160727d8bSWarner Losh /*- 2c4e20cadSPedro F. Giffuni * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3c4e20cadSPedro F. Giffuni * 47074cfa2SJamie Gritton * Copyright (c) 1999 Poul-Henning Kamp. 5b38ff370SJamie Gritton * Copyright (c) 2009 James Gritton. 67074cfa2SJamie Gritton * All rights reserved. 77074cfa2SJamie Gritton * 87074cfa2SJamie Gritton * Redistribution and use in source and binary forms, with or without 97074cfa2SJamie Gritton * modification, are permitted provided that the following conditions 107074cfa2SJamie Gritton * are met: 117074cfa2SJamie Gritton * 1. Redistributions of source code must retain the above copyright 127074cfa2SJamie Gritton * notice, this list of conditions and the following disclaimer. 137074cfa2SJamie Gritton * 2. Redistributions in binary form must reproduce the above copyright 147074cfa2SJamie Gritton * notice, this list of conditions and the following disclaimer in the 157074cfa2SJamie Gritton * documentation and/or other materials provided with the distribution. 167074cfa2SJamie Gritton * 177074cfa2SJamie Gritton * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 187074cfa2SJamie Gritton * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 197074cfa2SJamie Gritton * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 207074cfa2SJamie Gritton * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 217074cfa2SJamie Gritton * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 227074cfa2SJamie Gritton * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 237074cfa2SJamie Gritton * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 247074cfa2SJamie Gritton * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 257074cfa2SJamie Gritton * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 267074cfa2SJamie Gritton * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 277074cfa2SJamie Gritton * SUCH DAMAGE. 2875c13541SPoul-Henning Kamp * 29c3aac50fSPeter Wemm * $FreeBSD$ 3075c13541SPoul-Henning Kamp */ 3175c13541SPoul-Henning Kamp 3275c13541SPoul-Henning Kamp #ifndef _SYS_JAIL_H_ 3375c13541SPoul-Henning Kamp #define _SYS_JAIL_H_ 3475c13541SPoul-Henning Kamp 35413628a7SBjoern A. Zeeb #ifdef _KERNEL 36413628a7SBjoern A. Zeeb struct jail_v0 { 37978f8d93SPoul-Henning Kamp u_int32_t version; 3875c13541SPoul-Henning Kamp char *path; 3975c13541SPoul-Henning Kamp char *hostname; 4075c13541SPoul-Henning Kamp u_int32_t ip_number; 4175c13541SPoul-Henning Kamp }; 42413628a7SBjoern A. Zeeb #endif 4375c13541SPoul-Henning Kamp 44413628a7SBjoern A. Zeeb struct jail { 45413628a7SBjoern A. Zeeb uint32_t version; 46413628a7SBjoern A. Zeeb char *path; 47413628a7SBjoern A. Zeeb char *hostname; 48413628a7SBjoern A. Zeeb char *jailname; 49413628a7SBjoern A. Zeeb uint32_t ip4s; 50413628a7SBjoern A. Zeeb uint32_t ip6s; 51413628a7SBjoern A. Zeeb struct in_addr *ip4; 52413628a7SBjoern A. Zeeb struct in6_addr *ip6; 53413628a7SBjoern A. Zeeb }; 54413628a7SBjoern A. Zeeb #define JAIL_API_VERSION 2 55413628a7SBjoern A. Zeeb 56413628a7SBjoern A. Zeeb /* 57413628a7SBjoern A. Zeeb * For all xprison structs, always keep the pr_version an int and 58413628a7SBjoern A. Zeeb * the first variable so userspace can easily distinguish them. 59413628a7SBjoern A. Zeeb */ 60c542c43eSJamie Gritton #ifndef _KERNEL 61c542c43eSJamie Gritton struct xprison_v1 { 62c542c43eSJamie Gritton int pr_version; 63c542c43eSJamie Gritton int pr_id; 64c542c43eSJamie Gritton char pr_path[MAXPATHLEN]; 65c542c43eSJamie Gritton char pr_host[MAXHOSTNAMELEN]; 66c542c43eSJamie Gritton u_int32_t pr_ip; 67c542c43eSJamie Gritton }; 68c542c43eSJamie Gritton #endif 69c542c43eSJamie Gritton 70413628a7SBjoern A. Zeeb struct xprison { 71413628a7SBjoern A. Zeeb int pr_version; 72413628a7SBjoern A. Zeeb int pr_id; 73413628a7SBjoern A. Zeeb int pr_state; 74413628a7SBjoern A. Zeeb cpusetid_t pr_cpusetid; 75413628a7SBjoern A. Zeeb char pr_path[MAXPATHLEN]; 76413628a7SBjoern A. Zeeb char pr_host[MAXHOSTNAMELEN]; 77413628a7SBjoern A. Zeeb char pr_name[MAXHOSTNAMELEN]; 78413628a7SBjoern A. Zeeb uint32_t pr_ip4s; 79413628a7SBjoern A. Zeeb uint32_t pr_ip6s; 80413628a7SBjoern A. Zeeb #if 0 81413628a7SBjoern A. Zeeb /* 82413628a7SBjoern A. Zeeb * sizeof(xprison) will be malloced + size needed for all 83413628a7SBjoern A. Zeeb * IPv4 and IPv6 addesses. Offsets are based numbers of addresses. 84413628a7SBjoern A. Zeeb */ 85413628a7SBjoern A. Zeeb struct in_addr pr_ip4[]; 86413628a7SBjoern A. Zeeb struct in6_addr pr_ip6[]; 87413628a7SBjoern A. Zeeb #endif 88413628a7SBjoern A. Zeeb }; 89413628a7SBjoern A. Zeeb #define XPRISON_VERSION 3 90413628a7SBjoern A. Zeeb 91413628a7SBjoern A. Zeeb #define PRISON_STATE_INVALID 0 92413628a7SBjoern A. Zeeb #define PRISON_STATE_ALIVE 1 93413628a7SBjoern A. Zeeb #define PRISON_STATE_DYING 2 94413628a7SBjoern A. Zeeb 95b38ff370SJamie Gritton /* 96b38ff370SJamie Gritton * Flags for jail_set and jail_get. 97b38ff370SJamie Gritton */ 98b38ff370SJamie Gritton #define JAIL_CREATE 0x01 /* Create jail if it doesn't exist */ 99b38ff370SJamie Gritton #define JAIL_UPDATE 0x02 /* Update parameters of existing jail */ 100b38ff370SJamie Gritton #define JAIL_ATTACH 0x04 /* Attach to jail upon creation */ 101b38ff370SJamie Gritton #define JAIL_DYING 0x08 /* Allow getting a dying jail */ 102b38ff370SJamie Gritton #define JAIL_SET_MASK 0x0f 103b38ff370SJamie Gritton #define JAIL_GET_MASK 0x08 104fd7a8150SMike Barcroft 1057cbf7213SJamie Gritton #define JAIL_SYS_DISABLE 0 1067cbf7213SJamie Gritton #define JAIL_SYS_NEW 1 1077cbf7213SJamie Gritton #define JAIL_SYS_INHERIT 2 1087cbf7213SJamie Gritton 109664a31e4SPeter Wemm #ifndef _KERNEL 110d8bd3ac4SPoul-Henning Kamp 111b38ff370SJamie Gritton struct iovec; 112b38ff370SJamie Gritton 113c542c43eSJamie Gritton int jail(struct jail *); 114b38ff370SJamie Gritton int jail_set(struct iovec *, unsigned int, int); 115b38ff370SJamie Gritton int jail_get(struct iovec *, unsigned int, int); 116fd7a8150SMike Barcroft int jail_attach(int); 117b38ff370SJamie Gritton int jail_remove(int); 118d8bd3ac4SPoul-Henning Kamp 119664a31e4SPeter Wemm #else /* _KERNEL */ 12075c13541SPoul-Henning Kamp 121607aa34eSBruce Evans #include <sys/queue.h> 122b38ff370SJamie Gritton #include <sys/sysctl.h> 1230304c731SJamie Gritton #include <sys/lock.h> 1240304c731SJamie Gritton #include <sys/mutex.h> 125b3059e09SRobert Watson #include <sys/_task.h> 12601137630SRobert Watson 1272110d913SXin LI #define JAIL_MAX 999999 1282110d913SXin LI 12975c13541SPoul-Henning Kamp #ifdef MALLOC_DECLARE 13075c13541SPoul-Henning Kamp MALLOC_DECLARE(M_PRISON); 13175c13541SPoul-Henning Kamp #endif 132e69f1fa2SPawel Jakub Dawidek #endif /* _KERNEL */ 13375c13541SPoul-Henning Kamp 1341ba4a712SPawel Jakub Dawidek #if defined(_KERNEL) || defined(_WANT_PRISON) 1351ba4a712SPawel Jakub Dawidek 1361ba4a712SPawel Jakub Dawidek #include <sys/osd.h> 1371ba4a712SPawel Jakub Dawidek 13876ca6f88SJamie Gritton #define HOSTUUIDLEN 64 139b96bd95bSIan Lepore #define OSRELEASELEN 32 14076ca6f88SJamie Gritton 141097055e2SEdward Tomasz Napierala struct racct; 142a7ad07bfSEdward Tomasz Napierala struct prison_racct; 143097055e2SEdward Tomasz Napierala 14475c13541SPoul-Henning Kamp /* 14575c13541SPoul-Henning Kamp * This structure describes a prison. It is pointed to by all struct 14691421ba2SRobert Watson * ucreds's of the inmates. pr_ref keeps track of them and is used to 14775c13541SPoul-Henning Kamp * delete the struture when the last inmate is dead. 14891421ba2SRobert Watson * 14901137630SRobert Watson * Lock key: 150dc68a633SPawel Jakub Dawidek * (a) allprison_lock 1514bc6b2afSPawel Jakub Dawidek * (p) locked by pr_mtx 15201137630SRobert Watson * (c) set only during creation before the structure is shared, no mutex 15301137630SRobert Watson * required to read 15475c13541SPoul-Henning Kamp */ 15575c13541SPoul-Henning Kamp struct prison { 156b38ff370SJamie Gritton TAILQ_ENTRY(prison) pr_list; /* (a) all prisons */ 157fd7a8150SMike Barcroft int pr_id; /* (c) prison id */ 15801137630SRobert Watson int pr_ref; /* (p) refcount */ 159b38ff370SJamie Gritton int pr_uref; /* (p) user (alive) refcount */ 160b38ff370SJamie Gritton unsigned pr_flags; /* (p) PR_* flags */ 1610304c731SJamie Gritton LIST_HEAD(, prison) pr_children; /* (a) list of child jails */ 1620304c731SJamie Gritton LIST_ENTRY(prison) pr_sibling; /* (a) next in parent's list */ 163ca006477SJamie Gritton struct prison *pr_parent; /* (c) containing jail */ 164ca006477SJamie Gritton struct mtx pr_mtx; 16573d9e52dSJamie Gritton struct task pr_task; /* (c) destroy task */ 166ca006477SJamie Gritton struct osd pr_osd; /* (p) additional data */ 167ca006477SJamie Gritton struct cpuset *pr_cpuset; /* (p) cpuset */ 168ca006477SJamie Gritton struct vnet *pr_vnet; /* (c) network stack */ 169ca006477SJamie Gritton struct vnode *pr_root; /* (c) vnode to rdir */ 170ca006477SJamie Gritton int pr_ip4s; /* (p) number of v4 IPs */ 171ca006477SJamie Gritton int pr_ip6s; /* (p) number of v6 IPs */ 172ca006477SJamie Gritton struct in_addr *pr_ip4; /* (p) v4 IPs of jail */ 173ca006477SJamie Gritton struct in6_addr *pr_ip6; /* (p) v6 IPs of jail */ 174a7ad07bfSEdward Tomasz Napierala struct prison_racct *pr_prison_racct; /* (c) racct jail proxy */ 175097055e2SEdward Tomasz Napierala void *pr_sparep[3]; 176b97457e2SJamie Gritton int pr_childcount; /* (a) number of child jails */ 177ca006477SJamie Gritton int pr_childmax; /* (p) maximum child jails */ 1780304c731SJamie Gritton unsigned pr_allow; /* (p) PR_ALLOW_* flags */ 179ca006477SJamie Gritton int pr_securelevel; /* (p) securelevel */ 1800304c731SJamie Gritton int pr_enforce_statfs; /* (p) statfs permission */ 1810cc207a6SMartin Matuska int pr_devfs_rsnum; /* (p) devfs ruleset */ 182b96bd95bSIan Lepore int pr_spare[3]; 183b96bd95bSIan Lepore int pr_osreldate; /* (c) kern.osreldate value */ 184ca006477SJamie Gritton unsigned long pr_hostid; /* (p) jail hostid */ 185ca006477SJamie Gritton char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ 186ca006477SJamie Gritton char pr_path[MAXPATHLEN]; /* (c) chroot path */ 187ca006477SJamie Gritton char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ 188c1f19219SJamie Gritton char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ 189c1f19219SJamie Gritton char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ 190b96bd95bSIan Lepore char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */ 19175c13541SPoul-Henning Kamp }; 192a7ad07bfSEdward Tomasz Napierala 193a7ad07bfSEdward Tomasz Napierala struct prison_racct { 194a7ad07bfSEdward Tomasz Napierala LIST_ENTRY(prison_racct) prr_next; 195a7ad07bfSEdward Tomasz Napierala char prr_name[MAXHOSTNAMELEN]; 196a7ad07bfSEdward Tomasz Napierala u_int prr_refcount; 197a7ad07bfSEdward Tomasz Napierala struct racct *prr_racct; 198a7ad07bfSEdward Tomasz Napierala }; 199e69f1fa2SPawel Jakub Dawidek #endif /* _KERNEL || _WANT_PRISON */ 20075c13541SPoul-Henning Kamp 201e69f1fa2SPawel Jakub Dawidek #ifdef _KERNEL 2020304c731SJamie Gritton /* Flag bits set via options */ 203b38ff370SJamie Gritton #define PR_PERSIST 0x00000001 /* Can exist without processes */ 20476ca6f88SJamie Gritton #define PR_HOST 0x00000002 /* Virtualize hostname et al */ 2057cbf7213SJamie Gritton #define PR_IP4_USER 0x00000004 /* Restrict IPv4 addresses */ 2067cbf7213SJamie Gritton #define PR_IP6_USER 0x00000008 /* Restrict IPv6 addresses */ 207679e1390SJamie Gritton #define PR_VNET 0x00000010 /* Virtual network stack */ 208592bcae8SBjoern A. Zeeb #define PR_IP4_SADDRSEL 0x00000080 /* Do IPv4 src addr sel. or use the */ 209592bcae8SBjoern A. Zeeb /* primary jail address. */ 210592bcae8SBjoern A. Zeeb #define PR_IP6_SADDRSEL 0x00000100 /* Do IPv6 src addr sel. or use the */ 211592bcae8SBjoern A. Zeeb /* primary jail address. */ 2120304c731SJamie Gritton 2130304c731SJamie Gritton /* Internal flag bits */ 2147cbf7213SJamie Gritton #define PR_IP4 0x02000000 /* IPv4 restricted or disabled */ 2157cbf7213SJamie Gritton /* by this jail or an ancestor */ 2167cbf7213SJamie Gritton #define PR_IP6 0x04000000 /* IPv6 restricted or disabled */ 2177cbf7213SJamie Gritton /* by this jail or an ancestor */ 2180304c731SJamie Gritton 2190e5c6bd4SJamie Gritton /* 2200e5c6bd4SJamie Gritton * Flags for pr_allow 2210e5c6bd4SJamie Gritton * Bits not noted here may be used for dynamic allow.mount.xxxfs. 2220e5c6bd4SJamie Gritton */ 22303af441cSAlexander Leidinger #define PR_ALLOW_SET_HOSTNAME 0x00000001 22403af441cSAlexander Leidinger #define PR_ALLOW_SYSVIPC 0x00000002 22503af441cSAlexander Leidinger #define PR_ALLOW_RAW_SOCKETS 0x00000004 22603af441cSAlexander Leidinger #define PR_ALLOW_CHFLAGS 0x00000008 22703af441cSAlexander Leidinger #define PR_ALLOW_MOUNT 0x00000010 22803af441cSAlexander Leidinger #define PR_ALLOW_QUOTAS 0x00000020 22903af441cSAlexander Leidinger #define PR_ALLOW_SOCKET_AF 0x00000040 230ccd6ac9fSAntoine Brodin #define PR_ALLOW_MLOCK 0x00000080 231b19d66fdSJamie Gritton #define PR_ALLOW_READ_MSGBUF 0x00000100 232b3079544SJamie Gritton #define PR_ALLOW_UNPRIV_DEBUG 0x00000200 23303af441cSAlexander Leidinger #define PR_ALLOW_RESERVED_PORTS 0x00008000 23403af441cSAlexander Leidinger #define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */ 235b3079544SJamie Gritton #define PR_ALLOW_ALL_STATIC 0x000183ff 236b3079544SJamie Gritton 237b3079544SJamie Gritton /* 238b3079544SJamie Gritton * PR_ALLOW_DIFFERENCES determines which flags are able to be 239b3079544SJamie Gritton * different between the parent and child jail upon creation. 240b3079544SJamie Gritton */ 241b3079544SJamie Gritton #define PR_ALLOW_DIFFERENCES (PR_ALLOW_UNPRIV_DEBUG) 242b38ff370SJamie Gritton 243b38ff370SJamie Gritton /* 244b38ff370SJamie Gritton * OSD methods 245b38ff370SJamie Gritton */ 246b38ff370SJamie Gritton #define PR_METHOD_CREATE 0 247b38ff370SJamie Gritton #define PR_METHOD_GET 1 248b38ff370SJamie Gritton #define PR_METHOD_SET 2 249b38ff370SJamie Gritton #define PR_METHOD_CHECK 3 250b38ff370SJamie Gritton #define PR_METHOD_ATTACH 4 251cc5fd8c7SJamie Gritton #define PR_METHOD_REMOVE 5 252cc5fd8c7SJamie Gritton #define PR_MAXMETHOD 6 253b38ff370SJamie Gritton 254b38ff370SJamie Gritton /* 2550304c731SJamie Gritton * Lock/unlock a prison. 2560304c731SJamie Gritton * XXX These exist not so much for general convenience, but to be useable in 2570304c731SJamie Gritton * the FOREACH_PRISON_DESCENDANT_LOCKED macro which can't handle them in 2580304c731SJamie Gritton * non-function form as currently defined. 2595bdee2c5SRobert Watson */ 2600304c731SJamie Gritton static __inline void 2610304c731SJamie Gritton prison_lock(struct prison *pr) 2620304c731SJamie Gritton { 2630304c731SJamie Gritton 2640304c731SJamie Gritton mtx_lock(&pr->pr_mtx); 2650304c731SJamie Gritton } 2660304c731SJamie Gritton 2670304c731SJamie Gritton static __inline void 2680304c731SJamie Gritton prison_unlock(struct prison *pr) 2690304c731SJamie Gritton { 2700304c731SJamie Gritton 2710304c731SJamie Gritton mtx_unlock(&pr->pr_mtx); 2720304c731SJamie Gritton } 2730304c731SJamie Gritton 2740304c731SJamie Gritton /* Traverse a prison's immediate children. */ 2750304c731SJamie Gritton #define FOREACH_PRISON_CHILD(ppr, cpr) \ 2760304c731SJamie Gritton LIST_FOREACH(cpr, &(ppr)->pr_children, pr_sibling) 2770304c731SJamie Gritton 2780304c731SJamie Gritton /* 2790304c731SJamie Gritton * Preorder traversal of all of a prison's descendants. 2800304c731SJamie Gritton * This ugly loop allows the macro to be followed by a single block 2810304c731SJamie Gritton * as expected in a looping primitive. 2820304c731SJamie Gritton */ 2830304c731SJamie Gritton #define FOREACH_PRISON_DESCENDANT(ppr, cpr, descend) \ 2840304c731SJamie Gritton for ((cpr) = (ppr), (descend) = 1; \ 2850304c731SJamie Gritton ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ 2860304c731SJamie Gritton ? LIST_FIRST(&(cpr)->pr_children) \ 2870304c731SJamie Gritton : ((cpr) == (ppr) \ 2880304c731SJamie Gritton ? NULL \ 2890304c731SJamie Gritton : (((descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ 2900304c731SJamie Gritton ? LIST_NEXT(cpr, pr_sibling) \ 2910304c731SJamie Gritton : (cpr)->pr_parent))));) \ 2920304c731SJamie Gritton if (!(descend)) \ 2930304c731SJamie Gritton ; \ 2940304c731SJamie Gritton else 2950304c731SJamie Gritton 2960304c731SJamie Gritton /* 2970304c731SJamie Gritton * As above, but lock descendants on the way down and unlock on the way up. 2980304c731SJamie Gritton */ 2990304c731SJamie Gritton #define FOREACH_PRISON_DESCENDANT_LOCKED(ppr, cpr, descend) \ 3000304c731SJamie Gritton for ((cpr) = (ppr), (descend) = 1; \ 3010304c731SJamie Gritton ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ 3020304c731SJamie Gritton ? LIST_FIRST(&(cpr)->pr_children) \ 3030304c731SJamie Gritton : ((cpr) == (ppr) \ 3040304c731SJamie Gritton ? NULL \ 3050304c731SJamie Gritton : ((prison_unlock(cpr), \ 3060304c731SJamie Gritton (descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ 3070304c731SJamie Gritton ? LIST_NEXT(cpr, pr_sibling) \ 3080304c731SJamie Gritton : (cpr)->pr_parent))));) \ 3090304c731SJamie Gritton if ((descend) ? (prison_lock(cpr), 0) : 1) \ 3100304c731SJamie Gritton ; \ 3110304c731SJamie Gritton else 3120304c731SJamie Gritton 3130304c731SJamie Gritton /* 314b97457e2SJamie Gritton * As above, but also keep track of the level descended to. 315b97457e2SJamie Gritton */ 316b97457e2SJamie Gritton #define FOREACH_PRISON_DESCENDANT_LOCKED_LEVEL(ppr, cpr, descend, level)\ 317b97457e2SJamie Gritton for ((cpr) = (ppr), (descend) = 1, (level) = 0; \ 318b97457e2SJamie Gritton ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ 319b97457e2SJamie Gritton ? (level++, LIST_FIRST(&(cpr)->pr_children)) \ 320b97457e2SJamie Gritton : ((cpr) == (ppr) \ 321b97457e2SJamie Gritton ? NULL \ 322b97457e2SJamie Gritton : ((prison_unlock(cpr), \ 323b97457e2SJamie Gritton (descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ 324b97457e2SJamie Gritton ? LIST_NEXT(cpr, pr_sibling) \ 325b97457e2SJamie Gritton : (level--, (cpr)->pr_parent)))));) \ 326b97457e2SJamie Gritton if ((descend) ? (prison_lock(cpr), 0) : 1) \ 327b97457e2SJamie Gritton ; \ 328b97457e2SJamie Gritton else 329b97457e2SJamie Gritton 330b97457e2SJamie Gritton /* 3310304c731SJamie Gritton * Attributes of the physical system, and the root of the jail tree. 3320304c731SJamie Gritton */ 3330304c731SJamie Gritton extern struct prison prison0; 3345bdee2c5SRobert Watson 335b38ff370SJamie Gritton TAILQ_HEAD(prisonlist, prison); 336fd7a8150SMike Barcroft extern struct prisonlist allprison; 337dc68a633SPawel Jakub Dawidek extern struct sx allprison_lock; 338fd7a8150SMike Barcroft 33991421ba2SRobert Watson /* 340b38ff370SJamie Gritton * Sysctls to describe jail parameters. 341b38ff370SJamie Gritton */ 342b38ff370SJamie Gritton SYSCTL_DECL(_security_jail_param); 343b38ff370SJamie Gritton 344b38ff370SJamie Gritton #define SYSCTL_JAIL_PARAM(module, param, type, fmt, descr) \ 345b38ff370SJamie Gritton SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ 346b38ff370SJamie Gritton (type) | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, fmt, descr) 347b38ff370SJamie Gritton #define SYSCTL_JAIL_PARAM_STRING(module, param, access, len, descr) \ 348b38ff370SJamie Gritton SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ 349b38ff370SJamie Gritton CTLTYPE_STRING | CTLFLAG_MPSAFE | (access), NULL, len, \ 350b38ff370SJamie Gritton sysctl_jail_param, "A", descr) 351b38ff370SJamie Gritton #define SYSCTL_JAIL_PARAM_STRUCT(module, param, access, len, fmt, descr)\ 352b38ff370SJamie Gritton SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ 353b38ff370SJamie Gritton CTLTYPE_STRUCT | CTLFLAG_MPSAFE | (access), NULL, len, \ 354b38ff370SJamie Gritton sysctl_jail_param, fmt, descr) 355b38ff370SJamie Gritton #define SYSCTL_JAIL_PARAM_NODE(module, descr) \ 3567029da5cSPawel Biernacki SYSCTL_NODE(_security_jail_param, OID_AUTO, module, CTLFLAG_MPSAFE, \ 3577029da5cSPawel Biernacki 0, descr) 358bf3db8aaSMartin Matuska #define SYSCTL_JAIL_PARAM_SUBNODE(parent, module, descr) \ 3597029da5cSPawel Biernacki SYSCTL_NODE(_security_jail_param_##parent, OID_AUTO, module, \ 3607029da5cSPawel Biernacki CTLFLAG_MPSAFE, 0, descr) 3617cbf7213SJamie Gritton #define SYSCTL_JAIL_PARAM_SYS_NODE(module, access, descr) \ 3627cbf7213SJamie Gritton SYSCTL_JAIL_PARAM_NODE(module, descr); \ 3637cbf7213SJamie Gritton SYSCTL_JAIL_PARAM(_##module, , CTLTYPE_INT | (access), "E,jailsys", \ 3647cbf7213SJamie Gritton descr) 365b38ff370SJamie Gritton 366b38ff370SJamie Gritton /* 36791421ba2SRobert Watson * Kernel support functions for jail(). 36891421ba2SRobert Watson */ 36991421ba2SRobert Watson struct ucred; 370f08df373SRobert Watson struct mount; 37191421ba2SRobert Watson struct sockaddr; 372820a0de9SPawel Jakub Dawidek struct statfs; 3730e5c6bd4SJamie Gritton struct vfsconf; 374e6081fe8SMateusz Guzik 375e6081fe8SMateusz Guzik /* 376e6081fe8SMateusz Guzik * Return 1 if the passed credential is in a jail, otherwise 0. 377e6081fe8SMateusz Guzik */ 378e6081fe8SMateusz Guzik #define jailed(cred) (cred->cr_prison != &prison0) 379e6081fe8SMateusz Guzik 380de0bd6f7SBjoern A. Zeeb int jailed_without_vnet(struct ucred *); 3817455b100SJamie Gritton void getcredhostname(struct ucred *, char *, size_t); 3827455b100SJamie Gritton void getcreddomainname(struct ucred *, char *, size_t); 3837455b100SJamie Gritton void getcredhostuuid(struct ucred *, char *, size_t); 3847455b100SJamie Gritton void getcredhostid(struct ucred *, unsigned long *); 3853f8bc99cSKristof Provost void getjailname(struct ucred *cred, char *name, size_t len); 386b96bd95bSIan Lepore void prison0_init(void); 3870304c731SJamie Gritton int prison_allow(struct ucred *, unsigned); 388789f12feSAlfred Perlstein int prison_check(struct ucred *cred1, struct ucred *cred2); 389eb79e1c7SBjoern A. Zeeb int prison_owns_vnet(struct ucred *); 390820a0de9SPawel Jakub Dawidek int prison_canseemount(struct ucred *cred, struct mount *mp); 391820a0de9SPawel Jakub Dawidek void prison_enforce_statfs(struct ucred *cred, struct mount *mp, 392820a0de9SPawel Jakub Dawidek struct statfs *sp); 39354b369c1SPawel Jakub Dawidek struct prison *prison_find(int prid); 3940304c731SJamie Gritton struct prison *prison_find_child(struct prison *, int); 3950304c731SJamie Gritton struct prison *prison_find_name(struct prison *, const char *); 3960304c731SJamie Gritton int prison_flag(struct ucred *, unsigned); 397789f12feSAlfred Perlstein void prison_free(struct prison *pr); 3981ba4a712SPawel Jakub Dawidek void prison_free_locked(struct prison *pr); 399789f12feSAlfred Perlstein void prison_hold(struct prison *pr); 4001ba4a712SPawel Jakub Dawidek void prison_hold_locked(struct prison *pr); 401413628a7SBjoern A. Zeeb void prison_proc_hold(struct prison *); 402413628a7SBjoern A. Zeeb void prison_proc_free(struct prison *); 4030304c731SJamie Gritton int prison_ischild(struct prison *, struct prison *); 4040304c731SJamie Gritton int prison_equal_ip4(struct prison *, struct prison *); 4051cecba0fSBjoern A. Zeeb int prison_get_ip4(struct ucred *cred, struct in_addr *ia); 406413628a7SBjoern A. Zeeb int prison_local_ip4(struct ucred *cred, struct in_addr *ia); 407413628a7SBjoern A. Zeeb int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); 4080d168b8dSGleb Smirnoff int prison_check_ip4(const struct ucred *, const struct in_addr *); 4090ce1624dSStephen J. Kiernan int prison_check_ip4_locked(const struct prison *, const struct in_addr *); 410592bcae8SBjoern A. Zeeb int prison_saddrsel_ip4(struct ucred *, struct in_addr *); 4110ce1624dSStephen J. Kiernan int prison_restrict_ip4(struct prison *, struct in_addr *); 4120ce1624dSStephen J. Kiernan int prison_qcmp_v4(const void *, const void *); 413413628a7SBjoern A. Zeeb #ifdef INET6 4140304c731SJamie Gritton int prison_equal_ip6(struct prison *, struct prison *); 4151cecba0fSBjoern A. Zeeb int prison_get_ip6(struct ucred *, struct in6_addr *); 416413628a7SBjoern A. Zeeb int prison_local_ip6(struct ucred *, struct in6_addr *, int); 417413628a7SBjoern A. Zeeb int prison_remote_ip6(struct ucred *, struct in6_addr *); 4180ce1624dSStephen J. Kiernan int prison_check_ip6(const struct ucred *, const struct in6_addr *); 4190ce1624dSStephen J. Kiernan int prison_check_ip6_locked(const struct prison *, const struct in6_addr *); 420592bcae8SBjoern A. Zeeb int prison_saddrsel_ip6(struct ucred *, struct in6_addr *); 4210ce1624dSStephen J. Kiernan int prison_restrict_ip6(struct prison *, struct in6_addr *); 4220ce1624dSStephen J. Kiernan int prison_qcmp_v6(const void *, const void *); 423413628a7SBjoern A. Zeeb #endif 424ca04ba64SJamie Gritton int prison_check_af(struct ucred *cred, int af); 425c83dda36SAlexander V. Chernikov int prison_if(struct ucred *cred, const struct sockaddr *sa); 4260304c731SJamie Gritton char *prison_name(struct prison *, struct prison *); 427800c9408SRobert Watson int prison_priv_check(struct ucred *cred, int priv); 428e4cd31ddSJeff Roberson int sysctl_jail_param(SYSCTL_HANDLER_ARGS); 4290a172404SJamie Gritton unsigned prison_add_allow(const char *prefix, const char *name, 4300a172404SJamie Gritton const char *prefix_descr, const char *descr); 4310e5c6bd4SJamie Gritton void prison_add_vfs(struct vfsconf *vfsp); 432097055e2SEdward Tomasz Napierala void prison_racct_foreach(void (*callback)(struct racct *racct, 433a63513d7SEdward Tomasz Napierala void *arg2, void *arg3), void (*pre)(void), void (*post)(void), 434a63513d7SEdward Tomasz Napierala void *arg2, void *arg3); 435a7ad07bfSEdward Tomasz Napierala struct prison_racct *prison_racct_find(const char *name); 436a7ad07bfSEdward Tomasz Napierala void prison_racct_hold(struct prison_racct *prr); 437a7ad07bfSEdward Tomasz Napierala void prison_racct_free(struct prison_racct *prr); 43891421ba2SRobert Watson 439e69f1fa2SPawel Jakub Dawidek #endif /* _KERNEL */ 44075c13541SPoul-Henning Kamp #endif /* !_SYS_JAIL_H_ */ 441