Lines Matching +full:sci +full:- +full:proc +full:- +full:ids
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 1999 Poul-Henning Kamp.
47 #include <sys/proc.h>
110 .pr_securelevel = -1,
165 struct proc *p);
217 * Make this array full-size so dynamic parameters can be added.
267 * Initialize the parts of prison0 that can't be static-initialized with
291 * non-printable characters to be safe. in prison0_init()
293 while (size > 0 && data[size - 1] <= 0x20) { in prison0_init()
294 size--; in prison0_init()
300 * Not NUL-terminated when passed from loader, but in prison0_init()
342 error = copyin(uap->jail, &version, sizeof(uint32_t)); in sys_jail()
353 error = copyin(uap->jail, &j0, sizeof(struct jail_v0)); in sys_jail()
365 * Version 1 was used by multi-IPv4 jail implementations in sys_jail()
371 /* FreeBSD multi-IPv4/IPv6,noIP jails. */ in sys_jail()
372 error = copyin(uap->jail, &j, sizeof(struct jail)); in sys_jail()
378 /* Sci-Fi jails are not supported, sorry. */ in sys_jail()
411 opt.uio_offset = -1; in kern_jail()
412 opt.uio_resid = -1; in kern_jail()
417 /* Set permissions for top-level jails from sysctls. */ in kern_jail()
418 if (!jailed(td->td_ucred)) { in kern_jail()
421 atomic_load_int(&bf->flag) != 0; in kern_jail()
424 (jail_default_allow & bf->flag) in kern_jail()
425 ? bf->name : bf->noname); in kern_jail()
441 ip4s = (j->version == 0) ? 1 : j->ip4s; in kern_jail()
446 if (j->ip4s > 0) in kern_jail()
450 if (j->ip6s > jail_max_af_ips) in kern_jail()
452 tmplen += j->ip6s * sizeof(struct in6_addr); in kern_jail()
454 if (j->ip6s > 0) in kern_jail()
474 error = copyinstr(j->path, u_path, MAXPATHLEN, in kern_jail()
485 error = copyinstr(j->hostname, u_hostname, MAXHOSTNAMELEN, in kern_jail()
492 if (j->jailname != NULL) { in kern_jail()
497 error = copyinstr(j->jailname, u_name, MAXHOSTNAMELEN, in kern_jail()
511 if (j->version == 0) in kern_jail()
512 u_ip4->s_addr = j->ip4s; in kern_jail()
514 error = copyin(j->ip4, u_ip4, optiov[opt.uio_iovcnt].iov_len); in kern_jail()
527 optiov[opt.uio_iovcnt].iov_len = j->ip6s * sizeof(struct in6_addr); in kern_jail()
528 error = copyin(j->ip6, u_ip6, optiov[opt.uio_iovcnt].iov_len); in kern_jail()
556 if (uap->iovcnt & 1) in sys_jail_set()
559 error = copyinuio(uap->iovp, uap->iovcnt, &auio); in sys_jail_set()
562 error = kern_jail_set(td, auio, uap->flags); in sys_jail_set()
604 * XXX Variable-length automatic arrays in union may be
622 MPASS(idx >= 0 && idx < pip->ips); in PR_IP()
624 return (pip->pr_ip + pr_families[af].size * idx); in PR_IP()
635 pip->ips = cnt; in prison_ip_alloc()
651 bcopy(op, pip->pr_ip, cnt * size); in prison_ip_copyin()
661 qsort(PR_IP(pip, af, 1), cnt - 1, size, cmp); in prison_ip_copyin()
690 const struct prison_ip *ppip = ppr->pr_addrs[af]; in prison_ip_dup()
694 pip = prison_ip_alloc(af, ppip->ips, M_WAITOK); in prison_ip_dup()
695 bcopy(ppip->pr_ip, pip->pr_ip, pip->ips * pr_families[af].size); in prison_ip_dup()
696 pr->pr_addrs[af] = pip; in prison_ip_dup()
716 for (i = 0; i < ppip->ips; i++) in prison_ip_parent_match()
720 if (i == ppip->ips) in prison_ip_parent_match()
724 if (pip->ips > 1) { in prison_ip_parent_match()
725 for (i = j = 1; i < pip->ips; i++) { in prison_ip_parent_match()
729 for (; j < ppip->ips; j++) in prison_ip_parent_match()
733 if (j == ppip->ips) in prison_ip_parent_match()
736 if (j == ppip->ips) in prison_ip_parent_match()
757 for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent) in prison_ip_conflict_check()
758 if (tppr->pr_flags & PR_VNET) in prison_ip_conflict_check()
766 (tpr != tppr && (tpr->pr_flags & PR_VNET)) || in prison_ip_conflict_check()
772 if (!(tpr->pr_flags & pr_families[af].ip_flag)) in prison_ip_conflict_check()
775 if (tpr->pr_addrs[af] == NULL || in prison_ip_conflict_check()
776 (pip->ips == 1 && tpr->pr_addrs[af]->ips == 1)) in prison_ip_conflict_check()
778 for (int i = 0; i < pip->ips; i++) in prison_ip_conflict_check()
800 NET_EPOCH_CALL(prison_ip_free_deferred, &pip->ctx); in prison_ip_free()
808 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_set()
810 mem = &pr->pr_addrs[af]; in prison_ip_set()
826 struct prison_ip *ppip = pr->pr_parent->pr_addrs[af]; in prison_ip_restrict()
827 struct prison_ip *pip = pr->pr_addrs[af]; in prison_ip_restrict()
833 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_restrict()
836 * Due to epoch-synchronized access to the IP address lists we always in prison_ip_restrict()
848 if (!(pr->pr_flags & pr_families[af].ip_flag)) { in prison_ip_restrict()
850 new = prison_ip_alloc(af, ppip->ips, M_NOWAIT); in prison_ip_restrict()
855 MPASS(new->ips == ppip->ips); in prison_ip_restrict()
856 bcopy(ppip->pr_ip, new->pr_ip, ppip->ips * size); in prison_ip_restrict()
868 new = prison_ip_alloc(af, pip->ips, M_NOWAIT); in prison_ip_restrict()
873 for (int pi = 0; pi < ppip->ips; pi++) in prison_ip_restrict()
882 for (int pi = 1; i < pip->ips; ) { in prison_ip_restrict()
893 switch (pi >= ppip->ips ? -1 : in prison_ip_restrict()
895 case -1: in prison_ip_restrict()
916 KASSERT((new->ips >= ips), in prison_ip_restrict()
917 ("Out-of-bounds write to prison_ip %p", new)); in prison_ip_restrict()
918 new->ips = ips; in prison_ip_restrict()
928 * Fast-path check if an address belongs to a prison.
938 MPASS(mtx_owned(&pr->pr_mtx) || in prison_ip_check()
942 pip = atomic_load_ptr(&pr->pr_addrs[af]); in prison_ip_check()
954 z = pip->ips - 2; in prison_ip_check()
959 z = i - 1; in prison_ip_check()
971 * us to support epoch-protected access. Is it used in fast path?
977 const struct prison_ip *pip = pr->pr_addrs[af]; in prison_ip_get0()
979 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_get0()
982 return (pip->pr_ip); in prison_ip_get0()
989 return (pr->pr_addrs[af]->ips); in prison_ip_cnt()
1037 mypr = td->td_ucred->cr_prison; in kern_jail_set()
1039 mypr->pr_childmax == 0) in kern_jail_set()
1056 jfd_out = -1; in kern_jail_set()
1064 * options. But it makes more sense to re-use the vfsopt code in kern_jail_set()
1087 jfd_in = -1; in kern_jail_set()
1110 if ((flags & JAIL_CREATE) && mypr->pr_childmax == 0) { in kern_jail_set()
1182 vfs_flagopt(opts, bf->name, &pr_flags, bf->flag); in kern_jail_set()
1183 vfs_flagopt(opts, bf->noname, &ch_flags, bf->flag); in kern_jail_set()
1189 error = vfs_copyopt(opts, jsf->name, &jsys, sizeof(jsys)); in kern_jail_set()
1196 if (!jsf->disable) { in kern_jail_set()
1200 pr_flags |= jsf->disable; in kern_jail_set()
1203 pr_flags |= jsf->new; in kern_jail_set()
1211 ch_flags |= jsf->new | jsf->disable; in kern_jail_set()
1244 atomic_load_int(&bf->flag) != 0; in kern_jail_set()
1246 vfs_flagopt(opts, bf->name, &pr_allow, bf->flag); in kern_jail_set()
1247 vfs_flagopt(opts, bf->noname, &ch_allow, bf->flag); in kern_jail_set()
1257 if (len == 0 || name[len - 1] != '\0') { in kern_jail_set()
1275 if (len == 0 || host[len - 1] != '\0') { in kern_jail_set()
1293 if (len == 0 || domain[len - 1] != '\0') { in kern_jail_set()
1311 if (len == 0 || uuid[len - 1] != '\0') { in kern_jail_set()
1322 if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { in kern_jail_set()
1346 else if (ip4s & (sizeof(struct in_addr) - 1)) { in kern_jail_set()
1374 else if (ip6s & (sizeof(struct in6_addr) - 1)) { in kern_jail_set()
1417 if (len == 0 || osrelstr[len - 1] != '\0') { in kern_jail_set()
1424 "osrelease string must be 1-%d bytes long", in kern_jail_set()
1425 OSRELEASELEN - 1); in kern_jail_set()
1462 if (len == 0 || path[len - 1] != '\0') { in kern_jail_set()
1481 if (root->v_type != VDIR) { in kern_jail_set()
1527 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1532 pr->pr_id); in kern_jail_set()
1540 vfs_opterror(opts, "jail %d is dying", pr->pr_id); in kern_jail_set()
1543 if (jid != 0 && jid != pr->pr_id) { in kern_jail_set()
1548 jid = pr->pr_id; in kern_jail_set()
1560 if (inspr->pr_id < jid) in kern_jail_set()
1562 if (inspr->pr_id > jid) in kern_jail_set()
1566 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1617 if (strncmp(name, ppr->pr_name, namelc - name) in kern_jail_set()
1618 || ppr->pr_name[namelc - name] != '\0') { in kern_jail_set()
1633 mtx_unlock(&ppr->pr_mtx); in kern_jail_set()
1646 (ppr == &prison0) ? 0 : strlen(ppr->pr_name) + 1; in kern_jail_set()
1649 strcmp(tpr->pr_name + pnamelen, namelc)) in kern_jail_set()
1663 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1693 for (tpr = mypr; tpr != NULL; tpr = tpr->pr_parent) in kern_jail_set()
1694 if (tpr->pr_childcount >= tpr->pr_childmax) { in kern_jail_set()
1710 vfs_opterror(opts, "no available jail IDs"); in kern_jail_set()
1713 mtx_lock(&deadpr->pr_mtx); in kern_jail_set()
1714 deadpr->pr_id = deadid; in kern_jail_set()
1715 mtx_unlock(&deadpr->pr_mtx); in kern_jail_set()
1731 vfs_opterror(opts, "no available jail IDs"); in kern_jail_set()
1736 pr->pr_state = PRISON_STATE_INVALID; in kern_jail_set()
1737 refcount_init(&pr->pr_ref, 1); in kern_jail_set()
1738 refcount_init(&pr->pr_uref, 0); in kern_jail_set()
1740 LIST_INIT(&pr->pr_children); in kern_jail_set()
1741 mtx_init(&pr->pr_mtx, "jail mutex", NULL, MTX_DEF | MTX_DUPOK); in kern_jail_set()
1742 TASK_INIT(&pr->pr_task, 0, prison_complete, pr); in kern_jail_set()
1744 pr->pr_id = jid; in kern_jail_set()
1750 pr->pr_parent = ppr; in kern_jail_set()
1753 LIST_INSERT_HEAD(&ppr->pr_children, pr, pr_sibling); in kern_jail_set()
1754 for (tpr = ppr; tpr != NULL; tpr = tpr->pr_parent) in kern_jail_set()
1755 tpr->pr_childcount++; in kern_jail_set()
1756 pr->pr_klist = knlist_alloc(&pr->pr_mtx); in kern_jail_set()
1763 root = mypr->pr_root; in kern_jail_set()
1766 strlcpy(pr->pr_hostuuid, DEFAULT_HOSTUUID, HOSTUUIDLEN); in kern_jail_set()
1767 pr->pr_flags |= PR_HOST; in kern_jail_set()
1775 pr->pr_flags |= PR_IP4 | PR_IP4_USER; in kern_jail_set()
1777 pr->pr_flags |= ppr->pr_flags & PR_IP4; in kern_jail_set()
1783 pr->pr_flags |= PR_IP6 | PR_IP6_USER; in kern_jail_set()
1785 pr->pr_flags |= ppr->pr_flags & PR_IP6; in kern_jail_set()
1792 pr->pr_flags |= _PR_IP_SADDRSEL; in kern_jail_set()
1794 pr->pr_securelevel = ppr->pr_securelevel; in kern_jail_set()
1795 pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow; in kern_jail_set()
1796 pr->pr_enforce_statfs = jail_default_enforce_statfs; in kern_jail_set()
1797 pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum; in kern_jail_set()
1799 pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; in kern_jail_set()
1801 strlcpy(pr->pr_osrelease, ppr->pr_osrelease, in kern_jail_set()
1802 sizeof(pr->pr_osrelease)); in kern_jail_set()
1804 strlcpy(pr->pr_osrelease, osrelstr, in kern_jail_set()
1805 sizeof(pr->pr_osrelease)); in kern_jail_set()
1815 pr->pr_flags |= PR_VNET; in kern_jail_set()
1816 pr->pr_vnet = vnet_alloc(); in kern_jail_set()
1818 pr->pr_vnet = ppr->pr_vnet; in kern_jail_set()
1825 error = cpuset_create_root(ppr, &pr->pr_cpuset); in kern_jail_set()
1829 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1841 if ((pr->pr_flags & PR_VNET) && in kern_jail_set()
1850 if (PR_IP4_USER & ch_flags & (pr_flags ^ pr->pr_flags)) { in kern_jail_set()
1858 if (PR_IP6_USER & ch_flags & (pr_flags ^ pr->pr_flags)) { in kern_jail_set()
1869 if (slevel < ppr->pr_securelevel) { in kern_jail_set()
1875 if (childmax >= ppr->pr_childmax) { in kern_jail_set()
1881 if (enforce < ppr->pr_enforce_statfs) { in kern_jail_set()
1897 if (jailed(td->td_ucred)) { in kern_jail_set()
1898 if (rsnum > 0 && rsnum != ppr->pr_devfs_rsnum) { in kern_jail_set()
1902 rsnum = ppr->pr_devfs_rsnum; in kern_jail_set()
1907 if ((ppr->pr_flags & PR_IP4) && in kern_jail_set()
1908 !prison_ip_parent_match(ppr->pr_addrs[PR_INET], ip4, in kern_jail_set()
1922 if ((ppr->pr_flags & PR_IP6) && in kern_jail_set()
1923 !prison_ip_parent_match(ppr->pr_addrs[PR_INET6], ip6, in kern_jail_set()
1938 * explicitly the jid - but not any other number, and only in in kern_jail_set()
1954 pnamelen = (ppr == &prison0) ? 0 : strlen(ppr->pr_name) + 1; in kern_jail_set()
1955 onamelen = strlen(pr->pr_name + pnamelen); in kern_jail_set()
1957 if (pnamelen + namelen + 1 > sizeof(pr->pr_name)) { in kern_jail_set()
1962 if (strlen(tpr->pr_name) + (namelen - onamelen) >= in kern_jail_set()
1963 sizeof(pr->pr_name)) { in kern_jail_set()
1969 pr_allow_diff = pr_allow & ~ppr->pr_allow; in kern_jail_set()
1977 * then re-locking the prison, but this is still a valid state as long in kern_jail_set()
1980 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
1985 mtx_lock(&pr->pr_mtx); in kern_jail_set()
1990 if (!opt->seen && strcmp(opt->name, "errmsg")) { in kern_jail_set()
1992 vfs_opterror(opts, "unknown parameter: %s", opt->name); in kern_jail_set()
2002 pr->pr_flags |= PR_IP4; in kern_jail_set()
2007 if (tpr->pr_flags & PR_VNET) { in kern_jail_set()
2022 pr->pr_flags |= PR_IP6; in kern_jail_set()
2027 if (tpr->pr_flags & PR_VNET) { in kern_jail_set()
2040 pr->pr_securelevel = slevel; in kern_jail_set()
2043 if (tpr->pr_securelevel < slevel) in kern_jail_set()
2044 tpr->pr_securelevel = slevel; in kern_jail_set()
2047 pr->pr_childmax = childmax; in kern_jail_set()
2050 if (tpr->pr_childmax > childmax - level) in kern_jail_set()
2051 tpr->pr_childmax = childmax > level in kern_jail_set()
2052 ? childmax - level : 0; in kern_jail_set()
2055 pr->pr_enforce_statfs = enforce; in kern_jail_set()
2058 if (tpr->pr_enforce_statfs < enforce) in kern_jail_set()
2059 tpr->pr_enforce_statfs = enforce; in kern_jail_set()
2062 pr->pr_devfs_rsnum = rsnum; in kern_jail_set()
2065 tpr->pr_devfs_rsnum = rsnum; in kern_jail_set()
2069 strlcpy(pr->pr_name, namelc, sizeof(pr->pr_name)); in kern_jail_set()
2071 snprintf(pr->pr_name, sizeof(pr->pr_name), "%s.%s", in kern_jail_set()
2072 ppr->pr_name, namelc); in kern_jail_set()
2075 bcopy(tpr->pr_name + onamelen, tpr->pr_name + namelen, in kern_jail_set()
2076 strlen(tpr->pr_name + onamelen) + 1); in kern_jail_set()
2077 bcopy(pr->pr_name, tpr->pr_name, namelen); in kern_jail_set()
2081 /* Try to keep a real-rooted full pathname. */ in kern_jail_set()
2082 strlcpy(pr->pr_path, path, sizeof(pr->pr_path)); in kern_jail_set()
2083 pr->pr_root = root; in kern_jail_set()
2087 if (pr->pr_flags & PR_HOST) { in kern_jail_set()
2094 strlcpy(pr->pr_hostname, pr->pr_parent->pr_hostname, in kern_jail_set()
2095 sizeof(pr->pr_hostname)); in kern_jail_set()
2096 strlcpy(pr->pr_domainname, pr->pr_parent->pr_domainname, in kern_jail_set()
2097 sizeof(pr->pr_domainname)); in kern_jail_set()
2098 strlcpy(pr->pr_hostuuid, pr->pr_parent->pr_hostuuid, in kern_jail_set()
2099 sizeof(pr->pr_hostuuid)); in kern_jail_set()
2100 pr->pr_hostid = pr->pr_parent->pr_hostid; in kern_jail_set()
2105 strlcpy(pr->pr_hostname, host, sizeof(pr->pr_hostname)); in kern_jail_set()
2107 strlcpy(pr->pr_domainname, domain, in kern_jail_set()
2108 sizeof(pr->pr_domainname)); in kern_jail_set()
2110 strlcpy(pr->pr_hostuuid, uuid, sizeof(pr->pr_hostuuid)); in kern_jail_set()
2112 pr->pr_hostid = hid; in kern_jail_set()
2114 if (tpr->pr_flags & PR_HOST) in kern_jail_set()
2118 strlcpy(tpr->pr_hostname, in kern_jail_set()
2119 pr->pr_hostname, in kern_jail_set()
2120 sizeof(tpr->pr_hostname)); in kern_jail_set()
2122 strlcpy(tpr->pr_domainname, in kern_jail_set()
2123 pr->pr_domainname, in kern_jail_set()
2124 sizeof(tpr->pr_domainname)); in kern_jail_set()
2126 strlcpy(tpr->pr_hostuuid, in kern_jail_set()
2127 pr->pr_hostuuid, in kern_jail_set()
2128 sizeof(tpr->pr_hostuuid)); in kern_jail_set()
2130 tpr->pr_hostid = hid; in kern_jail_set()
2134 pr->pr_allow = (pr->pr_allow & ~ch_allow) | pr_allow; in kern_jail_set()
2141 if (ch_flags & PR_PERSIST & (pr_flags ^ pr->pr_flags)) { in kern_jail_set()
2149 refcount_acquire(&pr->pr_uref); in kern_jail_set()
2155 pr->pr_flags = (pr->pr_flags & ~ch_flags) | pr_flags; in kern_jail_set()
2156 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2159 * Any errors past this point will need to de-persist newly created in kern_jail_set()
2175 ip4s = pr->pr_addrs[PR_INET]->ips; in kern_jail_set()
2178 mtx_lock(&pr->pr_mtx); in kern_jail_set()
2182 if (tpr->pr_flags & PR_VNET) { in kern_jail_set()
2190 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2195 ip6s = pr->pr_addrs[PR_INET6]->ips; in kern_jail_set()
2198 mtx_lock(&pr->pr_mtx); in kern_jail_set()
2202 if (tpr->pr_flags & PR_VNET) { in kern_jail_set()
2210 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2230 prison_knote(ppr, NOTE_JAIL_CHILD | pr->pr_id); in kern_jail_set()
2231 mtx_lock(&pr->pr_mtx); in kern_jail_set()
2233 pr->pr_state = PRISON_STATE_ALIVE; in kern_jail_set()
2250 mtx_unlock(&pr->pr_mtx); in kern_jail_set()
2261 if (created && pr != &prison0 && (pr->pr_allow & PR_ALLOW_NFSD) != 0 && in kern_jail_set()
2262 (pr->pr_root->v_vflag & VV_ROOT) == 0) in kern_jail_set()
2264 " file system\n", pr->pr_id); in kern_jail_set()
2274 mtx_lock(&pr->pr_mtx); in kern_jail_set()
2278 if (optuio->uio_segflg == UIO_SYSSPACE) in kern_jail_set()
2279 *(int*)optuio->uio_iov[jfd_pos].iov_base = jfd_out; in kern_jail_set()
2282 optuio->uio_iov[jfd_pos].iov_base, sizeof(jfd_out)); in kern_jail_set()
2287 td->td_retval[0] = pr->pr_id; in kern_jail_set()
2312 if (optuio->uio_segflg == UIO_SYSSPACE) in kern_jail_set()
2314 optuio->uio_iov[errmsg_pos].iov_base, in kern_jail_set()
2318 optuio->uio_iov[errmsg_pos].iov_base, in kern_jail_set()
2355 TAILQ_LAST(&allprison, prisonlist)->pr_id < jid) { in get_next_prid()
2369 if (inspr->pr_id < jid) in get_next_prid()
2371 if (inspr->pr_id > jid) { in get_next_prid()
2412 deadid = lastdeadid ? lastdeadid - 1 : JAIL_MAX; in get_next_deadid()
2419 if (dinspr->pr_id > deadid) in get_next_deadid()
2421 if (dinspr->pr_id < deadid) { in get_next_deadid()
2426 if (--deadid < minid) { in get_next_deadid()
2465 if (uap->iovcnt & 1) in sys_jail_get()
2468 error = copyinuio(uap->iovp, uap->iovcnt, &auio); in sys_jail_get()
2471 error = kern_jail_get(td, auio, uap->flags); in sys_jail_get()
2473 error = copyout(auio->uio_iov, uap->iovp, in sys_jail_get()
2474 uap->iovcnt * sizeof(struct iovec)); in sys_jail_get()
2504 mypr = td->td_ucred->cr_prison; in kern_jail_get()
2508 jfd_out = -1; in kern_jail_get()
2539 mtx_lock(&pr->pr_mtx); in kern_jail_get()
2544 pr->pr_id); in kern_jail_get()
2573 if (pr->pr_id > jid && in kern_jail_get()
2576 mtx_lock(&pr->pr_mtx); in kern_jail_get()
2611 if (len == 0 || name[len - 1] != '\0') { in kern_jail_get()
2642 td->td_retval[0] = pr->pr_id; in kern_jail_get()
2649 error = vfs_setopt(opts, "jid", &pr->pr_id, sizeof(pr->pr_id)); in kern_jail_get()
2652 i = (pr->pr_parent == mypr) ? 0 : pr->pr_parent->pr_id; in kern_jail_get()
2659 error = vfs_setopt(opts, "cpuset.id", &pr->pr_cpuset->cs_id, in kern_jail_get()
2660 sizeof(pr->pr_cpuset->cs_id)); in kern_jail_get()
2667 error = vfs_setopt_part(opts, "ip4.addr", pr->pr_addrs[PR_INET]->pr_ip, in kern_jail_get()
2668 pr->pr_addrs[PR_INET] ? pr->pr_addrs[PR_INET]->ips * in kern_jail_get()
2674 error = vfs_setopt_part(opts, "ip6.addr", pr->pr_addrs[PR_INET6]->pr_ip, in kern_jail_get()
2675 pr->pr_addrs[PR_INET6] ? pr->pr_addrs[PR_INET6]->ips * in kern_jail_get()
2680 error = vfs_setopt(opts, "securelevel", &pr->pr_securelevel, in kern_jail_get()
2681 sizeof(pr->pr_securelevel)); in kern_jail_get()
2684 error = vfs_setopt(opts, "children.cur", &pr->pr_childcount, in kern_jail_get()
2685 sizeof(pr->pr_childcount)); in kern_jail_get()
2688 error = vfs_setopt(opts, "children.max", &pr->pr_childmax, in kern_jail_get()
2689 sizeof(pr->pr_childmax)); in kern_jail_get()
2692 error = vfs_setopts(opts, "host.hostname", pr->pr_hostname); in kern_jail_get()
2695 error = vfs_setopts(opts, "host.domainname", pr->pr_domainname); in kern_jail_get()
2698 error = vfs_setopts(opts, "host.hostuuid", pr->pr_hostuuid); in kern_jail_get()
2702 if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { in kern_jail_get()
2703 uint32_t hid32 = pr->pr_hostid; in kern_jail_get()
2708 error = vfs_setopt(opts, "host.hostid", &pr->pr_hostid, in kern_jail_get()
2709 sizeof(pr->pr_hostid)); in kern_jail_get()
2712 error = vfs_setopt(opts, "enforce_statfs", &pr->pr_enforce_statfs, in kern_jail_get()
2713 sizeof(pr->pr_enforce_statfs)); in kern_jail_get()
2716 error = vfs_setopt(opts, "devfs_ruleset", &pr->pr_devfs_rsnum, in kern_jail_get()
2717 sizeof(pr->pr_devfs_rsnum)); in kern_jail_get()
2723 i = (pr->pr_flags & bf->flag) ? 1 : 0; in kern_jail_get()
2724 error = vfs_setopt(opts, bf->name, &i, sizeof(i)); in kern_jail_get()
2728 error = vfs_setopt(opts, bf->noname, &i, sizeof(i)); in kern_jail_get()
2735 f = pr->pr_flags & (jsf->disable | jsf->new); in kern_jail_get()
2736 i = (f != 0 && f == jsf->disable) ? JAIL_SYS_DISABLE in kern_jail_get()
2737 : (f == jsf->new) ? JAIL_SYS_NEW in kern_jail_get()
2739 error = vfs_setopt(opts, jsf->name, &i, sizeof(i)); in kern_jail_get()
2745 atomic_load_int(&bf->flag) != 0; in kern_jail_get()
2747 i = (pr->pr_allow & bf->flag) ? 1 : 0; in kern_jail_get()
2748 error = vfs_setopt(opts, bf->name, &i, sizeof(i)); in kern_jail_get()
2752 error = vfs_setopt(opts, bf->noname, &i, sizeof(i)); in kern_jail_get()
2764 error = vfs_setopt(opts, "osreldate", &pr->pr_osreldate, in kern_jail_get()
2765 sizeof(pr->pr_osreldate)); in kern_jail_get()
2768 error = vfs_setopts(opts, "osrelease", pr->pr_osrelease); in kern_jail_get()
2773 mtx_unlock(&pr->pr_mtx); in kern_jail_get()
2784 if (!opt->seen && in kern_jail_get()
2785 (strstr(opt->name, JAIL_META_PRIVATE ".") == opt->name || in kern_jail_get()
2786 strstr(opt->name, JAIL_META_SHARED ".") == opt->name)) { in kern_jail_get()
2788 free(opt->value, M_MOUNT); in kern_jail_get()
2789 opt->value = NULL; in kern_jail_get()
2790 opt->len = 0; in kern_jail_get()
2793 if (!opt->seen && strcmp(opt->name, "errmsg")) { in kern_jail_get()
2795 vfs_opterror(opts, "unknown parameter: %s", opt->name); in kern_jail_get()
2803 if (opt->pos >= 0 && opt->pos != errmsg_pos) { in kern_jail_get()
2804 pos = 2 * opt->pos + 1; in kern_jail_get()
2805 optuio->uio_iov[pos].iov_len = opt->len; in kern_jail_get()
2806 if (opt->value != NULL) { in kern_jail_get()
2807 if (optuio->uio_segflg == UIO_SYSSPACE) { in kern_jail_get()
2808 bcopy(opt->value, in kern_jail_get()
2809 optuio->uio_iov[pos].iov_base, in kern_jail_get()
2810 opt->len); in kern_jail_get()
2812 error = copyout(opt->value, in kern_jail_get()
2813 optuio->uio_iov[pos].iov_base, in kern_jail_get()
2814 opt->len); in kern_jail_get()
2840 if (optuio->uio_segflg == UIO_SYSSPACE) in kern_jail_get()
2842 optuio->uio_iov[errmsg_pos].iov_base, in kern_jail_get()
2846 optuio->uio_iov[errmsg_pos].iov_base, in kern_jail_get()
2871 pr = prison_find_child(td->td_ucred->cr_prison, uap->jid); in sys_jail_remove()
2893 error = jaildesc_find(td, uap->fd, &pr, &jdcred); in sys_jail_remove_jd()
2903 mtx_lock(&pr->pr_mtx); in sys_jail_remove_jd()
2916 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_remove()
2936 pr = prison_find_child(td->td_ucred->cr_prison, uap->jid); in sys_jail_attach()
2944 mtx_unlock(&pr->pr_mtx); in sys_jail_attach()
2966 error = jaildesc_find(td, uap->fd, &pr, &jdcred); in sys_jail_attach_jd()
2974 mtx_lock(&pr->pr_mtx); in sys_jail_attach_jd()
2993 struct proc *p; in do_jail_attach()
2997 mtx_assert(&pr->pr_mtx, MA_OWNED); in do_jail_attach()
3012 refcount_acquire(&pr->pr_uref); in do_jail_attach()
3014 mtx_unlock(&pr->pr_mtx); in do_jail_attach()
3029 p = td->td_proc; in do_jail_attach()
3030 error = cpuset_setproc_update_set(p, pr->pr_cpuset); in do_jail_attach()
3034 vn_lock(pr->pr_root, LK_EXCLUSIVE | LK_RETRY); in do_jail_attach()
3035 if ((error = change_dir(pr->pr_root, td)) != 0) in do_jail_attach()
3038 if ((error = mac_vnode_check_chroot(td->td_ucred, pr->pr_root))) in do_jail_attach()
3041 VOP_UNLOCK(pr->pr_root); in do_jail_attach()
3042 if ((error = pwd_chroot_chdir(td, pr->pr_root))) in do_jail_attach()
3048 newcred->cr_prison = pr; in do_jail_attach()
3062 prison_proc_relink(oldcred->cr_prison, pr, p); in do_jail_attach()
3063 prison_deref(oldcred->cr_prison, drflags); in do_jail_attach()
3065 prison_knote(pr, NOTE_JAIL_ATTACH | td->td_proc->p_pid); in do_jail_attach()
3080 VOP_UNLOCK(pr->pr_root); in do_jail_attach()
3085 (void)osd_jail_call(td->td_ucred->cr_prison, PR_METHOD_ATTACH, td); in do_jail_attach()
3100 if (pr->pr_id < prid) in prison_find()
3102 if (pr->pr_id > prid) in prison_find()
3105 mtx_lock(&pr->pr_mtx); in prison_find()
3122 if (pr->pr_id == prid) { in prison_find_child()
3125 mtx_lock(&pr->pr_mtx); in prison_find_child()
3143 mylen = (mypr == &prison0) ? 0 : strlen(mypr->pr_name) + 1; in prison_find_name()
3146 if (!strcmp(pr->pr_name + mylen, name)) { in prison_find_name()
3150 mtx_lock(&pr->pr_mtx); in prison_find_name()
3156 /* There was no valid prison - perhaps there was a dying one. */ in prison_find_name()
3158 mtx_lock(&deadpr->pr_mtx); in prison_find_name()
3172 return ((cred->cr_prison->pr_flags & flag) != 0); in prison_flag()
3184 return ((cred->cr_prison->pr_allow & flag) != 0); in prison_allow()
3206 int was_valid = refcount_acquire_if_not_zero(&pr->pr_ref); in prison_hold()
3209 ("Trying to hold dead prison %p (jid=%d).", pr, pr->pr_id)); in prison_hold()
3211 refcount_acquire(&pr->pr_ref); in prison_hold()
3223 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_free_locked()
3228 mtx_unlock(&pr->pr_mtx); in prison_free_locked()
3236 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_free()
3238 pr, pr->pr_id)); in prison_free()
3239 if (!refcount_release_if_not_last(&pr->pr_ref)) { in prison_free()
3244 taskqueue_enqueue(taskqueue_jail_remove, &pr->pr_task); in prison_free()
3254 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_free_not_last()
3256 pr, pr->pr_id)); in prison_free_not_last()
3257 lastref = refcount_release(&pr->pr_ref); in prison_free_not_last()
3260 pr, pr->pr_id)); in prison_free_not_last()
3262 refcount_release(&pr->pr_ref); in prison_free_not_last()
3269 * user-visible, except through the jail system calls. It is also
3279 int was_alive = refcount_acquire_if_not_zero(&pr->pr_uref); in prison_proc_hold()
3282 ("Cannot add a process to a non-alive prison (jid=%d)", pr->pr_id)); in prison_proc_hold()
3284 refcount_acquire(&pr->pr_uref); in prison_proc_hold()
3302 KASSERT(refcount_load(&pr->pr_uref) > 0, in prison_proc_free()
3303 ("Trying to kill a process in a dead prison (jid=%d)", pr->pr_id)); in prison_proc_free()
3304 if (!refcount_release_if_not_last(&pr->pr_uref)) { in prison_proc_free()
3309 * prison_free() won't re-submit the task. in prison_proc_free()
3312 mtx_lock(&pr->pr_mtx); in prison_proc_free()
3313 KASSERT(!(pr->pr_flags & PR_COMPLETE_PROC), in prison_proc_free()
3315 pr->pr_id)); in prison_proc_free()
3316 pr->pr_flags |= PR_COMPLETE_PROC; in prison_proc_free()
3317 mtx_unlock(&pr->pr_mtx); in prison_proc_free()
3318 taskqueue_enqueue(taskqueue_jail_remove, &pr->pr_task); in prison_proc_free()
3328 KASSERT(refcount_load(&pr->pr_uref) > 0, in prison_proc_free_not_last()
3330 pr, pr->pr_id)); in prison_proc_free_not_last()
3331 lastref = refcount_release(&pr->pr_uref); in prison_proc_free_not_last()
3334 pr, pr->pr_id)); in prison_proc_free_not_last()
3336 refcount_release(&pr->pr_uref); in prison_proc_free_not_last()
3341 prison_proc_link(struct prison *pr, struct proc *p) in prison_proc_link()
3345 LIST_INSERT_HEAD(&pr->pr_proclist, p, p_jaillist); in prison_proc_link()
3349 prison_proc_unlink(struct prison *pr, struct proc *p) in prison_proc_unlink()
3357 prison_proc_relink(struct prison *opr, struct prison *npr, struct proc *p) in prison_proc_relink()
3380 if (pr->pr_flags & PR_COMPLETE_PROC) { in prison_complete()
3381 pr->pr_flags &= ~PR_COMPLETE_PROC; in prison_complete()
3388 prison_kill_processes_cb(struct proc *p, void *arg __unused) in prison_kill_processes_cb()
3399 prison_proc_iterate(struct prison *pr, void (*cb)(struct proc *, void *), in prison_proc_iterate() argument
3403 struct proc *p; in prison_proc_iterate()
3405 if (atomic_load_int(&pr->pr_childcount) == 0) { in prison_proc_iterate()
3407 LIST_FOREACH(p, &pr->pr_proclist, p_jaillist) { in prison_proc_iterate()
3408 if (p->p_state == PRS_NEW) in prison_proc_iterate()
3415 if (atomic_load_int(&pr->pr_childcount) == 0) in prison_proc_iterate()
3419 * system-wide search. in prison_proc_iterate()
3426 if (p->p_state != PRS_NEW && p->p_ucred != NULL) { in prison_proc_iterate()
3427 for (ppr = p->p_ucred->cr_prison; ppr != NULL; in prison_proc_iterate()
3428 ppr = ppr->pr_parent) { in prison_proc_iterate()
3443 * with no non-sleeping locks held, except perhaps the prison itself.
3466 /* Silently ignore already-dying prisons. */ in prison_deref()
3479 KASSERT(refcount_load(&pr->pr_uref) > 0, in prison_deref()
3481 pr->pr_id)); in prison_deref()
3482 if (!refcount_release_if_not_last(&pr->pr_uref)) { in prison_deref()
3488 if (refcount_release(&pr->pr_uref) && in prison_deref()
3489 pr->pr_state == PRISON_STATE_ALIVE) { in prison_deref()
3497 pr->pr_state = PRISON_STATE_DYING; in prison_deref()
3499 mtx_unlock(&pr->pr_mtx); in prison_deref()
3511 if (refcount_load(&pr->pr_uref) > 0) in prison_deref()
3518 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_deref()
3520 pr->pr_id)); in prison_deref()
3521 if (!refcount_release_if_not_last(&pr->pr_ref)) { in prison_deref()
3523 if (refcount_release(&pr->pr_ref)) { in prison_deref()
3529 refcount_load(&pr->pr_uref) == 0, in prison_deref()
3532 pr->pr_uref, pr->pr_id)); in prison_deref()
3536 pr->pr_state = PRISON_STATE_INVALID; in prison_deref()
3541 for (ppr = pr->pr_parent; in prison_deref()
3543 ppr = ppr->pr_parent) in prison_deref()
3544 ppr->pr_childcount--; in prison_deref()
3549 ppr = pr->pr_parent; in prison_deref()
3550 pr->pr_parent = NULL; in prison_deref()
3551 mtx_unlock(&pr->pr_mtx); in prison_deref()
3565 mtx_unlock(&pr->pr_mtx); in prison_deref()
3581 if (rpr->pr_flags & PR_VNET) in prison_deref()
3582 vnet_destroy(rpr->pr_vnet); in prison_deref()
3584 if (rpr->pr_root != NULL) in prison_deref()
3585 vrele(rpr->pr_root); in prison_deref()
3586 mtx_destroy(&rpr->pr_mtx); in prison_deref()
3588 prison_ip_free(rpr->pr_addrs[PR_INET]); in prison_deref()
3591 prison_ip_free(rpr->pr_addrs[PR_INET6]); in prison_deref()
3593 if (rpr->pr_cpuset != NULL) in prison_deref()
3594 cpuset_rel(rpr->pr_cpuset); in prison_deref()
3620 KASSERT(refcount_load(&pr->pr_ref) > 0, in prison_deref_kill()
3622 pr, pr->pr_id)); in prison_deref_kill()
3623 refcount_acquire(&pr->pr_uref); in prison_deref_kill()
3624 pr->pr_state = PRISON_STATE_DYING; in prison_deref_kill()
3625 mtx_unlock(&pr->pr_mtx); in prison_deref_kill()
3636 mtx_lock(&cpr->pr_mtx); in prison_deref_kill()
3637 cpr->pr_state = PRISON_STATE_DYING; in prison_deref_kill()
3638 cpr->pr_flags |= PR_REMOVE; in prison_deref_kill()
3639 mtx_unlock(&cpr->pr_mtx); in prison_deref_kill()
3642 if (!(cpr->pr_flags & PR_REMOVE)) in prison_deref_kill()
3645 mtx_lock(&cpr->pr_mtx); in prison_deref_kill()
3647 cpr->pr_flags &= ~PR_REMOVE; in prison_deref_kill()
3648 if (cpr->pr_flags & PR_PERSIST) { in prison_deref_kill()
3649 cpr->pr_flags &= ~PR_PERSIST; in prison_deref_kill()
3653 (void)refcount_release(&cpr->pr_uref); in prison_deref_kill()
3654 if (refcount_release(&cpr->pr_ref)) { in prison_deref_kill()
3664 rpr->pr_state = PRISON_STATE_INVALID; in prison_deref_kill()
3670 ppr = rpr->pr_parent; in prison_deref_kill()
3673 for (; ppr != NULL; ppr = ppr->pr_parent) in prison_deref_kill()
3674 ppr->pr_childcount--; in prison_deref_kill()
3676 mtx_unlock(&cpr->pr_mtx); in prison_deref_kill()
3682 mtx_lock(&pr->pr_mtx); in prison_deref_kill()
3684 if (pr->pr_flags & PR_PERSIST) { in prison_deref_kill()
3685 pr->pr_flags &= ~PR_PERSIST; in prison_deref_kill()
3689 (void)refcount_release(&pr->pr_uref); in prison_deref_kill()
3707 mtx_unlock(&pr->pr_mtx); in prison_lock_xlock()
3722 mtx_lock(&pr->pr_mtx); in prison_lock_xlock()
3737 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_cleanup_locked()
3739 knlist_detach(pr->pr_klist); in prison_cleanup_locked()
3741 pr->pr_klist = NULL; in prison_cleanup_locked()
3748 mtx_assert(&pr->pr_mtx, MA_NOTOWNED); in prison_cleanup_unlocked()
3763 pr = cred->cr_prison; in prison_set_allow()
3765 mtx_lock(&pr->pr_mtx); in prison_set_allow()
3767 mtx_unlock(&pr->pr_mtx); in prison_set_allow()
3778 pr->pr_allow |= flag; in prison_set_allow_locked()
3780 pr->pr_allow &= ~flag; in prison_set_allow_locked()
3782 cpr->pr_allow &= ~flag; in prison_set_allow_locked()
3800 pr = cred->cr_prison; in prison_check_af()
3812 if (pr->pr_flags & PR_IP4) in prison_check_af()
3814 mtx_lock(&pr->pr_mtx); in prison_check_af()
3815 if ((pr->pr_flags & PR_IP4) && in prison_check_af()
3816 pr->pr_addrs[PR_INET] == NULL) in prison_check_af()
3818 mtx_unlock(&pr->pr_mtx); in prison_check_af()
3824 if (pr->pr_flags & PR_IP6) in prison_check_af()
3826 mtx_lock(&pr->pr_mtx); in prison_check_af()
3827 if ((pr->pr_flags & PR_IP6) && in prison_check_af()
3828 pr->pr_addrs[PR_INET6] == NULL) in prison_check_af()
3830 mtx_unlock(&pr->pr_mtx); in prison_check_af()
3839 if (!(pr->pr_allow & PR_ALLOW_SOCKET_AF)) in prison_check_af()
3868 if (prison_owns_vnet(cred->cr_prison)) in prison_if()
3873 switch (sa->sa_family) in prison_if()
3878 error = prison_check_ip4(cred, &sai->sin_addr); in prison_if()
3884 error = prison_check_ip6(cred, &sai6->sin6_addr); in prison_if()
3888 if (!(cred->cr_prison->pr_allow & PR_ALLOW_SOCKET_AF)) in prison_if()
3901 return ((cred1->cr_prison == cred2->cr_prison || in prison_check()
3902 prison_ischild(cred1->cr_prison, cred2->cr_prison)) ? 0 : ESRCH); in prison_check()
3907 * - A vnet prison.
3908 * - PR_ALLOW_NFSD must be set on it.
3909 * - The root directory (pr_root) of the prison must be
3912 * - The prison's enforce_statfs cannot be 0, so that
3923 if ((cred->cr_prison->pr_root->v_vflag & VV_ROOT) == 0) in prison_check_nfsd()
3925 if (cred->cr_prison->pr_enforce_statfs == 0) in prison_check_nfsd()
3937 for (pr2 = pr2->pr_parent; pr2 != NULL; pr2 = pr2->pr_parent) in prison_ischild()
3951 if (__predict_false(pr->pr_state != PRISON_STATE_ALIVE)) in prison_isalive()
3967 if (__predict_false(pr->pr_state == PRISON_STATE_INVALID)) in prison_isvalid()
3969 if (__predict_false(refcount_load(&pr->pr_ref) == 0)) in prison_isvalid()
3985 if (prison_owns_vnet(cred->cr_prison)) in jailed_without_vnet()
4004 pr = (cred != NULL) ? cred->cr_prison : &prison0; in getcredhostname()
4005 mtx_lock(&pr->pr_mtx); in getcredhostname()
4006 strlcpy(buf, pr->pr_hostname, size); in getcredhostname()
4007 mtx_unlock(&pr->pr_mtx); in getcredhostname()
4014 mtx_lock(&cred->cr_prison->pr_mtx); in getcreddomainname()
4015 strlcpy(buf, cred->cr_prison->pr_domainname, size); in getcreddomainname()
4016 mtx_unlock(&cred->cr_prison->pr_mtx); in getcreddomainname()
4023 mtx_lock(&cred->cr_prison->pr_mtx); in getcredhostuuid()
4024 strlcpy(buf, cred->cr_prison->pr_hostuuid, size); in getcredhostuuid()
4025 mtx_unlock(&cred->cr_prison->pr_mtx); in getcredhostuuid()
4032 mtx_lock(&cred->cr_prison->pr_mtx); in getcredhostid()
4033 *hostid = cred->cr_prison->pr_hostid; in getcredhostid()
4034 mtx_unlock(&cred->cr_prison->pr_mtx); in getcredhostid()
4041 mtx_lock(&cred->cr_prison->pr_mtx); in getjailname()
4042 strlcpy(name, cred->cr_prison->pr_name, len); in getjailname()
4043 mtx_unlock(&cred->cr_prison->pr_mtx); in getjailname()
4058 return ((pr->pr_flags & PR_VNET) != 0); in prison_owns_vnet()
4076 pr = cred->cr_prison; in prison_canseemount()
4077 if (pr->pr_enforce_statfs == 0) in prison_canseemount()
4079 if (pr->pr_root->v_mount == mp) in prison_canseemount()
4081 if (pr->pr_enforce_statfs == 2) in prison_canseemount()
4085 * all mount-points from inside a jail. in prison_canseemount()
4089 if (strcmp(pr->pr_path, "/") == 0) in prison_canseemount()
4091 len = strlen(pr->pr_path); in prison_canseemount()
4092 sp = &mp->mnt_stat; in prison_canseemount()
4093 if (strncmp(pr->pr_path, sp->f_mntonname, len) != 0) in prison_canseemount()
4099 if (sp->f_mntonname[len] != '\0' && sp->f_mntonname[len] != '/') in prison_canseemount()
4111 pr = cred->cr_prison; in prison_enforce_statfs()
4112 if (pr->pr_enforce_statfs == 0) in prison_enforce_statfs()
4115 bzero(sp->f_mntonname, sizeof(sp->f_mntonname)); in prison_enforce_statfs()
4116 strlcpy(sp->f_mntonname, "[restricted]", in prison_enforce_statfs()
4117 sizeof(sp->f_mntonname)); in prison_enforce_statfs()
4120 if (pr->pr_root->v_mount == mp) { in prison_enforce_statfs()
4125 bzero(sp->f_mntonname, sizeof(sp->f_mntonname)); in prison_enforce_statfs()
4126 *sp->f_mntonname = '/'; in prison_enforce_statfs()
4131 * all mount-points from inside a jail. in prison_enforce_statfs()
4133 if (strcmp(pr->pr_path, "/") == 0) in prison_enforce_statfs()
4135 len = strlen(pr->pr_path); in prison_enforce_statfs()
4136 strlcpy(jpath, sp->f_mntonname + len, sizeof(jpath)); in prison_enforce_statfs()
4141 bzero(sp->f_mntonname, sizeof(sp->f_mntonname)); in prison_enforce_statfs()
4144 *sp->f_mntonname = '/'; in prison_enforce_statfs()
4146 strlcpy(sp->f_mntonname, jpath, sizeof(sp->f_mntonname)); in prison_enforce_statfs()
4182 * NFS-specific privileges. in prison_priv_check()
4229 * 802.11-related privileges. in prison_priv_check()
4290 if (cred->cr_prison->pr_flags & PR_VNET) in prison_priv_check()
4309 if (cred->cr_prison->pr_allow & PR_ALLOW_SETAUDIT) in prison_priv_check()
4334 * jailed root to override uid/gid-based constraints. in prison_priv_check()
4341 * Jail implements inter-process debugging limits already, so in prison_priv_check()
4379 * Jail implements its own inter-process limits, so allow in prison_priv_check()
4407 * Be careful to exclude mount-related and NFS-related in prison_priv_check()
4426 * As in the non-jail case, non-root users are expected to be in prison_priv_check()
4438 if (cred->cr_prison->pr_allow & PR_ALLOW_CHFLAGS) in prison_priv_check()
4451 pr = cred->cr_prison; in prison_priv_check()
4453 if (pr->pr_allow & PR_ALLOW_MOUNT && pr->pr_enforce_statfs < 2) in prison_priv_check()
4474 if ((cred->cr_prison->pr_allow & PR_ALLOW_EXTATTR) != 0) in prison_priv_check()
4485 if (cred->cr_prison->pr_allow & PR_ALLOW_MLOCK) in prison_priv_check()
4494 if (cred->cr_prison->pr_allow & PR_ALLOW_RESERVED_PORTS) in prison_priv_check()
4500 * Allow jailed root to reuse in-use ports. in prison_priv_check()
4515 if (cred->cr_prison->pr_allow & PR_ALLOW_RAW_SOCKETS) in prison_priv_check()
4539 if (cred->cr_prison->pr_allow & PR_ALLOW_READ_MSGBUF) in prison_priv_check()
4549 if (cred->cr_prison->pr_allow & in prison_priv_check()
4561 if (cred->cr_prison->pr_allow & PR_ALLOW_SETTIME) in prison_priv_check()
4571 if (cred->cr_prison->pr_allow & PR_ALLOW_ROUTING) in prison_priv_check()
4599 name = pr2->pr_name; in prison_name()
4604 * can be counted on - and counted. in prison_name()
4606 for (; pr1 != &prison0; pr1 = pr1->pr_parent) in prison_name()
4622 path1 = pr1->pr_path; in prison_path()
4623 path2 = pr2->pr_path; in prison_path()
4637 * Jail-related sysctls.
4644 * Copy address array to memory that would be then SYSCTL_OUT-ed.
4654 mtx_assert(&pr->pr_mtx, MA_OWNED); in prison_ip_copyout()
4655 if ((pip = pr->pr_addrs[af]) != NULL) { in prison_ip_copyout()
4656 if (*len < pip->ips) { in prison_ip_copyout()
4657 *len = pip->ips; in prison_ip_copyout()
4658 mtx_unlock(&pr->pr_mtx); in prison_ip_copyout()
4660 mtx_lock(&pr->pr_mtx); in prison_ip_copyout()
4663 bcopy(pip->pr_ip, *out, pip->ips * size); in prison_ip_copyout()
4684 pr = req->td->td_ucred->cr_prison; in sysctl_jail_list()
4688 mtx_lock(&cpr->pr_mtx); in sysctl_jail_list()
4696 xp->pr_version = XPRISON_VERSION; in sysctl_jail_list()
4697 xp->pr_id = cpr->pr_id; in sysctl_jail_list()
4698 xp->pr_state = cpr->pr_state; in sysctl_jail_list()
4699 strlcpy(xp->pr_path, prison_path(pr, cpr), sizeof(xp->pr_path)); in sysctl_jail_list()
4700 strlcpy(xp->pr_host, cpr->pr_hostname, sizeof(xp->pr_host)); in sysctl_jail_list()
4701 strlcpy(xp->pr_name, prison_name(pr, cpr), sizeof(xp->pr_name)); in sysctl_jail_list()
4703 xp->pr_ip4s = ip4s; in sysctl_jail_list()
4706 xp->pr_ip6s = ip6s; in sysctl_jail_list()
4708 mtx_unlock(&cpr->pr_mtx); in sysctl_jail_list()
4713 if (xp->pr_ip4s > 0) { in sysctl_jail_list()
4715 xp->pr_ip4s * sizeof(struct in_addr)); in sysctl_jail_list()
4721 if (xp->pr_ip6s > 0) { in sysctl_jail_list()
4723 xp->pr_ip6s * sizeof(struct in6_addr)); in sysctl_jail_list()
4749 injail = jailed(req->td->td_ucred); in sysctl_jail_jailed()
4764 struct ucred *cred = req->td->td_ucred; in sysctl_jail_vnet()
4766 havevnet = jailed(cred) && prison_owns_vnet(cred->cr_prison); in sysctl_jail_vnet()
4796 if (req->td->td_ucred->cr_prison == &prison0) { in sysctl_jail_default_allow()
4801 i = prison_allow(req->td->td_ucred, arg2); in sysctl_jail_default_allow()
4806 if (error || !req->newptr) in sysctl_jail_default_allow()
4844 "Processes in jail can mount/unmount jail-friendly file systems (deprecated)");
4856 pr = req->td->td_ucred->cr_prison; in sysctl_jail_default_level()
4859 if (error || !req->newptr) in sysctl_jail_default_level()
4886 pr = req->td->td_ucred->cr_prison; in sysctl_jail_children()
4888 switch (oidp->oid_kind & CTLTYPE) { in sysctl_jail_children()
4922 switch (oidp->oid_kind & CTLTYPE) in sysctl_jail_param()
4928 if (!(req->flags & SCTL_MASK32)) in sysctl_jail_param()
4957 "Jail value for kern.osreldate and uname -K");
4959 "Jail value for kern.osrelease and uname -r");
4963 "I", "Ruleset for in-jail devfs mounts");
5034 "Unprivileged parent jail processes may tamper with same-uid processes"
5043 "B", "Jail may set system-level filesystem extended attributes");
5057 "B", "Jail may mount/unmount jail-friendly file systems in general");
5094 atomic_load_int(&bf->flag) != 0; in prison_add_allow()
5096 if (strcmp(bf->name, allow_name) == 0) { in prison_add_allow()
5097 allow_flag = bf->flag; in prison_add_allow()
5121 if (atomic_load_int(&bf->flag) == 0) in prison_add_allow()
5124 bf->name = allow_name; in prison_add_allow()
5125 bf->noname = allow_noname; in prison_add_allow()
5133 atomic_store_rel_int(&bf->flag, allow_flag); in prison_add_allow()
5137 * Create sysctls for the parameter, and the back-compat global in prison_add_allow()
5174 * The VFS system will register jail-aware filesystems here. They each get
5183 vfsp->vfc_prison_flag = prison_add_allow("mount", vfsp->vfc_name, in prison_add_vfs()
5189 vfsp->vfc_name); in prison_add_vfs()
5190 vfsp->vfc_prison_flag = prison_add_allow("mount", vfsp->vfc_name, in prison_add_vfs()
5210 (callback)(prr->prr_racct, arg2, arg3); in prison_racct_foreach()
5228 if (strcmp(name, prr->prr_name) != 0) in prison_racct_find_locked()
5238 racct_create(&prr->prr_racct); in prison_racct_find_locked()
5240 strcpy(prr->prr_name, name); in prison_racct_find_locked()
5241 refcount_init(&prr->prr_refcount, 1); in prison_racct_find_locked()
5266 refcount_acquire(&prr->prr_refcount); in prison_racct_hold()
5276 if (refcount_release(&prr->prr_refcount)) { in prison_racct_free_locked()
5277 racct_destroy(&prr->prr_racct); in prison_racct_free_locked()
5290 if (refcount_release_if_not_last(&prr->prr_refcount)) in prison_racct_free()
5306 prr = prison_racct_find_locked(pr->pr_name); in prison_racct_attach()
5309 pr->pr_prison_racct = prr; in prison_racct_attach()
5320 struct proc *p; in prison_racct_modify()
5330 if (strcmp(pr->pr_name, pr->pr_prison_racct->prr_name) == 0) { in prison_racct_modify()
5336 oldprr = pr->pr_prison_racct; in prison_racct_modify()
5337 pr->pr_prison_racct = NULL; in prison_racct_modify()
5344 racct_move(pr->pr_prison_racct->prr_racct, oldprr->prr_racct); in prison_racct_modify()
5352 cred = crhold(p->p_ucred); in prison_racct_modify()
5371 if (pr->pr_prison_racct == NULL) in prison_racct_detach()
5373 prison_racct_free(pr->pr_prison_racct); in prison_racct_detach()
5374 pr->pr_prison_racct = NULL; in prison_racct_detach()
5386 locked = mtx_owned(&pr->pr_mtx); in prison_knote()
5388 mtx_lock(&pr->pr_mtx); in prison_knote()
5389 KNOTE_LOCKED(pr->pr_klist, hint); in prison_knote()
5392 mtx_unlock(&pr->pr_mtx); in prison_knote()
5415 db_printf(" jid = %d\n", pr->pr_id); in db_show_prison()
5416 db_printf(" name = %s\n", pr->pr_name); in db_show_prison()
5417 db_printf(" parent = %p\n", pr->pr_parent); in db_show_prison()
5418 db_printf(" ref = %d\n", pr->pr_ref); in db_show_prison()
5419 db_printf(" uref = %d\n", pr->pr_uref); in db_show_prison()
5421 pr->pr_state == PRISON_STATE_ALIVE ? "alive" : in db_show_prison()
5422 pr->pr_state == PRISON_STATE_DYING ? "dying" : in db_show_prison()
5424 db_printf(" path = %s\n", pr->pr_path); in db_show_prison()
5425 db_printf(" cpuset = %d\n", pr->pr_cpuset in db_show_prison()
5426 ? pr->pr_cpuset->cs_id : -1); in db_show_prison()
5428 db_printf(" vnet = %p\n", pr->pr_vnet); in db_show_prison()
5430 db_printf(" root = %p\n", pr->pr_root); in db_show_prison()
5431 db_printf(" securelevel = %d\n", pr->pr_securelevel); in db_show_prison()
5432 db_printf(" devfs_rsnum = %d\n", pr->pr_devfs_rsnum); in db_show_prison()
5433 db_printf(" children.max = %d\n", pr->pr_childmax); in db_show_prison()
5434 db_printf(" children.cur = %d\n", pr->pr_childcount); in db_show_prison()
5435 db_printf(" child = %p\n", LIST_FIRST(&pr->pr_children)); in db_show_prison()
5437 db_printf(" flags = 0x%x", pr->pr_flags); in db_show_prison()
5439 if (pr->pr_flags & bf->flag) in db_show_prison()
5440 db_printf(" %s", bf->name); in db_show_prison()
5444 f = pr->pr_flags & (jsf->disable | jsf->new); in db_show_prison()
5445 db_printf(" %-16s= %s\n", jsf->name, in db_show_prison()
5446 (f != 0 && f == jsf->disable) ? "disable" in db_show_prison()
5447 : (f == jsf->new) ? "new" in db_show_prison()
5450 db_printf(" allow = 0x%x", pr->pr_allow); in db_show_prison()
5453 atomic_load_int(&bf->flag) != 0; in db_show_prison()
5455 if (pr->pr_allow & bf->flag) in db_show_prison()
5456 db_printf(" %s", bf->name); in db_show_prison()
5458 db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs); in db_show_prison()
5459 db_printf(" host.hostname = %s\n", pr->pr_hostname); in db_show_prison()
5460 db_printf(" host.domainname = %s\n", pr->pr_domainname); in db_show_prison()
5461 db_printf(" host.hostuuid = %s\n", pr->pr_hostuuid); in db_show_prison()
5462 db_printf(" host.hostid = %lu\n", pr->pr_hostid); in db_show_prison()
5464 if ((pip = pr->pr_addrs[PR_INET]) != NULL) { in db_show_prison()
5465 db_printf(" ip4s = %d\n", pip->ips); in db_show_prison()
5466 for (ii = 0; ii < pip->ips; ii++) in db_show_prison()
5475 if ((pip = pr->pr_addrs[PR_INET6]) != NULL) { in db_show_prison()
5476 db_printf(" ip6s = %d\n", pip->ips); in db_show_prison()
5477 for (ii = 0; ii < pip->ips; ii++) in db_show_prison()
5511 if (pr->pr_id == addr && pr->pr_ref > 0) in DB_SHOW_COMMAND()
5516 if (pr->pr_id == addr) in DB_SHOW_COMMAND()