1 /* 2 * ---------------------------------------------------------------------------- 3 * "THE BEER-WARE LICENSE" (Revision 42): 4 * <phk@FreeBSD.org> wrote this file. As long as you retain this notice you 5 * can do whatever you want with this stuff. If we meet some day, and you think 6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7 * ---------------------------------------------------------------------------- 8 * 9 * $FreeBSD: src/sys/sys/jail.h,v 1.8.2.2 2000/11/01 17:58:06 rwatson Exp $ 10 * $DragonFly: src/sys/sys/jail.h,v 1.7 2006/05/20 02:42:13 dillon Exp $ 11 * 12 */ 13 14 #ifndef _SYS_JAIL_H_ 15 #define _SYS_JAIL_H_ 16 17 #ifndef _SYS_TYPES_H_ 18 #include <sys/types.h> 19 #endif 20 #ifndef _SYS_PARAM_H_ 21 #include <sys/param.h> 22 #endif 23 #ifndef _SYS_UCRED_H_ 24 #include <sys/ucred.h> 25 #endif 26 27 struct jail { 28 uint32_t version; 29 char *path; 30 char *hostname; 31 uint32_t ip_number; 32 }; 33 34 #ifndef _KERNEL 35 36 int jail(struct jail *); 37 int jail_attach(int); 38 39 #else /* _KERNEL */ 40 41 #include <sys/varsym.h> 42 43 #ifdef MALLOC_DECLARE 44 MALLOC_DECLARE(M_PRISON); 45 #endif 46 47 #define JAIL_MAX 999999 48 49 /* 50 * This structure describes a prison. It is pointed to by all struct 51 * proc's of the inmates. pr_ref keeps track of them and is used to 52 * delete the struture when the last inmate is dead. 53 */ 54 55 struct prison { 56 LIST_ENTRY(prison) pr_list; /* all prisons */ 57 int pr_id; /* prison id */ 58 int pr_ref; /* reference count */ 59 struct namecache *pr_root; /* namecache entry of root */ 60 char pr_host[MAXHOSTNAMELEN]; /* host name */ 61 uint32_t pr_ip; /* IP address */ 62 void *pr_linux; /* Linux ABI emulation */ 63 int pr_securelevel; /* jail securelevel */ 64 struct varsymset pr_varsymset; /* jail varsyms */ 65 }; 66 67 /* 68 * Sysctl-set variables that determine global jail policy 69 */ 70 extern int jail_set_hostname_allowed; 71 extern int jail_socket_unixiproute_only; 72 extern int jail_sysvipc_allowed; 73 extern int jail_chflags_allowed; 74 75 void prison_hold(struct prison *); 76 void prison_free(struct prison *); 77 78 /* 79 * Return 1 if the passed credential is in a jail, otherwise 0. 80 */ 81 static __inline int 82 jailed(struct ucred *cred) 83 { 84 return(cred->cr_prison != NULL); 85 } 86 87 #endif /* !_KERNEL */ 88 #endif /* !_SYS_JAIL_H_ */ 89