svn commit: r277159 - in head/sys: kern sys
Jamie Gritton
jamie at FreeBSD.org
Wed Jan 14 04:50:30 UTC 2015
Author: jamie
Date: Wed Jan 14 04:50:28 2015
New Revision: 277159
URL: https://svnweb.freebsd.org/changeset/base/277159
Log:
Remove the prison flags PR_IP4_DISABLE and PR_IP6_DISABLE, which have been
write-only for as long as they've existed.
Modified:
head/sys/kern/kern_jail.c
head/sys/sys/jail.h
Modified: head/sys/kern/kern_jail.c
==============================================================================
--- head/sys/kern/kern_jail.c Wed Jan 14 03:52:41 2015 (r277158)
+++ head/sys/kern/kern_jail.c Wed Jan 14 04:50:28 2015 (r277159)
@@ -187,10 +187,10 @@ struct jailsys_flags {
{ "vnet", 0, PR_VNET },
#endif
#ifdef INET
- { "ip4", PR_IP4_USER | PR_IP4_DISABLE, PR_IP4_USER },
+ { "ip4", PR_IP4_USER, PR_IP4_USER },
#endif
#ifdef INET6
- { "ip6", PR_IP6_USER | PR_IP6_DISABLE, PR_IP6_USER },
+ { "ip6", PR_IP6_USER, PR_IP6_USER },
#endif
};
const size_t pr_flag_jailsys_size = sizeof(pr_flag_jailsys);
@@ -807,11 +807,9 @@ kern_jail_set(struct thread *td, struct
error = EINVAL;
goto done_free;
} else {
- ch_flags |= PR_IP4_USER | PR_IP4_DISABLE;
- if (ip4s == 0)
- pr_flags |= PR_IP4_USER | PR_IP4_DISABLE;
- else {
- pr_flags = (pr_flags & ~PR_IP4_DISABLE) | PR_IP4_USER;
+ ch_flags |= PR_IP4_USER;
+ pr_flags |= PR_IP4_USER;
+ if (ip4s > 0) {
ip4s /= sizeof(*ip4);
if (ip4s > jail_max_af_ips) {
error = EINVAL;
@@ -865,11 +863,9 @@ kern_jail_set(struct thread *td, struct
error = EINVAL;
goto done_free;
} else {
- ch_flags |= PR_IP6_USER | PR_IP6_DISABLE;
- if (ip6s == 0)
- pr_flags |= PR_IP6_USER | PR_IP6_DISABLE;
- else {
- pr_flags = (pr_flags & ~PR_IP6_DISABLE) | PR_IP6_USER;
+ ch_flags |= PR_IP6_USER;
+ pr_flags |= PR_IP6_USER;
+ if (ip6s > 0) {
ip6s /= sizeof(*ip6);
if (ip6s > jail_max_af_ips) {
error = EINVAL;
@@ -1249,8 +1245,7 @@ kern_jail_set(struct thread *td, struct
{
#ifdef INET
if (!(ch_flags & PR_IP4_USER))
- pr->pr_flags |=
- PR_IP4 | PR_IP4_USER | PR_IP4_DISABLE;
+ pr->pr_flags |= PR_IP4 | PR_IP4_USER;
else if (!(pr_flags & PR_IP4_USER)) {
pr->pr_flags |= ppr->pr_flags & PR_IP4;
if (ppr->pr_ip4 != NULL) {
@@ -1265,8 +1260,7 @@ kern_jail_set(struct thread *td, struct
#endif
#ifdef INET6
if (!(ch_flags & PR_IP6_USER))
- pr->pr_flags |=
- PR_IP6 | PR_IP6_USER | PR_IP6_DISABLE;
+ pr->pr_flags |= PR_IP6 | PR_IP6_USER;
else if (!(pr_flags & PR_IP6_USER)) {
pr->pr_flags |= ppr->pr_flags & PR_IP6;
if (ppr->pr_ip6 != NULL) {
@@ -2724,7 +2718,6 @@ prison_restrict_ip4(struct prison *pr, s
}
}
if (pr->pr_ip4s == 0) {
- pr->pr_flags |= PR_IP4_DISABLE;
free(pr->pr_ip4, M_PRISON);
pr->pr_ip4 = NULL;
}
@@ -3065,7 +3058,6 @@ prison_restrict_ip6(struct prison *pr, s
}
}
if (pr->pr_ip6s == 0) {
- pr->pr_flags |= PR_IP6_DISABLE;
free(pr->pr_ip6, M_PRISON);
pr->pr_ip6 = NULL;
}
Modified: head/sys/sys/jail.h
==============================================================================
--- head/sys/sys/jail.h Wed Jan 14 03:52:41 2015 (r277158)
+++ head/sys/sys/jail.h Wed Jan 14 04:50:28 2015 (r277159)
@@ -201,8 +201,6 @@ struct prison_racct {
#define PR_IP4_USER 0x00000004 /* Restrict IPv4 addresses */
#define PR_IP6_USER 0x00000008 /* Restrict IPv6 addresses */
#define PR_VNET 0x00000010 /* Virtual network stack */
-#define PR_IP4_DISABLE 0x00000020 /* Disable IPv4 */
-#define PR_IP6_DISABLE 0x00000040 /* Disable IPv6 */
#define PR_IP4_SADDRSEL 0x00000080 /* Do IPv4 src addr sel. or use the */
/* primary jail address. */
#define PR_IP6_SADDRSEL 0x00000100 /* Do IPv6 src addr sel. or use the */
More information about the svn-src-head
mailing list