Feb 21 02:40:20 2013(r247070) +++ head/sys/kern/vfs_init.cThu Feb 21 02:41:37 2013(r247071) @@ -122,7 +122,7 @@ struct vfsconf * vfs_byname_kld(const char *fstype, struct thread *td, int *error) { struct vfsconf *vfsp; - int fileid; + int fileid, loaded; vfsp = vfs_byname(fstype); if (vfsp != NULL) @@ -130,13 +130,17 @@ vfs_byname_kld(const char *fstype, struc /* Try to load the respective module. */ *error = kern_kldload(td, fstype, fileid); + loaded = (*error == 0); + if (*error == EEXIST) + *error = 0; if (*error) return (NULL); /* Look up again to see if the VFS was loaded. */ vfsp = vfs_byname(fstype); if (vfsp == NULL) { - (void)kern_kldunload(td, fileid, LINKER_UNLOAD_FORCE); + if (loaded) + (void)kern_kldunload(td, fileid, LINKER_UNLOAD_FORCE); *error = ENODEV; return (NULL); } ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r246804 - head/usr.sbin/jail
Author: jamie Date: Thu Feb 14 19:27:52 2013 New Revision: 246804 URL: http://svnweb.freebsd.org/changeset/base/246804 Log: Handle (ignore) when a process disappears before it can be tracked. Modified: head/usr.sbin/jail/command.c Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cThu Feb 14 19:26:58 2013 (r246803) +++ head/usr.sbin/jail/command.cThu Feb 14 19:27:52 2013 (r246804) @@ -66,7 +66,7 @@ int paralimit = -1; extern char **environ; static int run_command(struct cfjail *j); -static void add_proc(struct cfjail *j, pid_t pid); +static int add_proc(struct cfjail *j, pid_t pid); static void clear_procs(struct cfjail *j); static struct cfjail *find_proc(pid_t pid); static int term_procs(struct cfjail *j); @@ -542,13 +542,12 @@ run_command(struct cfjail *j) if (pid 0) err(1, fork); if (pid 0) { - if (bg) { + if (bg || !add_proc(j, pid)) { free(j-comline); j-comline = NULL; return 0; } else { paralimit--; - add_proc(j, pid); return 1; } } @@ -622,7 +621,7 @@ run_command(struct cfjail *j) /* * Add a process to the hash, tied to a jail. */ -static void +static int add_proc(struct cfjail *j, pid_t pid) { struct kevent ke; @@ -632,8 +631,11 @@ add_proc(struct cfjail *j, pid_t pid) if (!kq (kq = kqueue()) 0) err(1, kqueue); EV_SET(ke, pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL); - if (kevent(kq, ke, 1, NULL, 0, NULL) 0) + if (kevent(kq, ke, 1, NULL, 0, NULL) 0) { + if (errno == ESRCH) + return 0; err(1, kevent); + } ph = emalloc(sizeof(struct phash)); ph-j = j; ph-pid = pid; @@ -658,6 +660,7 @@ add_proc(struct cfjail *j, pid_t pid) TAILQ_INSERT_TAIL(sleeping, j, tq); j-queue = sleeping; } + return 1; } /* @@ -730,7 +733,7 @@ term_procs(struct cfjail *j) for (i = 0; i pcnt; i++) if (ki[i].ki_jid == j-jid kill(ki[i].ki_pid, SIGTERM) == 0) { - add_proc(j, ki[i].ki_pid); + (void)add_proc(j, ki[i].ki_pid); if (verbose 0) { if (!noted) { noted = 1; ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r241196 - head/usr.sbin/jail
Author: jamie Date: Thu Oct 4 18:59:46 2012 New Revision: 241196 URL: http://svn.freebsd.org/changeset/base/241196 Log: Move properly to the next parameter when jailparam_init fails (i.e. on an unknown parameter), to avoid freeing bogus pointers. Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Thu Oct 4 15:42:45 2012(r241195) +++ head/usr.sbin/jail/config.c Thu Oct 4 18:59:46 2012(r241196) @@ -690,6 +690,7 @@ import_params(struct cfjail *j) if (jailparam_init(jp, p-name) 0) { error = -1; jail_warnx(j, %s, jail_errmsg); + jp++; continue; } if (TAILQ_EMPTY(p-val)) ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r241197 - head/lib/libjail
Author: jamie Date: Thu Oct 4 19:07:05 2012 New Revision: 241197 URL: http://svn.freebsd.org/changeset/base/241197 Log: Fix some memory allocation errors: * jail_setv will leak a parameter name if jailparam_import fails. * jailparam_all loses the jailparam pointer on realloc error (a clear freshman mistake). * If jailparam_init fails, the caller doesn't need to jailparam_free the buffer. That's not really clear, so set things to NULL allowing jailparam_free to work without error (though it's still not required). Modified: head/lib/libjail/jail.c Modified: head/lib/libjail/jail.c == --- head/lib/libjail/jail.c Thu Oct 4 18:59:46 2012(r241196) +++ head/lib/libjail/jail.c Thu Oct 4 19:07:05 2012(r241197) @@ -85,19 +85,22 @@ jail_setv(int flags, ...) (void)va_arg(tap, char *); va_end(tap); jp = alloca(njp * sizeof(struct jailparam)); - for (njp = 0; (name = va_arg(ap, char *)) != NULL; njp++) { + for (njp = 0; (name = va_arg(ap, char *)) != NULL;) { value = va_arg(ap, char *); - if (jailparam_init(jp + njp, name) 0 || - jailparam_import(jp + njp, value) 0) { - jailparam_free(jp, njp); - va_end(ap); - return (-1); - } + if (jailparam_init(jp + njp, name) 0) + goto error; + if (jailparam_import(jp + njp++, value) 0) + goto error; } va_end(ap); jid = jailparam_set(jp, njp, flags); jailparam_free(jp, njp); return (jid); + + error: + jailparam_free(jp, njp); + va_end(ap); + return (-1); } /* @@ -195,7 +198,7 @@ jail_getv(int flags, ...) int jailparam_all(struct jailparam **jpp) { - struct jailparam *jp; + struct jailparam *jp, *tjp; size_t mlen1, mlen2, buflen; int njp, nlist; int mib1[CTL_MAXNAME], mib2[CTL_MAXNAME - 2]; @@ -242,11 +245,10 @@ jailparam_all(struct jailparam **jpp) /* Add the parameter to the list */ if (njp = nlist) { nlist *= 2; - jp = realloc(jp, nlist * sizeof(*jp)); - if (jp == NULL) { - jailparam_free(jp, njp); - return (-1); - } + tjp = realloc(jp, nlist * sizeof(*jp)); + if (tjp == NULL) + goto error; + jp = tjp; } if (jailparam_init(jp + njp, buf + sizeof(SJPARAM)) 0) goto error; @@ -277,6 +279,8 @@ jailparam_init(struct jailparam *jp, con } if (jailparam_type(jp) 0) { jailparam_free(jp, 1); + jp-jp_name = NULL; + jp-jp_value = NULL; return (-1); } return (0); ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r239621 - head/usr.sbin/jail
Author: jamie Date: Thu Aug 23 19:39:23 2012 New Revision: 239621 URL: http://svn.freebsd.org/changeset/base/239621 Log: Partially roll back r239601 - keep parameter strings both length-delimited and null-terminated at the same time, because they're later passed to libjail as null-terminated. That means I also need to add a nul byte when comma-combining array parameters. MFC after:6 days Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Thu Aug 23 19:32:57 2012(r239620) +++ head/usr.sbin/jail/config.c Thu Aug 23 19:39:23 2012(r239621) @@ -597,6 +597,7 @@ check_intparams(struct cfjail *j) ip4.addr: bad netmask \%s\, cs); error = -1; } + *cs = '\0'; s-len = cs - s-s; } } @@ -620,6 +621,7 @@ check_intparams(struct cfjail *j) cs); error = -1; } + *cs = '\0'; s-len = cs - s-s; } } @@ -713,11 +715,10 @@ import_params(struct cfjail *j) cs = value; TAILQ_FOREACH_SAFE(s, p-val, tq, ts) { memcpy(cs, s-s, s-len); - if (ts != NULL) { - cs += s-len + 1; - cs[-1] = ','; - } + cs += s-len + 1; + cs[-1] = ','; } + value[vallen - 1] = '\0'; } if (jailparam_import(jp, value) 0) { error = -1; ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r239602 - head/usr.sbin/jail
Author: jamie Date: Thu Aug 23 01:43:22 2012 New Revision: 239602 URL: http://svn.freebsd.org/changeset/base/239602 Log: Pre-separate IP addresses passed on the command line, so they can be properly parsed for interface prefixes and netmask suffixes. This was already done for the old-style (fixed) command line, but missed for the new-style. MFC after:1 week Modified: head/usr.sbin/jail/jail.c Modified: head/usr.sbin/jail/jail.c == --- head/usr.sbin/jail/jail.c Thu Aug 23 01:43:01 2012(r239601) +++ head/usr.sbin/jail/jail.c Thu Aug 23 01:43:22 2012(r239602) @@ -304,9 +304,33 @@ main(int argc, char **argv) for (i++; i argc; i++) add_param(NULL, NULL, IP_COMMAND, argv[i]); - break; } - add_param(NULL, NULL, 0, argv[i]); +#ifdef INET + else if (!strncmp(argv[i], ip4.addr=, 9)) { + for (cs = argv[i] + 9;; cs = ncs + 1) { + ncs = strchr(cs, ','); + if (ncs) + *ncs = '\0'; + add_param(NULL, NULL, KP_IP4_ADDR, cs); + if (!ncs) + break; + } + } +#endif +#ifdef INET6 + else if (!strncmp(argv[i], ip6.addr=, 9)) { + for (cs = argv[i] + 9;; cs = ncs + 1) { + ncs = strchr(cs, ','); + if (ncs) + *ncs = '\0'; + add_param(NULL, NULL, KP_IP6_ADDR, cs); + if (!ncs) + break; + } + } +#endif + else + add_param(NULL, NULL, 0, argv[i]); } } else { /* From the config file, perhaps with a specified jail */ ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r239601 - head/usr.sbin/jail
Author: jamie Date: Thu Aug 23 01:43:01 2012 New Revision: 239601 URL: http://svn.freebsd.org/changeset/base/239601 Log: Remember that I'm using length-defined strings in parameters: Remove a bogus null terminator when stripping the netmask from IP addresses. This was causing later addresses in a comma-separated string to disappear. Use memcpy instead of strcpy. This could just cause Bad Things. PR: 170832 MFC after:1 week Modified: head/usr.sbin/jail/config.c Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Thu Aug 23 00:39:08 2012(r239600) +++ head/usr.sbin/jail/config.c Thu Aug 23 01:43:01 2012(r239601) @@ -597,8 +597,7 @@ check_intparams(struct cfjail *j) ip4.addr: bad netmask \%s\, cs); error = -1; } - *cs = '\0'; - s-len = cs - s-s + 1; + s-len = cs - s-s; } } } @@ -621,8 +620,7 @@ check_intparams(struct cfjail *j) cs); error = -1; } - *cs = '\0'; - s-len = cs - s-s + 1; + s-len = cs - s-s; } } } @@ -714,7 +712,7 @@ import_params(struct cfjail *j) value = alloca(vallen); cs = value; TAILQ_FOREACH_SAFE(s, p-val, tq, ts) { - strcpy(cs, s-s); + memcpy(cs, s-s, s-len); if (ts != NULL) { cs += s-len + 1; cs[-1] = ','; ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r236198 - head/usr.sbin/jail
Author: jamie Date: Mon May 28 20:44:11 2012 New Revision: 236198 URL: http://svn.freebsd.org/changeset/base/236198 Log: When writing the jid via the -i flag, do it right when the jail is created, before any commands run. /etc/rc.d/jail depends on this. Modified: head/usr.sbin/jail/command.c head/usr.sbin/jail/jail.c head/usr.sbin/jail/jailp.h Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cMon May 28 19:48:37 2012 (r236197) +++ head/usr.sbin/jail/command.cMon May 28 20:44:11 2012 (r236198) @@ -246,7 +246,7 @@ next_proc(int nonblock) /* * Run a single command for a jail, possible inside the jail. */ -int +static int run_command(struct cfjail *j) { const struct passwd *pwd; @@ -290,6 +290,8 @@ run_command(struct cfjail *j) } else { if (create_jail(j) 0) return -1; + if (iflag) + printf(%d\n, j-jid); if (verbose = 0 (j-name || verbose 0)) jail_note(j, created\n); dep_done(j, DF_LIGHT); Modified: head/usr.sbin/jail/jail.c == --- head/usr.sbin/jail/jail.c Mon May 28 19:48:37 2012(r236197) +++ head/usr.sbin/jail/jail.c Mon May 28 20:44:11 2012(r236198) @@ -55,6 +55,7 @@ struct permspec { }; const char *cfname; +int iflag; int note_remove; int verbose; @@ -129,7 +130,7 @@ main(int argc, char **argv) size_t sysvallen; unsigned op, pi; int ch, docf, error, i, oldcl, sysval; - int dflag, iflag, Rflag; + int dflag, Rflag; char enforce_statfs[4]; #if defined(INET) || defined(INET6) char *cs, *ncs; @@ -139,7 +140,7 @@ main(int argc, char **argv) #endif op = 0; - dflag = iflag = Rflag = 0; + dflag = Rflag = 0; docf = 1; cfname = CONF_FILE; JidFile = NULL; @@ -415,8 +416,6 @@ main(int argc, char **argv) continue; jail_create_done: clear_persist(j); - if (iflag) - printf(%d\n, j-jid); if (jfp != NULL) print_jail(jfp, j, oldcl); dep_done(j, 0); Modified: head/usr.sbin/jail/jailp.h == --- head/usr.sbin/jail/jailp.h Mon May 28 19:48:37 2012(r236197) +++ head/usr.sbin/jail/jailp.h Mon May 28 20:44:11 2012(r236198) @@ -227,6 +227,7 @@ extern struct cfjails cfjails; extern struct cfjails ready; extern struct cfjails depend; extern const char *cfname; +extern int iflag; extern int note_remove; extern int paralimit; extern int verbose; ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r235949 - head/usr.sbin/jail
Author: jamie Date: Fri May 25 00:38:06 2012 New Revision: 235949 URL: http://svn.freebsd.org/changeset/base/235949 Log: Don't try to set a null TERM environment. Submitted by: Mateusz Guzik mjguzik gmail.com Modified: head/usr.sbin/jail/command.c Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cFri May 25 00:18:19 2012 (r235948) +++ head/usr.sbin/jail/command.cFri May 25 00:38:06 2012 (r235949) @@ -584,7 +584,8 @@ run_command(struct cfjail *j) term = getenv(TERM); environ = cleanenv; setenv(PATH, /bin:/usr/bin, 0); - setenv(TERM, term, 1); + if (term != NULL) + setenv(TERM, term, 1); } if (setusercontext(lcap, pwd, pwd-pw_uid, username ? LOGIN_SETALL ~LOGIN_SETGROUP ~LOGIN_SETLOGIN ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r235840 - head/usr.sbin/jail
Author: jamie Date: Wed May 23 15:30:13 2012 New Revision: 235840 URL: http://svn.freebsd.org/changeset/base/235840 Log: Note that the new jail(8) will be appearing in 9.1. Modified: head/usr.sbin/jail/jail.8 head/usr.sbin/jail/jail.conf.5 Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Wed May 23 15:29:34 2012(r235839) +++ head/usr.sbin/jail/jail.8 Wed May 23 15:30:13 2012(r235840) @@ -25,7 +25,7 @@ .\ .\ $FreeBSD$ .\ -.Dd April 26, 2012 +.Dd May 23, 2012 .Dt JAIL 8 .Os .Sh NAME @@ -1183,7 +1183,7 @@ utility appeared in Hierarchical/extensible jails were introduced in .Fx 8.0 . The configuration file was introduced in -.Fx 10.0 . +.Fx 9.1 . .Sh AUTHORS .An -nosplit The jail feature was written by Modified: head/usr.sbin/jail/jail.conf.5 == --- head/usr.sbin/jail/jail.conf.5 Wed May 23 15:29:34 2012 (r235839) +++ head/usr.sbin/jail/jail.conf.5 Wed May 23 15:30:13 2012 (r235840) @@ -24,7 +24,7 @@ .\ .\ $FreeBSD$ .\ -.Dd April 26, 2012 +.Dd May 23, 2012 .Dt JAIL.CONF 5 .Os .Sh NAME @@ -217,7 +217,7 @@ utility appeared in The .Nm file was added in -.Fx 10.0 . +.Fx 9.1 . .Sh AUTHORS .An -nosplit The jail feature was written by ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r235799 - head/lib/libjail
Author: jamie Date: Tue May 22 18:30:32 2012 New Revision: 235799 URL: http://svn.freebsd.org/changeset/base/235799 Log: The fix in r235291 re-broke the allow.nomount case. Re-fix it by testing for the right parameter name. Modified: head/lib/libjail/jail.c Modified: head/lib/libjail/jail.c == --- head/lib/libjail/jail.c Tue May 22 18:30:14 2012(r235798) +++ head/lib/libjail/jail.c Tue May 22 18:30:32 2012(r235799) @@ -853,7 +853,7 @@ jailparam_free(struct jailparam *jp, uns static int jailparam_type(struct jailparam *jp) { - char *p, *nname; + char *p, *name, *nname; size_t miblen, desclen; int i, isarray; struct { @@ -863,7 +863,8 @@ jailparam_type(struct jailparam *jp) int mib[CTL_MAXNAME]; /* The lastjid parameter isn't real. */ - if (!strcmp(jp-jp_name, lastjid)) { + name = jp-jp_name; + if (!strcmp(name, lastjid)) { jp-jp_valuelen = sizeof(int); jp-jp_ctltype = CTLTYPE_INT | CTLFLAG_WR; return (0); @@ -872,19 +873,19 @@ jailparam_type(struct jailparam *jp) /* Find the sysctl that describes the parameter. */ mib[0] = 0; mib[1] = 3; - snprintf(desc.s, sizeof(desc.s), SJPARAM .%s, jp-jp_name); + snprintf(desc.s, sizeof(desc.s), SJPARAM .%s, name); miblen = sizeof(mib) - 2 * sizeof(int); if (sysctl(mib, 2, mib + 2, miblen, desc.s, strlen(desc.s)) 0) { if (errno != ENOENT) { snprintf(jail_errmsg, JAIL_ERRMSGLEN, - sysctl(0.3.%s): %s, jp-jp_name, strerror(errno)); + sysctl(0.3.%s): %s, name, strerror(errno)); return (-1); } /* * The parameter probably doesn't exist. But it might be * the no counterpart to a boolean. */ - nname = nononame(jp-jp_name); + nname = nononame(name); if (nname == NULL) { unknown_parameter: snprintf(jail_errmsg, JAIL_ERRMSGLEN, @@ -892,8 +893,10 @@ jailparam_type(struct jailparam *jp) errno = ENOENT; return (-1); } - snprintf(desc.s, sizeof(desc.s), SJPARAM .%s, nname); + name = alloca(strlen(nname) + 1); + strcpy(name, nname); free(nname); + snprintf(desc.s, sizeof(desc.s), SJPARAM .%s, name); miblen = sizeof(mib) - 2 * sizeof(int); if (sysctl(mib, 2, mib + 2, miblen, desc.s, strlen(desc.s)) 0) @@ -906,7 +909,7 @@ jailparam_type(struct jailparam *jp) if (sysctl(mib, (miblen / sizeof(int)) + 2, desc, desclen, NULL, 0) 0) { snprintf(jail_errmsg, JAIL_ERRMSGLEN, - sysctl(0.4.%s): %s, jp-jp_name, strerror(errno)); + sysctl(0.4.%s): %s, name, strerror(errno)); return (-1); } jp-jp_ctltype = desc.i; @@ -952,7 +955,7 @@ jailparam_type(struct jailparam *jp) if (sysctl(mib + 2, miblen / sizeof(int), desc.s, desclen, NULL, 0) 0) { snprintf(jail_errmsg, JAIL_ERRMSGLEN, - sysctl( SJPARAM .%s): %s, jp-jp_name, + sysctl( SJPARAM .%s): %s, name, strerror(errno)); return (-1); } @@ -970,7 +973,7 @@ jailparam_type(struct jailparam *jp) if (sysctl(mib + 2, miblen / sizeof(int), NULL, jp-jp_valuelen, NULL, 0) 0) { snprintf(jail_errmsg, JAIL_ERRMSGLEN, - sysctl( SJPARAM .%s): %s, jp-jp_name, + sysctl( SJPARAM .%s): %s, name, strerror(errno)); return (-1); } @@ -995,10 +998,9 @@ jailparam_type(struct jailparam *jp) sysctl(0.1): %s, strerror(errno)); return (-1); } - if (desclen == - sizeof(SJPARAM) + strlen(jp-jp_name) + 2 + if (desclen == sizeof(SJPARAM) + strlen(name) + 2 memcmp(SJPARAM ., desc.s, sizeof(SJPARAM)) == 0 - memcmp(jp-jp_name, desc.s + sizeof(SJPARAM), + memcmp(name, desc.s + sizeof(SJPARAM), desclen - sizeof(SJPARAM) - 2) == 0 desc.s[desclen - 2] == '.') goto mib_desc;
svn commit: r235291 - head/lib/libjail
Author: jamie Date: Fri May 11 21:22:52 2012 New Revision: 235291 URL: http://svn.freebsd.org/changeset/base/235291 Log: The linker isn't consistent in the ordering of dynamic sysctls, so don't assume that the unnamed final component of security.jail.param.foo. is one less than the foo component. It might be one greater instead. Modified: head/lib/libjail/jail.c Modified: head/lib/libjail/jail.c == --- head/lib/libjail/jail.c Fri May 11 21:13:43 2012(r235290) +++ head/lib/libjail/jail.c Fri May 11 21:22:52 2012(r235291) @@ -855,7 +855,7 @@ jailparam_type(struct jailparam *jp) { char *p, *nname; size_t miblen, desclen; - int isarray; + int i, isarray; struct { int i; char s[MAXPATHLEN]; @@ -977,21 +977,33 @@ jailparam_type(struct jailparam *jp) } break; case CTLTYPE_NODE: - /* A node might be described by an empty-named child. */ + /* +* A node might be described by an empty-named child, +* which would be immediately before or after the node itself. +*/ mib[1] = 1; - mib[(miblen / sizeof(int)) + 2] = - mib[(miblen / sizeof(int)) + 1] - 1; miblen += sizeof(int); - desclen = sizeof(desc.s); - if (sysctl(mib, (miblen / sizeof(int)) + 2, desc.s, desclen, - NULL, 0) 0) { - snprintf(jail_errmsg, JAIL_ERRMSGLEN, - sysctl(0.1): %s, strerror(errno)); - return (-1); + for (i = -1; i = 1; i += 2) { + mib[(miblen / sizeof(int)) + 1] = + mib[(miblen / sizeof(int))] + i; + desclen = sizeof(desc.s); + if (sysctl(mib, (miblen / sizeof(int)) + 2, desc.s, + desclen, NULL, 0) 0) { + if (errno == ENOENT) + continue; + snprintf(jail_errmsg, JAIL_ERRMSGLEN, + sysctl(0.1): %s, strerror(errno)); + return (-1); + } + if (desclen == + sizeof(SJPARAM) + strlen(jp-jp_name) + 2 + memcmp(SJPARAM ., desc.s, sizeof(SJPARAM)) == 0 + memcmp(jp-jp_name, desc.s + sizeof(SJPARAM), + desclen - sizeof(SJPARAM) - 2) == 0 + desc.s[desclen - 2] == '.') + goto mib_desc; } - if (desc.s[desclen - 2] != '.') - goto unknown_parameter; - goto mib_desc; + goto unknown_parameter; default: snprintf(jail_errmsg, JAIL_ERRMSGLEN, unknown type for %s, jp-jp_name); ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r234988 - head/usr.sbin/jail
Author: jamie Date: Thu May 3 21:39:23 2012 New Revision: 234988 URL: http://svn.freebsd.org/changeset/base/234988 Log: Add a meta-parameter IP__NULL to enum intparam, instead of mixing enum values and zeroes. This keeps clang happy (and is just good form). Submitted by: dim Modified: head/usr.sbin/jail/command.c head/usr.sbin/jail/config.c head/usr.sbin/jail/jail.c head/usr.sbin/jail/jailp.h Modified: head/usr.sbin/jail/command.c == --- head/usr.sbin/jail/command.cThu May 3 21:21:45 2012 (r234987) +++ head/usr.sbin/jail/command.cThu May 3 21:39:23 2012 (r234988) @@ -100,7 +100,7 @@ next_command(struct cfjail *j) if (j-comstring == NULL) { j-comparam += create_failed ? -1 : 1; switch ((comparam = *j-comparam)) { - case 0: + case IP__NULL: return 0; case IP_MOUNT_DEVFS: if (!bool_param(j-intparams[IP_MOUNT_DEVFS])) Modified: head/usr.sbin/jail/config.c == --- head/usr.sbin/jail/config.c Thu May 3 21:21:45 2012(r234987) +++ head/usr.sbin/jail/config.c Thu May 3 21:39:23 2012(r234988) @@ -328,7 +328,7 @@ add_param(struct cfjail *j, const struct } } else { flags = PF_APPEND; - if (ipnum != 0) { + if (ipnum != IP__NULL) { name = intparams[ipnum].name; flags |= intparams[ipnum].flags; } else if ((cs = strchr(value, '='))) { @@ -350,7 +350,7 @@ add_param(struct cfjail *j, const struct } /* See if this parameter has already been added. */ - if (ipnum != 0) + if (ipnum != IP__NULL) dp = j-intparams[ipnum]; else TAILQ_FOREACH(dp, j-params, tq) @@ -375,10 +375,10 @@ add_param(struct cfjail *j, const struct np-flags = flags; np-gen = 0; TAILQ_INSERT_TAIL(j-params, np, tq); - if (ipnum != 0) + if (ipnum != IP__NULL) j-intparams[ipnum] = np; else - for (ipnum = 1; ipnum IP_NPARAM; ipnum++) + for (ipnum = IP__NULL + 1; ipnum IP_NPARAM; ipnum++) if (!(intparams[ipnum].flags PF_CONV) equalopts(name, intparams[ipnum].name)) { j-intparams[ipnum] = np; Modified: head/usr.sbin/jail/jail.c == --- head/usr.sbin/jail/jail.c Thu May 3 21:21:45 2012(r234987) +++ head/usr.sbin/jail/jail.c Thu May 3 21:39:23 2012(r234988) @@ -81,7 +81,7 @@ static struct permspec perm_sysctl[] = { }; static const enum intparam startcommands[] = { -0, +IP__NULL, #ifdef INET IP__IP4_IFADDR, #endif @@ -97,11 +97,11 @@ static const enum intparam startcommands IP_EXEC_START, IP_COMMAND, IP_EXEC_POSTSTART, -0 +IP__NULL }; static const enum intparam stopcommands[] = { -0, +IP__NULL, IP_EXEC_PRESTOP, IP_EXEC_STOP, IP_STOP_TIMEOUT, @@ -116,7 +116,7 @@ static const enum intparam stopcommands[ #ifdef INET IP__IP4_IFADDR, #endif -0 +IP__NULL }; int Modified: head/usr.sbin/jail/jailp.h == --- head/usr.sbin/jail/jailp.h Thu May 3 21:21:45 2012(r234987) +++ head/usr.sbin/jail/jailp.h Thu May 3 21:39:23 2012(r234988) @@ -71,7 +71,8 @@ #define JF_DO_STOP(js) (((js) (JF_SET | JF_STOP)) == JF_STOP) enum intparam { - IP_ALLOW_DYING = 1, /* Allow making changes to a dying jail */ + IP__NULL = 0, /* Null command */ + IP_ALLOW_DYING, /* Allow making changes to a dying jail */ IP_COMMAND, /* Command run inside jail at creation */ IP_DEPEND, /* Jail starts after (stops before) another */ IP_EXEC_CLEAN, /* Run commands in a clean environment */ ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r234934 - head/usr.sbin/jail
Author: jamie Date: Wed May 2 21:24:08 2012 New Revision: 234934 URL: http://svn.freebsd.org/changeset/base/234934 Log: Add YY_NO_INPUT so clang doesn't complain about input not being used. Modified: head/usr.sbin/jail/jaillex.l Modified: head/usr.sbin/jail/jaillex.l == --- head/usr.sbin/jail/jaillex.lWed May 2 20:01:28 2012 (r234933) +++ head/usr.sbin/jail/jaillex.lWed May 2 21:24:08 2012 (r234934) @@ -36,6 +36,7 @@ __FBSDID($FreeBSD$); #include jailp.h #include y.tab.h +#define YY_NO_INPUT #define YY_NO_UNPUT extern int yynerrs; ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r234744 - head/usr.sbin/jail
Author: jamie Date: Fri Apr 27 23:39:21 2012 New Revision: 234744 URL: http://svn.freebsd.org/changeset/base/234744 Log: Fix the dates and history as of the move to HEAD. Modified: head/usr.sbin/jail/jail.conf.5 Modified: head/usr.sbin/jail/jail.conf.5 == --- head/usr.sbin/jail/jail.conf.5 Fri Apr 27 22:27:21 2012 (r234743) +++ head/usr.sbin/jail/jail.conf.5 Fri Apr 27 23:39:21 2012 (r234744) @@ -1,4 +1,4 @@ -.\ Copyright (c) 2011 James Gritton +.\ Copyright (c) 2012 James Gritton .\ All rights reserved. .\ .\ Redistribution and use in source and binary forms, with or without @@ -24,7 +24,7 @@ .\ .\ $FreeBSD$ .\ -.Dd October 20, 2010 +.Dd April 26, 2012 .Dt JAIL.CONF 5 .Os .Sh NAME @@ -217,7 +217,7 @@ utility appeared in The .Nm file was added in -.Fx 9.0 . +.Fx 10.0 . .Sh AUTHORS .An -nosplit The jail feature was written by ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r234712 - in head: lib/libc/sys usr.sbin/jail
Author: jamie Date: Thu Apr 26 17:36:05 2012 New Revision: 234712 URL: http://svn.freebsd.org/changeset/base/234712 Log: A new jail(8) with a configuration file, ultimately to replace the work currently done by /etc/rc.d/jail. MFC after:3 months Added: head/usr.sbin/jail/command.c - copied unchanged from r232242, projects/jailconf/usr.sbin/jail/command.c head/usr.sbin/jail/config.c - copied unchanged from r232242, projects/jailconf/usr.sbin/jail/config.c head/usr.sbin/jail/jail.conf.5 - copied unchanged from r232242, projects/jailconf/usr.sbin/jail/jail.conf.5 head/usr.sbin/jail/jaillex.l - copied unchanged from r232242, projects/jailconf/usr.sbin/jail/jaillex.l head/usr.sbin/jail/jailp.h - copied unchanged from r232242, projects/jailconf/usr.sbin/jail/jailp.h head/usr.sbin/jail/jailparse.y - copied unchanged from r232242, projects/jailconf/usr.sbin/jail/jailparse.y head/usr.sbin/jail/state.c - copied unchanged from r232242, projects/jailconf/usr.sbin/jail/state.c Modified: head/lib/libc/sys/jail.2 head/usr.sbin/jail/Makefile head/usr.sbin/jail/jail.8 head/usr.sbin/jail/jail.c Directory Properties: head/lib/libc/ (props changed) head/usr.sbin/jail/ (props changed) Modified: head/lib/libc/sys/jail.2 == --- head/lib/libc/sys/jail.2Thu Apr 26 17:35:11 2012(r234711) +++ head/lib/libc/sys/jail.2Thu Apr 26 17:36:05 2012(r234712) @@ -247,44 +247,6 @@ They return \-1 on failure, and set to indicate the error. .Pp .Rv -std jail_attach jail_remove -.Sh PRISON? -Once a process has been put in a prison, it and its descendants cannot escape -the prison. -.Pp -Inside the prison, the concept of -.Dq superuser -is very diluted. -In general, -it can be assumed that nothing can be mangled from inside a prison which -does not exist entirely inside that prison. -For instance the directory -tree below -.Dq Li path -can be manipulated all the ways a root can normally do it, including -.Dq Li rm -rf /* -but new device special nodes cannot be created because they reference -shared resources (the device drivers in the kernel). -The effective -.Dq securelevel -for a process is the greater of the global -.Dq securelevel -or, if present, the per-jail -.Dq securelevel . -.Pp -All IP activity will be forced to happen to/from the IP number specified, -which should be an alias on one of the network interfaces. -All connections to/from the loopback address -.Pf ( Li 127.0.0.1 -for IPv4, -.Li ::1 -for IPv6) will be changed to be to/from the primary address -of the jail for the given address family. -.Pp -It is possible to identify a process as jailed by examining -.Dq Li /proc/pid/status : -it will show a field near the end of the line, either as -a single hyphen for a process at large, or the name currently -set for the prison for jailed processes. .Sh ERRORS The .Fn jail @@ -415,7 +377,7 @@ and .Fn jail_attach call .Xr chroot 2 -internally, so it can fail for all the same reasons. +internally, so they can fail for all the same reasons. Please consult the .Xr chroot 2 manual page for details. Modified: head/usr.sbin/jail/Makefile == --- head/usr.sbin/jail/Makefile Thu Apr 26 17:35:11 2012(r234711) +++ head/usr.sbin/jail/Makefile Thu Apr 26 17:36:05 2012(r234712) @@ -3,9 +3,14 @@ .include bsd.own.mk PROG= jail -MAN= jail.8 -DPADD= ${LIBJAIL} ${LIBUTIL} -LDADD= -ljail -lutil +MAN= jail.8 jail.conf.5 +SRCS= jail.c command.c config.c state.c jailp.h jaillex.l jailparse.y y.tab.h + +DPADD= ${LIBJAIL} ${LIBKVM} ${LIBUTIL} ${LIBL} +LDADD= -ljail -lkvm -lutil -ll + +YFLAGS+=-v +CFLAGS+=-I. -I${.CURDIR} .if ${MK_INET6_SUPPORT} != no CFLAGS+= -DINET6 @@ -14,4 +19,6 @@ CFLAGS+= -DINET6 CFLAGS+= -DINET .endif +CLEANFILES= y.output + .include bsd.prog.mk Copied: head/usr.sbin/jail/command.c (from r232242, projects/jailconf/usr.sbin/jail/command.c) == --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/usr.sbin/jail/command.cThu Apr 26 17:36:05 2012 (r234712, copy of r232242, projects/jailconf/usr.sbin/jail/command.c) @@ -0,0 +1,857 @@ +/*- + * Copyright (c) 2011 James Gritton + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * + * THIS