1 /*- 2 * ---------------------------------------------------------------------------- 3 * "THE BEER-WARE LICENSE" (Revision 42): 4 * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you 5 * can do whatever you want with this stuff. If we meet some day, and you think 6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp 7 * ---------------------------------------------------------------------------- 8 */ 9 10 #include <sys/cdefs.h> 11 __FBSDID("$FreeBSD$"); 12 13 #include "opt_mac.h" 14 15 #include <sys/param.h> 16 #include <sys/types.h> 17 #include <sys/kernel.h> 18 #include <sys/systm.h> 19 #include <sys/errno.h> 20 #include <sys/sysproto.h> 21 #include <sys/malloc.h> 22 #include <sys/priv.h> 23 #include <sys/proc.h> 24 #include <sys/taskqueue.h> 25 #include <sys/jail.h> 26 #include <sys/lock.h> 27 #include <sys/mutex.h> 28 #include <sys/namei.h> 29 #include <sys/mount.h> 30 #include <sys/queue.h> 31 #include <sys/socket.h> 32 #include <sys/syscallsubr.h> 33 #include <sys/sysctl.h> 34 #include <sys/vnode.h> 35 #include <net/if.h> 36 #include <netinet/in.h> 37 38 #include <security/mac/mac_framework.h> 39 40 MALLOC_DEFINE(M_PRISON, "prison", "Prison structures"); 41 42 SYSCTL_NODE(_security, OID_AUTO, jail, CTLFLAG_RW, 0, 43 "Jail rules"); 44 45 int jail_set_hostname_allowed = 1; 46 SYSCTL_INT(_security_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW, 47 &jail_set_hostname_allowed, 0, 48 "Processes in jail can set their hostnames"); 49 50 int jail_socket_unixiproute_only = 1; 51 SYSCTL_INT(_security_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW, 52 &jail_socket_unixiproute_only, 0, 53 "Processes in jail are limited to creating UNIX/IPv4/route sockets only"); 54 55 int jail_sysvipc_allowed = 0; 56 SYSCTL_INT(_security_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW, 57 &jail_sysvipc_allowed, 0, 58 "Processes in jail can use System V IPC primitives"); 59 60 static int jail_enforce_statfs = 2; 61 SYSCTL_INT(_security_jail, OID_AUTO, enforce_statfs, CTLFLAG_RW, 62 &jail_enforce_statfs, 0, 63 "Processes in jail cannot see all mounted file systems"); 64 65 int jail_allow_raw_sockets = 0; 66 SYSCTL_INT(_security_jail, OID_AUTO, allow_raw_sockets, CTLFLAG_RW, 67 &jail_allow_raw_sockets, 0, 68 "Prison root can create raw sockets"); 69 70 int jail_chflags_allowed = 0; 71 SYSCTL_INT(_security_jail, OID_AUTO, chflags_allowed, CTLFLAG_RW, 72 &jail_chflags_allowed, 0, 73 "Processes in jail can alter system file flags"); 74 75 /* allprison, lastprid, and prisoncount are protected by allprison_mtx. */ 76 struct prisonlist allprison; 77 struct mtx allprison_mtx; 78 int lastprid = 0; 79 int prisoncount = 0; 80 81 static void init_prison(void *); 82 static void prison_complete(void *context, int pending); 83 static struct prison *prison_find(int); 84 static int sysctl_jail_list(SYSCTL_HANDLER_ARGS); 85 86 static void 87 init_prison(void *data __unused) 88 { 89 90 mtx_init(&allprison_mtx, "allprison", NULL, MTX_DEF); 91 LIST_INIT(&allprison); 92 } 93 94 SYSINIT(prison, SI_SUB_INTRINSIC, SI_ORDER_ANY, init_prison, NULL); 95 96 /* 97 * struct jail_args { 98 * struct jail *jail; 99 * }; 100 */ 101 int 102 jail(struct thread *td, struct jail_args *uap) 103 { 104 struct nameidata nd; 105 struct prison *pr, *tpr; 106 struct jail j; 107 struct jail_attach_args jaa; 108 int vfslocked, error, tryprid; 109 110 error = copyin(uap->jail, &j, sizeof(j)); 111 if (error) 112 return (error); 113 if (j.version != 0) 114 return (EINVAL); 115 116 MALLOC(pr, struct prison *, sizeof(*pr), M_PRISON, M_WAITOK | M_ZERO); 117 mtx_init(&pr->pr_mtx, "jail mutex", NULL, MTX_DEF); 118 pr->pr_ref = 1; 119 error = copyinstr(j.path, &pr->pr_path, sizeof(pr->pr_path), 0); 120 if (error) 121 goto e_killmtx; 122 NDINIT(&nd, LOOKUP, MPSAFE | FOLLOW | LOCKLEAF, UIO_SYSSPACE, 123 pr->pr_path, td); 124 error = namei(&nd); 125 if (error) 126 goto e_killmtx; 127 vfslocked = NDHASGIANT(&nd); 128 pr->pr_root = nd.ni_vp; 129 VOP_UNLOCK(nd.ni_vp, 0, td); 130 NDFREE(&nd, NDF_ONLY_PNBUF); 131 VFS_UNLOCK_GIANT(vfslocked); 132 error = copyinstr(j.hostname, &pr->pr_host, sizeof(pr->pr_host), 0); 133 if (error) 134 goto e_dropvnref; 135 pr->pr_ip = j.ip_number; 136 pr->pr_linux = NULL; 137 pr->pr_securelevel = securelevel; 138 139 /* Determine next pr_id and add prison to allprison list. */ 140 mtx_lock(&allprison_mtx); 141 tryprid = lastprid + 1; 142 if (tryprid == JAIL_MAX) 143 tryprid = 1; 144 next: 145 LIST_FOREACH(tpr, &allprison, pr_list) { 146 if (tpr->pr_id == tryprid) { 147 tryprid++; 148 if (tryprid == JAIL_MAX) { 149 mtx_unlock(&allprison_mtx); 150 error = EAGAIN; 151 goto e_dropvnref; 152 } 153 goto next; 154 } 155 } 156 pr->pr_id = jaa.jid = lastprid = tryprid; 157 LIST_INSERT_HEAD(&allprison, pr, pr_list); 158 prisoncount++; 159 mtx_unlock(&allprison_mtx); 160 161 error = jail_attach(td, &jaa); 162 if (error) 163 goto e_dropprref; 164 mtx_lock(&pr->pr_mtx); 165 pr->pr_ref--; 166 mtx_unlock(&pr->pr_mtx); 167 td->td_retval[0] = jaa.jid; 168 return (0); 169 e_dropprref: 170 mtx_lock(&allprison_mtx); 171 LIST_REMOVE(pr, pr_list); 172 prisoncount--; 173 mtx_unlock(&allprison_mtx); 174 e_dropvnref: 175 vfslocked = VFS_LOCK_GIANT(pr->pr_root->v_mount); 176 vrele(pr->pr_root); 177 VFS_UNLOCK_GIANT(vfslocked); 178 e_killmtx: 179 mtx_destroy(&pr->pr_mtx); 180 FREE(pr, M_PRISON); 181 return (error); 182 } 183 184 /* 185 * struct jail_attach_args { 186 * int jid; 187 * }; 188 */ 189 int 190 jail_attach(struct thread *td, struct jail_attach_args *uap) 191 { 192 struct proc *p; 193 struct ucred *newcred, *oldcred; 194 struct prison *pr; 195 int vfslocked, error; 196 197 /* 198 * XXX: Note that there is a slight race here if two threads 199 * in the same privileged process attempt to attach to two 200 * different jails at the same time. It is important for 201 * user processes not to do this, or they might end up with 202 * a process root from one prison, but attached to the jail 203 * of another. 204 */ 205 error = priv_check(td, PRIV_JAIL_ATTACH); 206 if (error) 207 return (error); 208 209 p = td->td_proc; 210 mtx_lock(&allprison_mtx); 211 pr = prison_find(uap->jid); 212 if (pr == NULL) { 213 mtx_unlock(&allprison_mtx); 214 return (EINVAL); 215 } 216 pr->pr_ref++; 217 mtx_unlock(&pr->pr_mtx); 218 mtx_unlock(&allprison_mtx); 219 220 vfslocked = VFS_LOCK_GIANT(pr->pr_root->v_mount); 221 vn_lock(pr->pr_root, LK_EXCLUSIVE | LK_RETRY, td); 222 if ((error = change_dir(pr->pr_root, td)) != 0) 223 goto e_unlock; 224 #ifdef MAC 225 if ((error = mac_check_vnode_chroot(td->td_ucred, pr->pr_root))) 226 goto e_unlock; 227 #endif 228 VOP_UNLOCK(pr->pr_root, 0, td); 229 change_root(pr->pr_root, td); 230 VFS_UNLOCK_GIANT(vfslocked); 231 232 newcred = crget(); 233 PROC_LOCK(p); 234 oldcred = p->p_ucred; 235 setsugid(p); 236 crcopy(newcred, oldcred); 237 newcred->cr_prison = pr; 238 p->p_ucred = newcred; 239 PROC_UNLOCK(p); 240 crfree(oldcred); 241 return (0); 242 e_unlock: 243 VOP_UNLOCK(pr->pr_root, 0, td); 244 VFS_UNLOCK_GIANT(vfslocked); 245 mtx_lock(&pr->pr_mtx); 246 pr->pr_ref--; 247 mtx_unlock(&pr->pr_mtx); 248 return (error); 249 } 250 251 /* 252 * Returns a locked prison instance, or NULL on failure. 253 */ 254 static struct prison * 255 prison_find(int prid) 256 { 257 struct prison *pr; 258 259 mtx_assert(&allprison_mtx, MA_OWNED); 260 LIST_FOREACH(pr, &allprison, pr_list) { 261 if (pr->pr_id == prid) { 262 mtx_lock(&pr->pr_mtx); 263 return (pr); 264 } 265 } 266 return (NULL); 267 } 268 269 void 270 prison_free(struct prison *pr) 271 { 272 273 mtx_lock(&allprison_mtx); 274 mtx_lock(&pr->pr_mtx); 275 pr->pr_ref--; 276 if (pr->pr_ref == 0) { 277 LIST_REMOVE(pr, pr_list); 278 mtx_unlock(&pr->pr_mtx); 279 prisoncount--; 280 mtx_unlock(&allprison_mtx); 281 282 TASK_INIT(&pr->pr_task, 0, prison_complete, pr); 283 taskqueue_enqueue(taskqueue_thread, &pr->pr_task); 284 return; 285 } 286 mtx_unlock(&pr->pr_mtx); 287 mtx_unlock(&allprison_mtx); 288 } 289 290 static void 291 prison_complete(void *context, int pending) 292 { 293 struct prison *pr; 294 int vfslocked; 295 296 pr = (struct prison *)context; 297 298 vfslocked = VFS_LOCK_GIANT(pr->pr_root->v_mount); 299 vrele(pr->pr_root); 300 VFS_UNLOCK_GIANT(vfslocked); 301 302 mtx_destroy(&pr->pr_mtx); 303 if (pr->pr_linux != NULL) 304 FREE(pr->pr_linux, M_PRISON); 305 FREE(pr, M_PRISON); 306 } 307 308 void 309 prison_hold(struct prison *pr) 310 { 311 312 mtx_lock(&pr->pr_mtx); 313 pr->pr_ref++; 314 mtx_unlock(&pr->pr_mtx); 315 } 316 317 u_int32_t 318 prison_getip(struct ucred *cred) 319 { 320 321 return (cred->cr_prison->pr_ip); 322 } 323 324 int 325 prison_ip(struct ucred *cred, int flag, u_int32_t *ip) 326 { 327 u_int32_t tmp; 328 329 if (!jailed(cred)) 330 return (0); 331 if (flag) 332 tmp = *ip; 333 else 334 tmp = ntohl(*ip); 335 if (tmp == INADDR_ANY) { 336 if (flag) 337 *ip = cred->cr_prison->pr_ip; 338 else 339 *ip = htonl(cred->cr_prison->pr_ip); 340 return (0); 341 } 342 if (tmp == INADDR_LOOPBACK) { 343 if (flag) 344 *ip = cred->cr_prison->pr_ip; 345 else 346 *ip = htonl(cred->cr_prison->pr_ip); 347 return (0); 348 } 349 if (cred->cr_prison->pr_ip != tmp) 350 return (1); 351 return (0); 352 } 353 354 void 355 prison_remote_ip(struct ucred *cred, int flag, u_int32_t *ip) 356 { 357 u_int32_t tmp; 358 359 if (!jailed(cred)) 360 return; 361 if (flag) 362 tmp = *ip; 363 else 364 tmp = ntohl(*ip); 365 if (tmp == INADDR_LOOPBACK) { 366 if (flag) 367 *ip = cred->cr_prison->pr_ip; 368 else 369 *ip = htonl(cred->cr_prison->pr_ip); 370 return; 371 } 372 return; 373 } 374 375 int 376 prison_if(struct ucred *cred, struct sockaddr *sa) 377 { 378 struct sockaddr_in *sai; 379 int ok; 380 381 sai = (struct sockaddr_in *)sa; 382 if ((sai->sin_family != AF_INET) && jail_socket_unixiproute_only) 383 ok = 1; 384 else if (sai->sin_family != AF_INET) 385 ok = 0; 386 else if (cred->cr_prison->pr_ip != ntohl(sai->sin_addr.s_addr)) 387 ok = 1; 388 else 389 ok = 0; 390 return (ok); 391 } 392 393 /* 394 * Return 0 if jails permit p1 to frob p2, otherwise ESRCH. 395 */ 396 int 397 prison_check(struct ucred *cred1, struct ucred *cred2) 398 { 399 400 if (jailed(cred1)) { 401 if (!jailed(cred2)) 402 return (ESRCH); 403 if (cred2->cr_prison != cred1->cr_prison) 404 return (ESRCH); 405 } 406 407 return (0); 408 } 409 410 /* 411 * Return 1 if the passed credential is in a jail, otherwise 0. 412 */ 413 int 414 jailed(struct ucred *cred) 415 { 416 417 return (cred->cr_prison != NULL); 418 } 419 420 /* 421 * Return the correct hostname for the passed credential. 422 */ 423 void 424 getcredhostname(struct ucred *cred, char *buf, size_t size) 425 { 426 427 if (jailed(cred)) { 428 mtx_lock(&cred->cr_prison->pr_mtx); 429 strlcpy(buf, cred->cr_prison->pr_host, size); 430 mtx_unlock(&cred->cr_prison->pr_mtx); 431 } else 432 strlcpy(buf, hostname, size); 433 } 434 435 /* 436 * Determine whether the subject represented by cred can "see" 437 * status of a mount point. 438 * Returns: 0 for permitted, ENOENT otherwise. 439 * XXX: This function should be called cr_canseemount() and should be 440 * placed in kern_prot.c. 441 */ 442 int 443 prison_canseemount(struct ucred *cred, struct mount *mp) 444 { 445 struct prison *pr; 446 struct statfs *sp; 447 size_t len; 448 449 if (!jailed(cred) || jail_enforce_statfs == 0) 450 return (0); 451 pr = cred->cr_prison; 452 if (pr->pr_root->v_mount == mp) 453 return (0); 454 if (jail_enforce_statfs == 2) 455 return (ENOENT); 456 /* 457 * If jail's chroot directory is set to "/" we should be able to see 458 * all mount-points from inside a jail. 459 * This is ugly check, but this is the only situation when jail's 460 * directory ends with '/'. 461 */ 462 if (strcmp(pr->pr_path, "/") == 0) 463 return (0); 464 len = strlen(pr->pr_path); 465 sp = &mp->mnt_stat; 466 if (strncmp(pr->pr_path, sp->f_mntonname, len) != 0) 467 return (ENOENT); 468 /* 469 * Be sure that we don't have situation where jail's root directory 470 * is "/some/path" and mount point is "/some/pathpath". 471 */ 472 if (sp->f_mntonname[len] != '\0' && sp->f_mntonname[len] != '/') 473 return (ENOENT); 474 return (0); 475 } 476 477 void 478 prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp) 479 { 480 char jpath[MAXPATHLEN]; 481 struct prison *pr; 482 size_t len; 483 484 if (!jailed(cred) || jail_enforce_statfs == 0) 485 return; 486 pr = cred->cr_prison; 487 if (prison_canseemount(cred, mp) != 0) { 488 bzero(sp->f_mntonname, sizeof(sp->f_mntonname)); 489 strlcpy(sp->f_mntonname, "[restricted]", 490 sizeof(sp->f_mntonname)); 491 return; 492 } 493 if (pr->pr_root->v_mount == mp) { 494 /* 495 * Clear current buffer data, so we are sure nothing from 496 * the valid path left there. 497 */ 498 bzero(sp->f_mntonname, sizeof(sp->f_mntonname)); 499 *sp->f_mntonname = '/'; 500 return; 501 } 502 /* 503 * If jail's chroot directory is set to "/" we should be able to see 504 * all mount-points from inside a jail. 505 */ 506 if (strcmp(pr->pr_path, "/") == 0) 507 return; 508 len = strlen(pr->pr_path); 509 strlcpy(jpath, sp->f_mntonname + len, sizeof(jpath)); 510 /* 511 * Clear current buffer data, so we are sure nothing from 512 * the valid path left there. 513 */ 514 bzero(sp->f_mntonname, sizeof(sp->f_mntonname)); 515 if (*jpath == '\0') { 516 /* Should never happen. */ 517 *sp->f_mntonname = '/'; 518 } else { 519 strlcpy(sp->f_mntonname, jpath, sizeof(sp->f_mntonname)); 520 } 521 } 522 523 /* 524 * Check with permission for a specific privilege is granted within jail. We 525 * have a specific list of accepted privileges; the rest are denied. 526 */ 527 int 528 prison_priv_check(struct ucred *cred, int priv) 529 { 530 531 if (!jailed(cred)) 532 return (0); 533 534 switch (priv) { 535 536 /* 537 * Allow ktrace privileges for root in jail. 538 */ 539 case PRIV_KTRACE: 540 541 #if 0 542 /* 543 * Allow jailed processes to configure audit identity and 544 * submit audit records (login, etc). In the future we may 545 * want to further refine the relationship between audit and 546 * jail. 547 */ 548 case PRIV_AUDIT_GETAUDIT: 549 case PRIV_AUDIT_SETAUDIT: 550 case PRIV_AUDIT_SUBMIT: 551 #endif 552 553 /* 554 * Allow jailed processes to manipulate process UNIX 555 * credentials in any way they see fit. 556 */ 557 case PRIV_CRED_SETUID: 558 case PRIV_CRED_SETEUID: 559 case PRIV_CRED_SETGID: 560 case PRIV_CRED_SETEGID: 561 case PRIV_CRED_SETGROUPS: 562 case PRIV_CRED_SETREUID: 563 case PRIV_CRED_SETREGID: 564 case PRIV_CRED_SETRESUID: 565 case PRIV_CRED_SETRESGID: 566 567 /* 568 * Jail implements visibility constraints already, so allow 569 * jailed root to override uid/gid-based constraints. 570 */ 571 case PRIV_SEEOTHERGIDS: 572 case PRIV_SEEOTHERUIDS: 573 574 /* 575 * Jail implements inter-process debugging limits already, so 576 * allow jailed root various debugging privileges. 577 */ 578 case PRIV_DEBUG_DIFFCRED: 579 case PRIV_DEBUG_SUGID: 580 case PRIV_DEBUG_UNPRIV: 581 582 /* 583 * Allow jail to set various resource limits and login 584 * properties, and for now, exceed process resource limits. 585 */ 586 case PRIV_PROC_LIMIT: 587 case PRIV_PROC_SETLOGIN: 588 case PRIV_PROC_SETRLIMIT: 589 590 /* 591 * System V and POSIX IPC privileges are granted in jail. 592 */ 593 case PRIV_IPC_READ: 594 case PRIV_IPC_WRITE: 595 case PRIV_IPC_ADMIN: 596 case PRIV_IPC_MSGSIZE: 597 case PRIV_MQ_ADMIN: 598 599 /* 600 * Jail implements its own inter-process limits, so allow 601 * root processes in jail to change scheduling on other 602 * processes in the same jail. Likewise for signalling. 603 */ 604 case PRIV_SCHED_DIFFCRED: 605 case PRIV_SIGNAL_DIFFCRED: 606 case PRIV_SIGNAL_SUGID: 607 608 /* 609 * Allow jailed processes to write to sysctls marked as jail 610 * writable. 611 */ 612 case PRIV_SYSCTL_WRITEJAIL: 613 614 /* 615 * Allow root in jail to manage a variety of quota 616 * properties. These should likely be conditional on a 617 * configuration option. 618 */ 619 case PRIV_VFS_GETQUOTA: 620 case PRIV_VFS_SETQUOTA: 621 622 /* 623 * Since Jail relies on chroot() to implement file system 624 * protections, grant many VFS privileges to root in jail. 625 * Be careful to exclude mount-related and NFS-related 626 * privileges. 627 */ 628 case PRIV_VFS_READ: 629 case PRIV_VFS_WRITE: 630 case PRIV_VFS_ADMIN: 631 case PRIV_VFS_EXEC: 632 case PRIV_VFS_LOOKUP: 633 case PRIV_VFS_BLOCKRESERVE: /* XXXRW: Slightly surprising. */ 634 case PRIV_VFS_CHFLAGS_DEV: 635 case PRIV_VFS_CHOWN: 636 case PRIV_VFS_CHROOT: 637 case PRIV_VFS_RETAINSUGID: 638 case PRIV_VFS_FCHROOT: 639 case PRIV_VFS_LINK: 640 case PRIV_VFS_SETGID: 641 case PRIV_VFS_STICKYFILE: 642 return (0); 643 644 /* 645 * Depending on the global setting, allow privilege of 646 * setting system flags. 647 */ 648 case PRIV_VFS_SYSFLAGS: 649 if (jail_chflags_allowed) 650 return (0); 651 else 652 return (EPERM); 653 654 /* 655 * Allow jailed root to bind reserved ports. 656 */ 657 case PRIV_NETINET_RESERVEDPORT: 658 return (0); 659 660 /* 661 * Conditionally allow creating raw sockets in jail. 662 */ 663 case PRIV_NETINET_RAW: 664 if (jail_allow_raw_sockets) 665 return (0); 666 else 667 return (EPERM); 668 669 /* 670 * Since jail implements its own visibility limits on netstat 671 * sysctls, allow getcred. This allows identd to work in 672 * jail. 673 */ 674 case PRIV_NETINET_GETCRED: 675 return (0); 676 677 default: 678 /* 679 * In all remaining cases, deny the privilege request. This 680 * includes almost all network privileges, many system 681 * configuration privileges. 682 */ 683 return (EPERM); 684 } 685 } 686 687 static int 688 sysctl_jail_list(SYSCTL_HANDLER_ARGS) 689 { 690 struct xprison *xp, *sxp; 691 struct prison *pr; 692 int count, error; 693 694 if (jailed(req->td->td_ucred)) 695 return (0); 696 retry: 697 mtx_lock(&allprison_mtx); 698 count = prisoncount; 699 mtx_unlock(&allprison_mtx); 700 701 if (count == 0) 702 return (0); 703 704 sxp = xp = malloc(sizeof(*xp) * count, M_TEMP, M_WAITOK | M_ZERO); 705 mtx_lock(&allprison_mtx); 706 if (count != prisoncount) { 707 mtx_unlock(&allprison_mtx); 708 free(sxp, M_TEMP); 709 goto retry; 710 } 711 712 LIST_FOREACH(pr, &allprison, pr_list) { 713 mtx_lock(&pr->pr_mtx); 714 xp->pr_version = XPRISON_VERSION; 715 xp->pr_id = pr->pr_id; 716 strlcpy(xp->pr_path, pr->pr_path, sizeof(xp->pr_path)); 717 strlcpy(xp->pr_host, pr->pr_host, sizeof(xp->pr_host)); 718 xp->pr_ip = pr->pr_ip; 719 mtx_unlock(&pr->pr_mtx); 720 xp++; 721 } 722 mtx_unlock(&allprison_mtx); 723 724 error = SYSCTL_OUT(req, sxp, sizeof(*sxp) * count); 725 free(sxp, M_TEMP); 726 return (error); 727 } 728 729 SYSCTL_OID(_security_jail, OID_AUTO, list, CTLTYPE_STRUCT | CTLFLAG_RD, 730 NULL, 0, sysctl_jail_list, "S", "List of active jails"); 731 732 static int 733 sysctl_jail_jailed(SYSCTL_HANDLER_ARGS) 734 { 735 int error, injail; 736 737 injail = jailed(req->td->td_ucred); 738 error = SYSCTL_OUT(req, &injail, sizeof(injail)); 739 740 return (error); 741 } 742 SYSCTL_PROC(_security_jail, OID_AUTO, jailed, CTLTYPE_INT | CTLFLAG_RD, 743 NULL, 0, sysctl_jail_jailed, "I", "Process in jail?"); 744