FreeBSD Bugzilla – Attachment 191820 Details for
Bug 226931
Deprecating jail(2) and related sysctls
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for exp-run
jail-deprecate.diff (text/plain), 35.75 KB, created by
Jamie Gritton
on 2018-03-26 01:42:18 UTC
(
hide
)
Description:
Patch for exp-run
Filename:
MIME Type:
Creator:
Jamie Gritton
Created:
2018-03-26 01:42:18 UTC
Size:
35.75 KB
patch
obsolete
>Index: contrib/openbsm/bin/auditdistd/sandbox.c >=================================================================== >--- contrib/openbsm/bin/auditdistd/sandbox.c (revision 331491) >+++ contrib/openbsm/bin/auditdistd/sandbox.c (working copy) >@@ -38,6 +38,9 @@ > #endif > > #include <errno.h> >+#ifdef HAVE_JAIL >+#include <jail.h> >+#endif > #include <pwd.h> > #include <stdarg.h> > #include <stdbool.h> >@@ -63,7 +66,6 @@ > sandbox(const char *user, bool capsicum, const char *fmt, ...) > { > #ifdef HAVE_JAIL >- struct jail jailst; > char *jailhost; > va_list ap; > #endif >@@ -132,11 +134,8 @@ > pjdlog_error("Unable to allocate memory for jail host name."); > goto out; > } >- bzero(&jailst, sizeof(jailst)); >- jailst.version = JAIL_API_VERSION; >- jailst.path = pw->pw_dir; >- jailst.hostname = jailhost; >- if (jail(&jailst) >= 0) { >+ if (jail_setv(JAIL_CREATE | JAIL_ATTACH, "path", pw->pw_dir, >+ "host.hostname", jailhost, NULL) >= 0) { > jailed = true; > } else { > jailed = false; >Index: contrib/pjdfstest/tests/chflags/09.t >=================================================================== >--- contrib/pjdfstest/tests/chflags/09.t (revision 331491) >+++ contrib/pjdfstest/tests/chflags/09.t (working copy) >@@ -15,9 +15,6 @@ > n1=`namegen` > n2=`namegen` > >-old=`sysctl -n security.jail.chflags_allowed` >-sysctl security.jail.chflags_allowed=1 >/dev/null >- > expect 0 mkdir ${n0} 0755 > cdir=`pwd` > cd ${n0} >@@ -62,6 +59,5 @@ > fi > done > >-sysctl security.jail.chflags_allowed=${old} >/dev/null > cd ${cdir} > expect 0 rmdir ${n0} >Index: etc/rc.d/hostname >=================================================================== >--- etc/rc.d/hostname (revision 331491) >+++ etc/rc.d/hostname (working copy) >@@ -40,14 +40,7 @@ > > hostname_start() > { >- # If we are not inside a jail, set the host name. >- # If we are inside a jail, set the host name if it is permitted. >- # >- if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then >- if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then >- return >- fi >- else >+ if [ `$SYSCTL_N security.jail.jailed` -eq 0 ]; then > # If we're not in a jail and rc.conf doesn't specify a > # hostname, see if we can get one from kenv. > # >Index: etc/rc.d/zfs >=================================================================== >--- etc/rc.d/zfs (revision 331491) >+++ etc/rc.d/zfs (working copy) >@@ -18,9 +18,7 @@ > > zfs_start_jail() > { >- if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then >- zfs mount -a >- fi >+ zfs mount -a > } > > zfs_start_main() >@@ -43,9 +41,7 @@ > > zfs_stop_jail() > { >- if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then >- zfs unmount -a >- fi >+ zfs unmount -a > } > > zfs_stop_main() >Index: lib/libc/gen/getvfsbyname.3 >=================================================================== >--- lib/libc/gen/getvfsbyname.3 (revision 331491) >+++ lib/libc/gen/getvfsbyname.3 (working copy) >@@ -28,7 +28,7 @@ > .\" @(#)kvm_getvfsbyname.3 8.3 (Berkeley) 5/4/95 > .\" $FreeBSD$ > .\" >-.Dd August 30, 2016 >+.Dd March 21, 2018 > .Dt GETVFSBYNAME 3 > .Os > .Sh NAME >@@ -83,9 +83,10 @@ > stores file names as Unicode > .It Dv VFCF_JAIL > can be mounted from within a jail if >-.Va security.jail.mount_allowed >-sysctl is set to >-.Dv 1 >+.Va allow.mount >+and >+.Va allow.mount.<vfc_name> >+jail parameters are set > .It Dv VFCF_DELEGADMIN > supports delegated administration if > .Va vfs.usermount >Index: lib/libc/sys/jail.2 >=================================================================== >--- lib/libc/sys/jail.2 (revision 331491) >+++ lib/libc/sys/jail.2 (working copy) >@@ -25,7 +25,7 @@ > .\" > .\" $FreeBSD$ > .\" >-.Dd February 8, 2012 >+.Dd March 21, 2018 > .Dt JAIL 2 > .Os > .Sh NAME >@@ -41,8 +41,6 @@ > .In sys/param.h > .In sys/jail.h > .Ft int >-.Fn jail "struct jail *jail" >-.Ft int > .Fn jail_attach "int jid" > .Ft int > .Fn jail_remove "int jid" >@@ -53,74 +51,7 @@ > .Fn jail_set "struct iovec *iov" "u_int niov" "int flags" > .Sh DESCRIPTION > The >-.Fn jail >-system call sets up a jail and locks the current process in it. >-.Pp >-The argument is a pointer to a structure describing the prison: >-.Bd -literal -offset indent >-struct jail { >- uint32_t version; >- char *path; >- char *hostname; >- char *jailname; >- unsigned int ip4s; >- unsigned int ip6s; >- struct in_addr *ip4; >- struct in6_addr *ip6; >-}; >-.Ed >-.Pp >-.Dq Li version >-defines the version of the API in use. >-.Dv JAIL_API_VERSION >-is defined for the current version. >-.Pp >-The >-.Dq Li path >-pointer should be set to the directory which is to be the root of the >-prison. >-.Pp >-The >-.Dq Li hostname >-pointer can be set to the hostname of the prison. >-This can be changed >-from the inside of the prison. >-.Pp >-The >-.Dq Li jailname >-pointer is an optional name that can be assigned to the jail >-for example for management purposes. >-.Pp >-The >-.Dq Li ip4s >-and >-.Dq Li ip6s >-give the numbers of IPv4 and IPv6 addresses that will be passed >-via their respective pointers. >-.Pp >-The >-.Dq Li ip4 >-and >-.Dq Li ip6 >-pointers can be set to an arrays of IPv4 and IPv6 addresses to be assigned to >-the prison, or NULL if none. >-IPv4 addresses must be in network byte order. >-.Pp >-This is equivalent to, and deprecated in favor of, the > .Fn jail_set >-system call (see below), with the parameters >-.Va path , >-.Va host.hostname , >-.Va name , >-.Va ip4.addr , >-and >-.Va ip6.addr , >-and with the >-.Dv JAIL_ATTACH >-flag. >-.Pp >-The >-.Fn jail_set > system call creates a new jail, or modifies an existing one, and optionally > locks the current process in it. > Jail parameters are passed as an array of name-value pairs in the array >@@ -146,13 +77,19 @@ > retrieved via the > .Va security.jail.param > sysctl MIB entry. >-Notable parameters include those mentioned in the >-.Fn jail >-description above, as well as >+Notable parameters include > .Va jid > and >-.Va name , >-which identify the jail being created or modified. >+.Va name >+which identify the jail being created or modified, >+.Va path >+(the root directory of the jail), >+.Va host.hostname >+(the hostname of the jail), and >+.Va ip4.addr >+and >+.Va ip6.addr >+(IP addresses to assign to the jail). > See > .Xr jail 8 > for more information on the core jail parameters. >@@ -237,8 +174,7 @@ > of that jail. > .Sh RETURN VALUES > If successful, >-.Fn jail , >-.Fn jail_set , >+.Fn jail_set > and > .Fn jail_get > return a non-negative integer, termed the jail identifier (JID). >@@ -249,25 +185,6 @@ > .Rv -std jail_attach jail_remove > .Sh ERRORS > The >-.Fn jail >-system call >-will fail if: >-.Bl -tag -width Er >-.It Bq Er EPERM >-This process is not allowed to create a jail, either because it is not >-the super-user, or because it would exceed the jail's >-.Va children.max >-limit. >-.It Bq Er EFAULT >-.Fa jail >-points to an address outside the allocated address space of the process. >-.It Bq Er EINVAL >-The version number of the argument is not correct. >-.It Bq Er EAGAIN >-No free JID could be found. >-.El >-.Pp >-The > .Fn jail_set > system call > will fail if: >@@ -371,8 +288,7 @@ > .El > .Pp > Further >-.Fn jail , >-.Fn jail_set , >+.Fn jail_set > and > .Fn jail_attach > call >@@ -386,7 +302,7 @@ > .Xr chroot 2 , > .Xr jail 8 > .Sh HISTORY >-The >+The now-deprecated > .Fn jail > system call appeared in > .Fx 4.0 . >Index: sbin/hastctl/Makefile >=================================================================== >--- sbin/hastctl/Makefile (revision 331491) >+++ sbin/hastctl/Makefile (working copy) >@@ -33,7 +33,7 @@ > CFLAGS+=-DYY_NO_UNPUT > CFLAGS+=-DYY_NO_INPUT > >-LIBADD= md util >+LIBADD= jail md util > > YFLAGS+=-v > >Index: sbin/hastd/Makefile >=================================================================== >--- sbin/hastd/Makefile (revision 331491) >+++ sbin/hastd/Makefile (working copy) >@@ -31,7 +31,7 @@ > CFLAGS+=-DINET6 > .endif > >-LIBADD= geom md pthread util >+LIBADD= geom jail md pthread util > > YFLAGS+=-v > >Index: sbin/hastd/subr.c >=================================================================== >--- sbin/hastd/subr.c (revision 331491) >+++ sbin/hastd/subr.c (working copy) >@@ -45,6 +45,7 @@ > > #include <errno.h> > #include <fcntl.h> >+#include <jail.h> > #include <pwd.h> > #include <stdarg.h> > #include <stdbool.h> >@@ -155,7 +156,6 @@ > drop_privs(const struct hast_resource *res) > { > char jailhost[sizeof(res->hr_name) * 2]; >- struct jail jailst; > struct passwd *pw; > uid_t ruid, euid, suid; > gid_t rgid, egid, sgid; >@@ -181,9 +181,6 @@ > } > } > >- bzero(&jailst, sizeof(jailst)); >- jailst.version = JAIL_API_VERSION; >- jailst.path = pw->pw_dir; > if (res == NULL) { > (void)snprintf(jailhost, sizeof(jailhost), "hastctl"); > } else { >@@ -190,13 +187,8 @@ > (void)snprintf(jailhost, sizeof(jailhost), "hastd: %s (%s)", > res->hr_name, role2str(res->hr_role)); > } >- jailst.hostname = jailhost; >- jailst.jailname = NULL; >- jailst.ip4s = 0; >- jailst.ip4 = NULL; >- jailst.ip6s = 0; >- jailst.ip6 = NULL; >- if (jail(&jailst) >= 0) { >+ if (jail_setv(JAIL_CREATE | JAIL_ATTACH, "path", pw->pw_dir, >+ "host.hostname", jailhost, NULL) >= 0) { > jailed = true; > } else { > jailed = false; >Index: share/man/man9/VFS_SET.9 >=================================================================== >--- share/man/man9/VFS_SET.9 (revision 331491) >+++ share/man/man9/VFS_SET.9 (working copy) >@@ -26,7 +26,7 @@ > .\" > .\" $FreeBSD$ > .\" >-.Dd February 21, 2013 >+.Dd March 21, 2018 > .Dt VFS_SET 9 > .Os > .Sh NAME >@@ -72,9 +72,10 @@ > File names are stored as Unicode. > .It Dv VFCF_JAIL > Can be mounted from within a jail if >-.Va security.jail.mount_allowed >-sysctl is set to >-.Dv 1 . >+.Va allow.mount >+and >+.Va allow.mount.<fsname> >+jail parameters are set. > .It Dv VFCF_DELEGADMIN > Supports delegated administration if > .Va vfs.usermount >Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c >=================================================================== >--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c (revision 331491) >+++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c (working copy) >@@ -5195,9 +5195,8 @@ > * Privileged non-jail processes may not modify system flags > * if securelevel > 0 and any existing system flags are set. > * Privileged jail processes behave like privileged non-jail >- * processes if the security.jail.chflags_allowed sysctl is >- * is non-zero; otherwise, they behave like unprivileged >- * processes. >+ * processes if the PR_ALLOW_CHFLAGS permission bit is set; >+ * otherwise, they behave like unprivileged processes. > */ > if (secpolicy_fs_owner(vp->v_mount, cred) == 0 || > priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0) == 0) { >Index: sys/compat/freebsd32/freebsd32_misc.c >=================================================================== >--- sys/compat/freebsd32/freebsd32_misc.c (revision 331491) >+++ sys/compat/freebsd32/freebsd32_misc.c (working copy) >@@ -2271,8 +2271,10 @@ > return (0); > } > >+#ifdef COMPAT_FREEBSD11XXX > int >-freebsd32_jail(struct thread *td, struct freebsd32_jail_args *uap) >+freebsd11_freebsd32_jail(struct thread *td, >+ struct freebsd11_freebsd32_jail_args *uap) > { > uint32_t version; > int error; >@@ -2329,8 +2331,9 @@ > /* Sci-Fi jails are not supported, sorry. */ > return (EINVAL); > } >- return (kern_jail(td, &j)); >+ return (freebsd11_kern_jail(td, &j)); > } >+#endif /* COMPAT_FREEBSD11 */ > > int > freebsd32_jail_set(struct thread *td, struct freebsd32_jail_set_args *uap) >Index: sys/compat/freebsd32/freebsd32_proto.h >=================================================================== >--- sys/compat/freebsd32/freebsd32_proto.h (revision 331491) >+++ sys/compat/freebsd32/freebsd32_proto.h (working copy) >@@ -279,9 +279,6 @@ > struct freebsd32_aio_error_args { > char aiocbp_l_[PADL_(struct aiocb32 *)]; struct aiocb32 * aiocbp; char aiocbp_r_[PADR_(struct aiocb32 *)]; > }; >-struct freebsd32_jail_args { >- char jail_l_[PADL_(struct jail32 *)]; struct jail32 * jail; char jail_r_[PADR_(struct jail32 *)]; >-}; > struct freebsd32_sigtimedwait_args { > char set_l_[PADL_(const sigset_t *)]; const sigset_t * set; char set_r_[PADR_(const sigset_t *)]; > char info_l_[PADL_(siginfo_t *)]; siginfo_t * info; char info_r_[PADR_(siginfo_t *)]; >@@ -756,7 +753,6 @@ > int freebsd32_aio_return(struct thread *, struct freebsd32_aio_return_args *); > int freebsd32_aio_suspend(struct thread *, struct freebsd32_aio_suspend_args *); > int freebsd32_aio_error(struct thread *, struct freebsd32_aio_error_args *); >-int freebsd32_jail(struct thread *, struct freebsd32_jail_args *); > int freebsd32_sigtimedwait(struct thread *, struct freebsd32_sigtimedwait_args *); > int freebsd32_sigwaitinfo(struct thread *, struct freebsd32_sigwaitinfo_args *); > int freebsd32_aio_waitcomplete(struct thread *, struct freebsd32_aio_waitcomplete_args *); >@@ -1311,7 +1307,6 @@ > #define FREEBSD32_SYS_AUE_freebsd6_freebsd32_aio_write AUE_AIO_WRITE > #define FREEBSD32_SYS_AUE_freebsd6_freebsd32_lio_listio AUE_LIO_LISTIO > #define FREEBSD32_SYS_AUE_freebsd4_freebsd32_sendfile AUE_SENDFILE >-#define FREEBSD32_SYS_AUE_freebsd32_jail AUE_JAIL > #define FREEBSD32_SYS_AUE_freebsd4_freebsd32_sigaction AUE_SIGACTION > #define FREEBSD32_SYS_AUE_freebsd4_freebsd32_sigreturn AUE_SIGRETURN > #define FREEBSD32_SYS_AUE_freebsd32_sigtimedwait AUE_SIGWAIT >Index: sys/compat/freebsd32/freebsd32_syscall.h >=================================================================== >--- sys/compat/freebsd32/freebsd32_syscall.h (revision 331491) >+++ sys/compat/freebsd32/freebsd32_syscall.h (working copy) >@@ -275,7 +275,6 @@ > #define FREEBSD32_SYS_utrace 335 > /* 336 is freebsd4 freebsd32_sendfile */ > #define FREEBSD32_SYS_kldsym 337 >-#define FREEBSD32_SYS_freebsd32_jail 338 > #define FREEBSD32_SYS_sigprocmask 340 > #define FREEBSD32_SYS_sigsuspend 341 > /* 342 is freebsd4 freebsd32_sigaction */ >Index: sys/compat/freebsd32/freebsd32_syscalls.c >=================================================================== >--- sys/compat/freebsd32/freebsd32_syscalls.c (revision 331491) >+++ sys/compat/freebsd32/freebsd32_syscalls.c (working copy) >@@ -347,7 +347,7 @@ > "utrace", /* 335 = utrace */ > "compat4.freebsd32_sendfile", /* 336 = freebsd4 freebsd32_sendfile */ > "kldsym", /* 337 = kldsym */ >- "freebsd32_jail", /* 338 = freebsd32_jail */ >+ "#338", /* 338 = __jailxxx */ > "#339", /* 339 = pioctl */ > "sigprocmask", /* 340 = sigprocmask */ > "sigsuspend", /* 341 = sigsuspend */ >Index: sys/compat/freebsd32/freebsd32_sysent.c >=================================================================== >--- sys/compat/freebsd32/freebsd32_sysent.c (revision 331491) >+++ sys/compat/freebsd32/freebsd32_sysent.c (working copy) >@@ -396,7 +396,7 @@ > { AS(utrace_args), (sy_call_t *)sys_utrace, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 335 = utrace */ > { compat4(AS(freebsd4_freebsd32_sendfile_args),freebsd32_sendfile), AUE_SENDFILE, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 336 = freebsd4 freebsd32_sendfile */ > { AS(kldsym_args), (sy_call_t *)sys_kldsym, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 337 = kldsym */ >- { AS(freebsd32_jail_args), (sy_call_t *)freebsd32_jail, AUE_JAIL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 338 = freebsd32_jail */ >+ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 338 = __jailxxx */ > { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 339 = pioctl */ > { AS(sigprocmask_args), (sy_call_t *)sys_sigprocmask, AUE_SIGPROCMASK, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 340 = sigprocmask */ > { AS(sigsuspend_args), (sy_call_t *)sys_sigsuspend, AUE_SIGSUSPEND, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 341 = sigsuspend */ >Index: sys/compat/freebsd32/freebsd32_systrace_args.c >=================================================================== >--- sys/compat/freebsd32/freebsd32_systrace_args.c (revision 331491) >+++ sys/compat/freebsd32/freebsd32_systrace_args.c (working copy) >@@ -1584,13 +1584,6 @@ > *n_args = 3; > break; > } >- /* freebsd32_jail */ >- case 338: { >- struct freebsd32_jail_args *p = params; >- uarg[0] = (intptr_t) p->jail; /* struct jail32 * */ >- *n_args = 1; >- break; >- } > /* sigprocmask */ > case 340: { > struct sigprocmask_args *p = params; >@@ -5778,16 +5771,6 @@ > break; > }; > break; >- /* freebsd32_jail */ >- case 338: >- switch(ndx) { >- case 0: >- p = "userland struct jail32 *"; >- break; >- default: >- break; >- }; >- break; > /* sigprocmask */ > case 340: > switch(ndx) { >@@ -9755,11 +9738,6 @@ > if (ndx == 0 || ndx == 1) > p = "int"; > break; >- /* freebsd32_jail */ >- case 338: >- if (ndx == 0 || ndx == 1) >- p = "int"; >- break; > /* sigprocmask */ > case 340: > if (ndx == 0 || ndx == 1) >Index: sys/compat/freebsd32/syscalls.master >=================================================================== >--- sys/compat/freebsd32/syscalls.master (revision 331491) >+++ sys/compat/freebsd32/syscalls.master (working copy) >@@ -606,7 +606,7 @@ > off_t *sbytes, int flags); } > 337 AUE_NULL NOPROTO { int kldsym(int fileid, int cmd, \ > void *data); } >-338 AUE_JAIL STD { int freebsd32_jail(struct jail32 *jail); } >+338 AUE_NULL UNIMPL __jailxxx > 339 AUE_NULL UNIMPL pioctl > 340 AUE_SIGPROCMASK NOPROTO { int sigprocmask(int how, \ > const sigset_t *set, sigset_t *oset); } >Index: sys/fs/nandfs/nandfs_vnops.c >=================================================================== >--- sys/fs/nandfs/nandfs_vnops.c (revision 331491) >+++ sys/fs/nandfs/nandfs_vnops.c (working copy) >@@ -834,9 +834,8 @@ > * Privileged non-jail processes may not modify system flags > * if securelevel > 0 and any existing system flags are set. > * Privileged jail processes behave like privileged non-jail >- * processes if the security.jail.chflags_allowed sysctl is >- * is non-zero; otherwise, they behave like unprivileged >- * processes. >+ * processes if the PR_ALLOW_CHFLAGS permission bit is set; >+ * otherwise, they behave like unprivileged processes. > */ > > flags = inode->i_flags; >Index: sys/kern/init_sysent.c >=================================================================== >--- sys/kern/init_sysent.c (revision 331491) >+++ sys/kern/init_sysent.c (working copy) >@@ -389,7 +389,7 @@ > { AS(utrace_args), (sy_call_t *)sys_utrace, AUE_NULL, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 335 = utrace */ > { compat4(AS(freebsd4_sendfile_args),sendfile), AUE_SENDFILE, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 336 = freebsd4 sendfile */ > { AS(kldsym_args), (sy_call_t *)sys_kldsym, AUE_NULL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 337 = kldsym */ >- { AS(jail_args), (sy_call_t *)sys_jail, AUE_JAIL, NULL, 0, 0, 0, SY_THR_STATIC }, /* 338 = jail */ >+ { 0, (sy_call_t *)nosys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 338 = __jailxxx */ > { AS(nnpfs_syscall_args), (sy_call_t *)lkmressys, AUE_NULL, NULL, 0, 0, 0, SY_THR_ABSENT }, /* 339 = nnpfs_syscall */ > { AS(sigprocmask_args), (sy_call_t *)sys_sigprocmask, AUE_SIGPROCMASK, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 340 = sigprocmask */ > { AS(sigsuspend_args), (sy_call_t *)sys_sigsuspend, AUE_SIGSUSPEND, NULL, 0, 0, SYF_CAPENABLED, SY_THR_STATIC }, /* 341 = sigsuspend */ >Index: sys/kern/kern_jail.c >=================================================================== >--- sys/kern/kern_jail.c (revision 331491) >+++ sys/kern/kern_jail.c (working copy) >@@ -208,9 +208,11 @@ > #define JAIL_DEFAULT_ALLOW (PR_ALLOW_SET_HOSTNAME | PR_ALLOW_RESERVED_PORTS) > #define JAIL_DEFAULT_ENFORCE_STATFS 2 > #define JAIL_DEFAULT_DEVFS_RSNUM 0 >+#ifdef BURN_BRIDGESXXX > static unsigned jail_default_allow = JAIL_DEFAULT_ALLOW; > static int jail_default_enforce_statfs = JAIL_DEFAULT_ENFORCE_STATFS; > static int jail_default_devfs_rsnum = JAIL_DEFAULT_DEVFS_RSNUM; >+#endif > #if defined(INET) || defined(INET6) > static unsigned jail_max_af_ips = 255; > #endif >@@ -228,6 +230,7 @@ > strlcpy(prison0.pr_osrelease, osrelease, sizeof(prison0.pr_osrelease)); > } > >+#ifdef COMPAT_FREEBSD11XXX > /* > * struct jail_args { > * struct jail *jail; >@@ -234,7 +237,7 @@ > * }; > */ > int >-sys_jail(struct thread *td, struct jail_args *uap) >+freebsd11_jail(struct thread *td, struct freebsd11_jail_args *uap) > { > uint32_t version; > int error; >@@ -279,13 +282,16 @@ > /* Sci-Fi jails are not supported, sorry. */ > return (EINVAL); > } >- return (kern_jail(td, &j)); >+ return (freebsd11_kern_jail(td, &j)); > } > > int >-kern_jail(struct thread *td, struct jail *j) >+freebsd11_kern_jail(struct thread *td, struct jail *j) > { >- struct iovec optiov[2 * (4 + nitems(pr_flag_allow) >+ struct iovec optiov[2 * (3 >+#ifdef BURN_BRIDGESXXX >+ + 1 + nitems(pr_flag_allow) >+#endif > #ifdef INET > + 1 > #endif >@@ -295,7 +301,10 @@ > )]; > struct uio opt; > char *u_path, *u_hostname, *u_name; >+#ifdef BURN_BRIDGESXXX > struct bool_flags *bf; >+ int enforce_statfs; >+#endif > #ifdef INET > uint32_t ip4s; > struct in_addr *u_ip4; >@@ -304,7 +313,7 @@ > struct in6_addr *u_ip6; > #endif > size_t tmplen; >- int error, enforce_statfs; >+ int error; > > bzero(&optiov, sizeof(optiov)); > opt.uio_iov = optiov; >@@ -315,6 +324,7 @@ > opt.uio_rw = UIO_READ; > opt.uio_td = td; > >+#ifdef BURN_BRIDGESXXX > /* Set permissions for top-level jails from sysctls. */ > if (!jailed(td->td_ucred)) { > for (bf = pr_flag_allow; >@@ -335,6 +345,7 @@ > optiov[opt.uio_iovcnt].iov_len = sizeof(enforce_statfs); > opt.uio_iovcnt++; > } >+#endif > > tmplen = MAXPATHLEN + MAXHOSTNAMELEN + MAXHOSTNAMELEN; > #ifdef INET >@@ -438,6 +449,7 @@ > free(u_path, M_TEMP); > return (error); > } >+#endif /* COMPAT_FREEBSD11 */ > > > /* >@@ -1255,7 +1267,11 @@ > > pr->pr_securelevel = ppr->pr_securelevel; > pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow; >+#ifndef BURN_BRIDGESXXX >+ pr->pr_enforce_statfs = JAIL_DEFAULT_ENFORCE_STATFS; >+#else > pr->pr_enforce_statfs = jail_default_enforce_statfs; >+#endif > pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum; > > pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate; >@@ -3407,6 +3423,7 @@ > static SYSCTL_NODE(_security, OID_AUTO, jail, CTLFLAG_RW, 0, > "Jails"); > >+#ifdef COMPAT_FREEBSD11XXX > static int > sysctl_jail_list(SYSCTL_HANDLER_ARGS) > { >@@ -3510,6 +3527,7 @@ > SYSCTL_OID(_security_jail, OID_AUTO, list, > CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, > sysctl_jail_list, "S", "List of active jails"); >+#endif /* COMPAT_FREEBSD11 */ > > static int > sysctl_jail_jailed(SYSCTL_HANDLER_ARGS) >@@ -3549,9 +3567,10 @@ > #if defined(INET) || defined(INET6) > SYSCTL_UINT(_security_jail, OID_AUTO, jail_max_af_ips, CTLFLAG_RW, > &jail_max_af_ips, 0, >- "Number of IP addresses a jail may have at most per address family (deprecated)"); >+ "Number of IP addresses a jail may have at most per address family"); > #endif > >+#ifdef BURN_BRIDGESXXX > /* > * Default parameters for jail(2) compatibility. For historical reasons, > * the sysctl names have varying similarity to the parameter names. Prisons >@@ -3669,6 +3688,7 @@ > &jail_default_devfs_rsnum, offsetof(struct prison, pr_devfs_rsnum), > sysctl_jail_default_level, "I", > "Ruleset for the devfs filesystem in jail (deprecated)"); >+#endif /* !BURN_BRIDGES */ > > /* > * Nodes to describe jail parameters. Maximum length of string parameters >Index: sys/kern/syscalls.c >=================================================================== >--- sys/kern/syscalls.c (revision 331491) >+++ sys/kern/syscalls.c (working copy) >@@ -344,7 +344,7 @@ > "utrace", /* 335 = utrace */ > "compat4.sendfile", /* 336 = freebsd4 sendfile */ > "kldsym", /* 337 = kldsym */ >- "jail", /* 338 = jail */ >+ "#338", /* 338 = __jailxxx */ > "nnpfs_syscall", /* 339 = nnpfs_syscall */ > "sigprocmask", /* 340 = sigprocmask */ > "sigsuspend", /* 341 = sigsuspend */ >Index: sys/kern/syscalls.master >=================================================================== >--- sys/kern/syscalls.master (revision 331491) >+++ sys/kern/syscalls.master (working copy) >@@ -595,7 +595,7 @@ > int flags); } > 337 AUE_NULL STD { int kldsym(int fileid, int cmd, \ > void *data); } >-338 AUE_JAIL STD { int jail(struct jail *jail); } >+338 AUE_NULL UNIMPL __jailxxx > 339 AUE_NULL NOSTD|NOTSTATIC { int nnpfs_syscall(int operation, \ > char *a_pathP, int a_opcode, \ > void *a_paramsP, int a_followSymlinks); } >Index: sys/kern/systrace_args.c >=================================================================== >--- sys/kern/systrace_args.c (revision 331491) >+++ sys/kern/systrace_args.c (working copy) >@@ -1618,13 +1618,6 @@ > *n_args = 3; > break; > } >- /* jail */ >- case 338: { >- struct jail_args *p = params; >- uarg[0] = (intptr_t) p->jail; /* struct jail * */ >- *n_args = 1; >- break; >- } > /* nnpfs_syscall */ > case 339: { > struct nnpfs_syscall_args *p = params; >@@ -5839,16 +5832,6 @@ > break; > }; > break; >- /* jail */ >- case 338: >- switch(ndx) { >- case 0: >- p = "userland struct jail *"; >- break; >- default: >- break; >- }; >- break; > /* nnpfs_syscall */ > case 339: > switch(ndx) { >@@ -9729,11 +9712,6 @@ > if (ndx == 0 || ndx == 1) > p = "int"; > break; >- /* jail */ >- case 338: >- if (ndx == 0 || ndx == 1) >- p = "int"; >- break; > /* nnpfs_syscall */ > case 339: > if (ndx == 0 || ndx == 1) >Index: sys/sys/jail.h >=================================================================== >--- sys/sys/jail.h (revision 331491) >+++ sys/sys/jail.h (working copy) >@@ -32,6 +32,7 @@ > #ifndef _SYS_JAIL_H_ > #define _SYS_JAIL_H_ > >+#ifdef COMPAT_FREEBSD11 > #ifdef _KERNEL > struct jail_v0 { > u_int32_t version; >@@ -57,16 +58,6 @@ > * For all xprison structs, always keep the pr_version an int and > * the first variable so userspace can easily distinguish them. > */ >-#ifndef _KERNEL >-struct xprison_v1 { >- int pr_version; >- int pr_id; >- char pr_path[MAXPATHLEN]; >- char pr_host[MAXHOSTNAMELEN]; >- u_int32_t pr_ip; >-}; >-#endif >- > struct xprison { > int pr_version; > int pr_id; >@@ -91,6 +82,7 @@ > #define PRISON_STATE_INVALID 0 > #define PRISON_STATE_ALIVE 1 > #define PRISON_STATE_DYING 2 >+#endif /* COMPAT_FREEBSD11 */ > > /* > * Flags for jail_set and jail_get. >@@ -110,7 +102,6 @@ > > struct iovec; > >-int jail(struct jail *); > int jail_set(struct iovec *, unsigned int, int); > int jail_get(struct iovec *, unsigned int, int); > int jail_attach(int); >Index: sys/sys/syscall.h >=================================================================== >--- sys/sys/syscall.h (revision 331491) >+++ sys/sys/syscall.h (working copy) >@@ -280,7 +280,6 @@ > #define SYS_utrace 335 > /* 336 is freebsd4 sendfile */ > #define SYS_kldsym 337 >-#define SYS_jail 338 > #define SYS_nnpfs_syscall 339 > #define SYS_sigprocmask 340 > #define SYS_sigsuspend 341 >Index: sys/sys/syscall.mk >=================================================================== >--- sys/sys/syscall.mk (revision 331491) >+++ sys/sys/syscall.mk (working copy) >@@ -211,7 +211,6 @@ > sched_rr_get_interval.o \ > utrace.o \ > kldsym.o \ >- jail.o \ > nnpfs_syscall.o \ > sigprocmask.o \ > sigsuspend.o \ >Index: sys/sys/syscallsubr.h >=================================================================== >--- sys/sys/syscallsubr.h (revision 331491) >+++ sys/sys/syscallsubr.h (working copy) >@@ -141,7 +141,6 @@ > int kern_getsockopt(struct thread *td, int s, int level, int name, > void *optval, enum uio_seg valseg, socklen_t *valsize); > int kern_ioctl(struct thread *td, int fd, u_long com, caddr_t data); >-int kern_jail(struct thread *td, struct jail *j); > int kern_jail_get(struct thread *td, struct uio *options, int flags); > int kern_jail_set(struct thread *td, struct uio *options, int flags); > int kern_kevent(struct thread *td, int fd, int nchanges, int nevents, >@@ -306,5 +305,6 @@ > > int freebsd11_kern_getdirentries(struct thread *td, int fd, char *ubuf, u_int > count, long *basep, void (*func)(struct freebsd11_dirent *)); >+int freebsd11_kern_jail(struct thread *td, struct jail *j); > > #endif /* !_SYS_SYSCALLSUBR_H_ */ >Index: sys/sys/sysproto.h >=================================================================== >--- sys/sys/sysproto.h (revision 331491) >+++ sys/sys/sysproto.h (working copy) >@@ -852,9 +852,6 @@ > char cmd_l_[PADL_(int)]; int cmd; char cmd_r_[PADR_(int)]; > char data_l_[PADL_(void *)]; void * data; char data_r_[PADR_(void *)]; > }; >-struct jail_args { >- char jail_l_[PADL_(struct jail *)]; struct jail * jail; char jail_r_[PADR_(struct jail *)]; >-}; > struct nnpfs_syscall_args { > char operation_l_[PADL_(int)]; int operation; char operation_r_[PADR_(int)]; > char a_pathP_l_[PADL_(char *)]; char * a_pathP; char a_pathP_r_[PADR_(char *)]; >@@ -1965,7 +1962,6 @@ > int sys_sched_rr_get_interval(struct thread *, struct sched_rr_get_interval_args *); > int sys_utrace(struct thread *, struct utrace_args *); > int sys_kldsym(struct thread *, struct kldsym_args *); >-int sys_jail(struct thread *, struct jail_args *); > int sys_nnpfs_syscall(struct thread *, struct nnpfs_syscall_args *); > int sys_sigprocmask(struct thread *, struct sigprocmask_args *); > int sys_sigsuspend(struct thread *, struct sigsuspend_args *); >@@ -2849,7 +2845,6 @@ > #define SYS_AUE_utrace AUE_NULL > #define SYS_AUE_freebsd4_sendfile AUE_SENDFILE > #define SYS_AUE_kldsym AUE_NULL >-#define SYS_AUE_jail AUE_JAIL > #define SYS_AUE_nnpfs_syscall AUE_NULL > #define SYS_AUE_sigprocmask AUE_SIGPROCMASK > #define SYS_AUE_sigsuspend AUE_SIGSUSPEND >Index: sys/ufs/ufs/ufs_vnops.c >=================================================================== >--- sys/ufs/ufs/ufs_vnops.c (revision 331491) >+++ sys/ufs/ufs/ufs_vnops.c (working copy) >@@ -550,9 +550,8 @@ > * Privileged non-jail processes may not modify system flags > * if securelevel > 0 and any existing system flags are set. > * Privileged jail processes behave like privileged non-jail >- * processes if the security.jail.chflags_allowed sysctl is >- * is non-zero; otherwise, they behave like unprivileged >- * processes. >+ * processes if the PR_ALLOW_CHFLAGS permission bit is set; >+ * otherwise, they behave like unprivileged processes. > */ > if (!priv_check_cred(cred, PRIV_VFS_SYSFLAGS, 0)) { > if (ip->i_flags & >Index: tools/regression/netinet/udpconnectjail/Makefile >=================================================================== >--- tools/regression/netinet/udpconnectjail/Makefile (revision 331491) >+++ tools/regression/netinet/udpconnectjail/Makefile (working copy) >@@ -4,4 +4,6 @@ > MAN= > WARNS?= 2 > >+LIBADD+= jail >+ > .include <bsd.prog.mk> >Index: tools/regression/netinet/udpconnectjail/udpconnectjail.c >=================================================================== >--- tools/regression/netinet/udpconnectjail/udpconnectjail.c (revision 331491) >+++ tools/regression/netinet/udpconnectjail/udpconnectjail.c (working copy) >@@ -36,6 +36,7 @@ > > #include <err.h> > #include <errno.h> >+#include <jail.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> >@@ -76,8 +77,6 @@ > main(int argc, __unused char *argv[]) > { > struct sockaddr_in sin; >- struct jail thejail; >- struct in_addr ia4; > > if (argc != 1) > usage(); >@@ -95,19 +94,9 @@ > > /* > * Now re-run in a jail. >- * XXX-BZ should switch to jail_set(2). > */ >- ia4.s_addr = htonl(INADDR_LOOPBACK); >- >- bzero(&thejail, sizeof(thejail)); >- thejail.version = JAIL_API_VERSION; >- thejail.path = "/"; >- thejail.hostname = "jail"; >- thejail.jailname = "udpconnectjail"; >- thejail.ip4s = 1; >- thejail.ip4 = &ia4; >- >- if (jail(&thejail) < 0) >+ if (jail_setv(JAIL_CREATE | JAIL_ATTACH, "name", "udpconnectjail", >+ "host.hostname", "jail", "ip4.addr", "127.0.0.1", NULL) < 0) > errx(-1, "jail: %s", strerror(errno)); > test("in jail", &sin); > >Index: tools/regression/priv/Makefile >=================================================================== >--- tools/regression/priv/Makefile (revision 331491) >+++ tools/regression/priv/Makefile (working copy) >@@ -48,7 +48,7 @@ > MAN= > WARNS?= 3 > >-LIBADD+= ipsec >+LIBADD+= ipsec jail > > .if ${MK_INET6_SUPPORT} != "no" > CFLAGS+= -DINET6 >Index: tools/regression/priv/main.c >=================================================================== >--- tools/regression/priv/main.c (revision 331491) >+++ tools/regression/priv/main.c (working copy) >@@ -45,6 +45,7 @@ > > #include <err.h> > #include <errno.h> >+#include <jail.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> >@@ -438,25 +439,13 @@ > static void > enter_jail(const char *test) > { >- struct jail j; >- struct in_addr ia4; >-#ifdef INET6 >- struct in6_addr ia6 = IN6ADDR_LOOPBACK_INIT; >-#endif > >- bzero(&j, sizeof(j)); >- j.version = JAIL_API_VERSION; >- j.path = "/"; >- j.hostname = "test"; >- j.jailname = "regressions/priv"; >- ia4.s_addr = htonl(INADDR_LOOPBACK); >- j.ip4s = 1; >- j.ip4 = &ia4; >+ if (jail_setv(JAIL_CREATE | JAIL_ATTACH, "name", "regressions/priv", >+ "host.hostname", "test", "ip4.addr", "127.0.0.1", > #ifdef INET6 >- j.ip6s = 1; >- j.ip6 = &ia6; >+ "ip6.addr", "::1", > #endif >- if (jail(&j) < 0) >+ NULL) < 0) > err(-1, "test %s: jail", test); > } > >Index: tools/tools/sysdoc/tunables.mdoc >=================================================================== >--- tools/tools/sysdoc/tunables.mdoc (revision 331491) >+++ tools/tools/sysdoc/tunables.mdoc (working copy) >@@ -1728,19 +1728,6 @@ > security.bsd.unprivileged_read_msgbuf > > --- >-security.jail.set_hostname_allowed >-bool >- >-Determines whether or not the root user >-within the jail can set the hostname. >- >---- >-security.jail.socket_unixiproute_only >- >---- >-security.jail.sysvipc_allowed >- >---- > security.mac.biba.enabled > bool > >Index: usr.sbin/auditdistd/Makefile >=================================================================== >--- usr.sbin/auditdistd/Makefile (revision 331491) >+++ usr.sbin/auditdistd/Makefile (working copy) >@@ -21,7 +21,7 @@ > SRCS+= token.l trail.c > MAN= auditdistd.8 auditdistd.conf.5 > >-LIBADD+= l pthread util crypto ssl >+LIBADD+= jail l pthread util crypto ssl > > YFLAGS+=-v > >Index: usr.sbin/jail/config.c >=================================================================== >--- usr.sbin/jail/config.c (revision 331491) >+++ usr.sbin/jail/config.c (working copy) >@@ -32,7 +32,9 @@ > #include <sys/types.h> > #include <sys/errno.h> > #include <sys/socket.h> >+#ifndef BURN_BRIDGES > #include <sys/sysctl.h> >+#endif > > #include <arpa/inet.h> > #include <netinet/in.h> >@@ -98,6 +100,7 @@ > #endif > [IP__MOUNT_FROM_FSTAB] = {"mount.fstab", PF_INTERNAL | PF_CONV | PF_REV}, > [IP__OP] = {NULL, PF_CONV}, >+#ifndef BURN_BRIDGES > [KP_ALLOW_CHFLAGS] = {"allow.chflags", 0}, > [KP_ALLOW_MOUNT] = {"allow.mount", 0}, > [KP_ALLOW_RAW_SOCKETS] = {"allow.raw_sockets", 0}, >@@ -104,8 +107,11 @@ > [KP_ALLOW_SET_HOSTNAME]= {"allow.set_hostname", 0}, > [KP_ALLOW_SOCKET_AF] = {"allow.socket_af", 0}, > [KP_ALLOW_SYSVIPC] = {"allow.sysvipc", 0}, >+#endif > [KP_DEVFS_RULESET] = {"devfs_ruleset", 0}, >+#ifndef BURN_BRIDGES > [KP_ENFORCE_STATFS] = {"enforce_statfs", 0}, >+#endif > [KP_HOST_HOSTNAME] = {"host.hostname", 0}, > #ifdef INET > [KP_IP4_ADDR] = {"ip4.addr", 0}, >Index: usr.sbin/jail/jail.c >=================================================================== >--- usr.sbin/jail/jail.c (revision 331491) >+++ usr.sbin/jail/jail.c (working copy) >@@ -33,7 +33,9 @@ > #include <sys/types.h> > #include <sys/stat.h> > #include <sys/socket.h> >+#ifndef BURN_BRIDGES > #include <sys/sysctl.h> >+#endif > > #include <arpa/inet.h> > #include <netinet/in.h> >@@ -74,6 +76,7 @@ > static void quoted_print(FILE *fp, char *str); > static void usage(void); > >+#ifndef BURN_BRIDGES > static struct permspec perm_sysctl[] = { > { "security.jail.set_hostname_allowed", KP_ALLOW_SET_HOSTNAME, 0 }, > { "security.jail.sysvipc_allowed", KP_ALLOW_SYSVIPC, 0 }, >@@ -82,6 +85,7 @@ > { "security.jail.mount_allowed", KP_ALLOW_MOUNT, 0 }, > { "security.jail.socket_unixiproute_only", KP_ALLOW_SOCKET_AF, 1 }, > }; >+#endif > > static const enum intparam startcommands[] = { > IP__NULL, >@@ -260,6 +264,7 @@ > #endif > for (i = 3; i < argc; i++) > add_param(NULL, NULL, IP_COMMAND, argv[i]); >+#ifndef BURN_BRIDGES > /* Emulate the defaults from security.jail.* sysctls. */ > sysvallen = sizeof(sysval); > if (sysctlbyname("security.jail.jailed", &sysval, &sysvallen, >@@ -284,6 +289,7 @@ > enforce_statfs); > } > } >+#endif > } else if (op == JF_STOP) { > /* Jail remove, perhaps using the config file */ > if (!docf || argc == 0) >Index: usr.sbin/jail/jailp.h >=================================================================== >--- usr.sbin/jail/jailp.h (revision 331491) >+++ usr.sbin/jail/jailp.h (working copy) >@@ -112,6 +112,7 @@ > #endif > IP__MOUNT_FROM_FSTAB, /* Line from mount.fstab file */ > IP__OP, /* Placeholder for requested operation */ >+#ifndef BURN_BRIDGES > KP_ALLOW_CHFLAGS, > KP_ALLOW_MOUNT, > KP_ALLOW_RAW_SOCKETS, >@@ -118,8 +119,11 @@ > KP_ALLOW_SET_HOSTNAME, > KP_ALLOW_SOCKET_AF, > KP_ALLOW_SYSVIPC, >+#endif > KP_DEVFS_RULESET, >+#ifndef BURN_BRIDGES > KP_ENFORCE_STATFS, >+#endif > KP_HOST_HOSTNAME, > #ifdef INET > KP_IP4_ADDR,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=191820">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 226931
: 191820