[Midnightbsd-cvs] src [9416] trunk: Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sat Mar 4 17:48:13 EST 2017
Revision: 9416
http://svnweb.midnightbsd.org/src/?rev=9416
Author: laffer1
Date: 2017-03-04 17:48:13 -0500 (Sat, 04 Mar 2017)
Log Message:
-----------
Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't
apply to most jails but do apply to vnet jails. This includes adding
a new sysctl "security.jail.vnet" to identify vnet jails.
Modified Paths:
--------------
trunk/etc/rc
trunk/etc/rc.d/ipfw
trunk/etc/rc.d/netif
trunk/etc/rc.d/routing
trunk/sys/kern/kern_jail.c
Modified: trunk/etc/rc
===================================================================
--- trunk/etc/rc 2017-03-04 22:47:23 UTC (rev 9415)
+++ trunk/etc/rc 2017-03-04 22:48:13 UTC (rev 9416)
@@ -76,6 +76,9 @@
if [ "$early_late_divider" = "FILESYSTEMS" ]; then
early_late_divider=NETWORKING
fi
+ if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then
+ skip="$skip -s nojailvnet"
+ fi
fi
# Do a first pass to get everything up to $early_late_divider so that
Modified: trunk/etc/rc.d/ipfw
===================================================================
--- trunk/etc/rc.d/ipfw 2017-03-04 22:47:23 UTC (rev 9415)
+++ trunk/etc/rc.d/ipfw 2017-03-04 22:48:13 UTC (rev 9416)
@@ -5,7 +5,7 @@
# PROVIDE: ipfw
# REQUIRE: ppp
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
. /etc/network.subr
Modified: trunk/etc/rc.d/netif
===================================================================
--- trunk/etc/rc.d/netif 2017-03-04 22:47:23 UTC (rev 9415)
+++ trunk/etc/rc.d/netif 2017-03-04 22:48:13 UTC (rev 9416)
@@ -28,7 +28,7 @@
# PROVIDE: netif
# REQUIRE: atm1 FILESYSTEMS serial sppp sysctl
# REQUIRE: ipfilter ipfs
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
. /etc/network.subr
Modified: trunk/etc/rc.d/routing
===================================================================
--- trunk/etc/rc.d/routing 2017-03-04 22:47:23 UTC (rev 9415)
+++ trunk/etc/rc.d/routing 2017-03-04 22:48:13 UTC (rev 9416)
@@ -7,7 +7,7 @@
# PROVIDE: routing
# REQUIRE: faith netif ppp stf
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
. /etc/network.subr
Modified: trunk/sys/kern/kern_jail.c
===================================================================
--- trunk/sys/kern/kern_jail.c 2017-03-04 22:47:23 UTC (rev 9415)
+++ trunk/sys/kern/kern_jail.c 2017-03-04 22:48:13 UTC (rev 9416)
@@ -4150,6 +4150,26 @@
CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
sysctl_jail_jailed, "I", "Process in jail?");
+static int
+sysctl_jail_vnet(SYSCTL_HANDLER_ARGS)
+{
+ int error, havevnet;
+#ifdef VIMAGE
+ struct ucred *cred = req->td->td_ucred;
+
+ havevnet = jailed(cred) && prison_owns_vnet(cred);
+#else
+ havevnet = 0;
+#endif
+ error = SYSCTL_OUT(req, &havevnet, sizeof(havevnet));
+
+ return (error);
+}
+
+SYSCTL_PROC(_security_jail, OID_AUTO, vnet,
+ CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_jail_vnet, "I", "Jail owns VNET?");
+
#if defined(INET) || defined(INET6)
SYSCTL_UINT(_security_jail, OID_AUTO, jail_max_af_ips, CTLFLAG_RW,
&jail_max_af_ips, 0,
More information about the Midnightbsd-cvs
mailing list