#
b34421bf |
| 08-Sep-2009 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Add necessary include.
|
#
babbbb9c |
| 04-Sep-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Allow a jail's name to be the same as its jid (which is the default if no name is specified), but still disallow other numeric names.
Reviewed by: zec Approved by: bz (mentor) MFC after: 3 days
|
#
c4884ffa |
| 27-Aug-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Fix a LOR between allprison_lock and vnode locks by releasing allprison_lock before releasing a prison's root vnode.
PR: kern/138004 Reviewed by: kib Approved by: bz (mentor) MFC after: 3 days
|
#
0cb8b6a9 |
| 24-Aug-2009 |
Marko Zec <zec@FreeBSD.org> |
When "jail -c vnet" request fails, the current code actually creates and leaves behind an orphaned vnet. This change ensures that such vnets get released.
This change affects only options VIMAGE bu
When "jail -c vnet" request fails, the current code actually creates and leaves behind an orphaned vnet. This change ensures that such vnets get released.
This change affects only options VIMAGE builds.
Submitted by: jamie Discussed with: bz Approved by: re (rwatson), julian (mentor) MFC after: 3 days
show more ...
|
#
eb79e1c7 |
| 13-Aug-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Make it possible to change the vnet sysctl variables on jails with their own virtual network stack. Jails only inheriting a network stack cannot change anything that cannot be changed from within a p
Make it possible to change the vnet sysctl variables on jails with their own virtual network stack. Jails only inheriting a network stack cannot change anything that cannot be changed from within a prison.
Reviewed by: rwatson, zec Approved by: re (kib)
show more ...
|
#
57aea6df |
| 12-Aug-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Make the kernel compile without IP networking by moving a variable under a proper #ifdef.
Approved by: re (rwatson)
|
Revision tags: vendor/openbsm/1.1-P-2 |
|
#
530c0060 |
| 01-Aug-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to vi
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes.
Reviewed by: bz Approved by: re (vimage blanket)
show more ...
|
#
42bebd82 |
| 31-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Make the "enforce_statfs" default 2 (most restrictive) in jail_set(2), instead of whatever the parent/system has (which is generally 0). This mirrors the old-style default used for jail(2) in conjun
Make the "enforce_statfs" default 2 (most restrictive) in jail_set(2), instead of whatever the parent/system has (which is generally 0). This mirrors the old-style default used for jail(2) in conjunction with the security.jail.enforce_statfs sysctl.
Approved by: re (kib), bz (mentor)
show more ...
|
Revision tags: vendor/acpica/20090730 |
|
#
2b0d6f81 |
| 30-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Remove a LOR, where the the sleepable allprison_lock was being obtained in prison_equal_ip4/6 while an inp mutex was held. Locking allprison_lock can be avoided by making a restriction on the IP add
Remove a LOR, where the the sleepable allprison_lock was being obtained in prison_equal_ip4/6 while an inp mutex was held. Locking allprison_lock can be avoided by making a restriction on the IP addresses associated with jails:
Don't allow the "ip4" and "ip6" parameters to be changed after a jail is created. Setting the "ip4.addr" and "ip6.addr" parameters is allowed, but only if the jail was already created with either ip4/6=new or ip4/6=disable. With this restriction, the prison flags in question (PR_IP4_USER and PR_IP6_USER) become read-only and can be checked without locking.
This also allows the simplification of a messy code path that was needed to handle an existing prison gaining an IP address list.
PR: kern/136899 Reported by: Dirk Meyer Approved by: re (kib), bz (mentor)
show more ...
|
#
bdfc8cc4 |
| 29-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Don't allow mixing the "vnet" and "ip4/6" jail parameters, since vnet jails have their own IP stack and don't have access to the parent IP addresses anyway. Note that a virtual network stack forms a
Don't allow mixing the "vnet" and "ip4/6" jail parameters, since vnet jails have their own IP stack and don't have access to the parent IP addresses anyway. Note that a virtual network stack forms a break between prisons with regard to the list of allowed IP addresses.
Approved by: re (kib), bz (mentor)
show more ...
|
#
8986e3a0 |
| 29-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Change the default value of the "ip4" and "ip6" jail parameters to "disable", which only allows access to the parent/physical system's IP addresses when specifically directed. Change the default val
Change the default value of the "ip4" and "ip6" jail parameters to "disable", which only allows access to the parent/physical system's IP addresses when specifically directed. Change the default value of "host" to "new", and don't copy the parent host values, to insulate jails from the parent hostname et al.
Approved by: re (kib), bz (mentor)
show more ...
|
Revision tags: vendor/bind9/9.4.3-P3, vendor/bind9/9.6.1-P1, vendor/less/v436 |
|
#
7cbf7213 |
| 25-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Some jail parameters (in particular, "ip4" and "ip6" for IP address restrictions) were found to be inadequately described by a boolean. Define a new parameter type with three values (disable, new, in
Some jail parameters (in particular, "ip4" and "ip6" for IP address restrictions) were found to be inadequately described by a boolean. Define a new parameter type with three values (disable, new, inherit) to handle these and future cases.
Approved by: re (kib), bz (mentor) Discussed with: rwatson
show more ...
|
Revision tags: vendor/tzcode/tzcode2009k, vendor/tzdata/tzdata2009k |
|
#
7afcbc18 |
| 17-Jul-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Remove the interim vimage containers, struct vimage and struct procg, and the ioctl-based interface that supported them.
Approved by: re (kib), bz (mentor)
|
Revision tags: vendor/openbsm/1.1-P-1, vendor/tcsh/6.17.00, vendor/clang/clang-r74788, vendor/llvm/llvm-r74788, vendor/clang/clang-r74383, vendor/llvm/llvm-r74383, vendor/acpica/20090625, vendor/bind9/9.6.1 |
|
#
499650a0 |
| 24-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Wrap a PR_VNET inside "#ifdef VIMAGE" since that the only place it applies. bz wants the blame for this.
Noticed by: rwatson Approved by: bz (mentor)
|
#
6bb79563 |
| 24-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
In case of prisons with their own network stack, permit additional privileges as well as not restricting the type of sockets a user can open.
Note: the VIMAGE/vnet fetaure of of jails is still consi
In case of prisons with their own network stack, permit additional privileges as well as not restricting the type of sockets a user can open.
Note: the VIMAGE/vnet fetaure of of jails is still considered experimental and cannot guarantee that privileged users can be kept imprisoned if enabled.
Reviewed by: rwatson Approved by: bz (mentor)
show more ...
|
#
b97457e2 |
| 23-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Add a limit for child jails via the "children.cur" and "children.max" parameters. This replaces the simple "allow.jails" permission.
Approved by: bz (mentor)
|
Revision tags: vendor/clang/clang-r73984, vendor/llvm/llvm-r73984, vendor/clang/clang-r73954, vendor/llvm/llvm-r73954, vendor/clang/clang-r73879, vendor/llvm/llvm-r73879, vendor/tzdata/tzdata2009j, vendor/opensolaris/20080410b |
|
#
679e1390 |
| 15-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Manage vnets via the jail system. If a jail is given the boolean parameter "vnet" when it is created, a new vnet instance will be created along with the jail. Networks interfaces can be moved betwe
Manage vnets via the jail system. If a jail is given the boolean parameter "vnet" when it is created, a new vnet instance will be created along with the jail. Networks interfaces can be moved between prisons with an ioctl similar to the one that moves them between vimages. For now vnets will co-exist under both jails and vimages, but soon struct vimage will be going away.
Reviewed by: zec, julian Approved by: bz (mentor)
show more ...
|
Revision tags: vendor/clang/clang-r73340, vendor/llvm/llvm-r73340 |
|
#
c1f19219 |
| 13-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Rename the host-related prison fields to be the same as the host.* parameters they represent, and the variables they replaced, instead of abbreviated versions of them.
Approved by: bz (mentor)
|
#
7455b100 |
| 13-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Add counterparts to getcredhostname: getcreddomainname, getcredhostuuid, getcredhostid
Suggested by: rmacklem Approved by: bz
|
#
e92e0574 |
| 09-Jun-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Fix some overflow errors: a signed allocation and an insufficiant array size.
Reported by: pho Tested by: pho Approved by: bz (mentor)
|
Revision tags: vendor/tzcode/tzcode2009i, vendor/tzdata/tzdata2009i, vendor/clang/clang-r73070, vendor/llvm/llvm-r73070, vendor/openssl/0.9.8k, vendor/clang/clang-r73021, vendor/llvm/llvm-r73021, vendor/clang/clang-r72995, vendor/llvm/llvm-r72995 |
|
#
bcf11e8d |
| 05-Jun-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in du
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include.
Discussed with: pjd
show more ...
|
Revision tags: vendor/clang/clang-r72805, vendor/llvm/llvm-r72805, vendor/clang/clang-r72770, vendor/llvm/llvm-r72770, vendor/clang/clang-r72732, vendor/llvm/llvm-r72732, vendor/acpica/20090521, vendor/acpica/20070320resync, vendor/bind9/9.6.1rc1 |
|
#
76ca6f88 |
| 29-May-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible.
The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed.
Approved by: bz (mentor)
show more ...
|
Revision tags: vendor/netcat/4.5 |
|
#
0304c731 |
| 27-May-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings.
Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge().
Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call.
Approved by: bz (mentor)
show more ...
|
Revision tags: vendor/tzcode/tzcode2009h, vendor/tzdata/tzdata2009h, vendor/ee/1.5.0, vendor/ee/1.4.7, vendor/ee/1.4.6, vendor/ee/1.4.5a, vendor/ee/1.4.4, vendor/ee/1.4.3, vendor/ee/1.4.2 |
|
#
1e2a13e6 |
| 23-May-2009 |
Jamie Gritton <jamie@FreeBSD.org> |
Delay an error message until the variable it uses gets initialized.
Found with: Coverity Prevent(tm) CID: 4316 Reported by: trasz Approved by: bz (mentor)
|
Revision tags: vendor/top/3.8b1, vendor/tzcode/tzcode2009e, vendor/file/5.03, vendor/less/v429 |
|
#
29b02909 |
| 08-May-2009 |
Marko Zec <zec@FreeBSD.org> |
Introduce a new virtualization container, provisionally named vprocg, to hold virtualized instances of hostname and domainname, as well as a new top-level virtualization struct vimage, which holds po
Introduce a new virtualization container, provisionally named vprocg, to hold virtualized instances of hostname and domainname, as well as a new top-level virtualization struct vimage, which holds pointers to struct vnet and struct vprocg. Struct vprocg is likely to become replaced in the near future with a new jail management API import.
As a consequence of this change, change struct ucred to point to a struct vimage, instead of directly pointing to a vnet.
Merge vnet / vimage / ucred refcounting infrastructure from p4 / vimage branch.
Permit kldload / kldunload operations to be executed only from the default vimage context.
This change should have no functional impact on nooptions VIMAGE kernel builds.
Reviewed by: bz Approved by: julian (mentor)
show more ...
|