1 /* 2 * ---------------------------------------------------------------------------- 3 * "THE BEER-WARE LICENSE" (Revision 42): 4 * <phk@FreeBSD.org> wrote this file. As long as you retain this notice you 5 * can do whatever you want with this stuff. If we meet some day, and you think 6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7 * ---------------------------------------------------------------------------- 8 * 9 * $FreeBSD: src/sys/sys/jail.h,v 1.8.2.2 2000/11/01 17:58:06 rwatson Exp $ 10 * $DragonFly: src/sys/sys/jail.h,v 1.11 2007/02/01 10:33:26 corecode Exp $ 11 * 12 */ 13 14 #ifndef _SYS_JAIL_H_ 15 #define _SYS_JAIL_H_ 16 17 #ifndef _SYS_TYPES_H_ 18 #include <sys/types.h> 19 #endif 20 #ifndef _SYS_PARAM_H_ 21 #include <sys/param.h> 22 #endif 23 #ifndef _SYS_QUEUE_H_ 24 #include <sys/queue.h> 25 #endif 26 #ifndef _SYS_UCRED_H_ 27 #include <sys/ucred.h> 28 #endif 29 #ifndef _SYS_IF_H_ 30 #include <net/if.h> 31 #endif 32 33 struct jail { 34 uint32_t version; 35 char *path; 36 char *hostname; 37 uint32_t n_ips; /* Number of ips */ 38 struct sockaddr_storage *ips; 39 }; 40 41 struct jail_v0 { 42 uint32_t version; 43 char *path; 44 char *hostname; 45 uint32_t ip_number; 46 }; 47 48 #ifndef _KERNEL 49 50 int jail(struct jail *); 51 int jail_attach(int); 52 53 #endif 54 55 #ifdef _KERNEL 56 57 #ifndef _SYS_NAMECACHE_H_ 58 #include <sys/namecache.h> 59 #endif 60 #ifndef _SYS_VARSYM_H_ 61 #include <sys/varsym.h> 62 #endif 63 64 #ifdef MALLOC_DECLARE 65 MALLOC_DECLARE(M_PRISON); 66 #endif 67 68 #endif /* _KERNEL */ 69 70 #if defined(_KERNEL) || defined(_KERNEL_STRUCTURES) 71 72 #define JAIL_MAX 999999 73 74 /* Used to store the IPs of the jail */ 75 76 struct jail_ip_storage { 77 struct sockaddr_storage ip; 78 SLIST_ENTRY(jail_ip_storage) entries; 79 }; 80 81 /* 82 * This structure describes a prison. It is pointed to by all struct 83 * proc's of the inmates. pr_ref keeps track of them and is used to 84 * delete the struture when the last inmate is dead. 85 */ 86 87 struct prison { 88 LIST_ENTRY(prison) pr_list; /* all prisons */ 89 int pr_id; /* prison id */ 90 int pr_ref; /* reference count */ 91 struct nchandle pr_root; /* namecache entry of root */ 92 char pr_host[MAXHOSTNAMELEN]; /* host name */ 93 SLIST_HEAD(iplist, jail_ip_storage) pr_ips; /* list of IP addresses */ 94 struct sockaddr_in *local_ip4; /* cache for a loopback ipv4 address */ 95 struct sockaddr_in *nonlocal_ip4; /* cache for a non loopback ipv4 address */ 96 struct sockaddr_in6 *local_ip6; /* cache for a loopback ipv6 address */ 97 struct sockaddr_in6 *nonlocal_ip6; /* cache for a non loopback ipv6 address */ 98 void *pr_linux; /* Linux ABI emulation */ 99 int pr_securelevel; /* jail securelevel */ 100 struct varsymset pr_varsymset; /* jail varsyms */ 101 }; 102 103 /* 104 * Sysctl-set variables that determine global jail policy 105 */ 106 extern int jail_set_hostname_allowed; 107 extern int jail_socket_unixiproute_only; 108 extern int jail_sysvipc_allowed; 109 extern int jail_chflags_allowed; 110 111 void prison_hold(struct prison *); 112 void prison_free(struct prison *); 113 int jailed_ip(struct prison *, struct sockaddr *); 114 struct sockaddr * 115 prison_get_local(struct prison *pr, sa_family_t, struct sockaddr *); 116 struct sockaddr * 117 prison_get_nonlocal(struct prison *pr, sa_family_t, struct sockaddr *); 118 119 /* 120 * Return 1 if the passed credential is in a jail, otherwise 0. 121 */ 122 static __inline int 123 jailed(struct ucred *cred) 124 { 125 return(cred->cr_prison != NULL); 126 } 127 128 #endif /* _KERNEL || _KERNEL_STRUCTURES */ 129 #endif /* !_SYS_JAIL_H_ */ 130