svn commit: r256427 - in projects/random_number_generator: etc/rc.d share/man/man5 sys/dev/hyperv/stordisengage sys/dev/hyperv/vmbus sys/dev/xen/blkfront sys/sys usr.sbin/bhyve usr.sbin/bsdconfig/s...
Mark Murray
markm at FreeBSD.org
Sun Oct 13 09:33:51 UTC 2013
Author: markm
Date: Sun Oct 13 09:33:48 2013
New Revision: 256427
URL: http://svnweb.freebsd.org/changeset/base/256427
Log:
MFC - tracking commit
Modified:
projects/random_number_generator/etc/rc.d/jail
projects/random_number_generator/share/man/man5/rc.conf.5
projects/random_number_generator/sys/dev/hyperv/stordisengage/hv_ata_pci_disengage.c
projects/random_number_generator/sys/dev/hyperv/vmbus/hv_hv.c
projects/random_number_generator/sys/dev/hyperv/vmbus/hv_vmbus_drv_freebsd.c
projects/random_number_generator/sys/dev/xen/blkfront/blkfront.c
projects/random_number_generator/sys/sys/systm.h
projects/random_number_generator/usr.sbin/bhyve/pci_virtio_block.c
projects/random_number_generator/usr.sbin/bsdconfig/share/strings.subr
projects/random_number_generator/usr.sbin/jail/command.c
projects/random_number_generator/usr.sbin/jail/config.c
projects/random_number_generator/usr.sbin/jail/jail.8
projects/random_number_generator/usr.sbin/jail/jail.c
projects/random_number_generator/usr.sbin/jail/jailp.h
Directory Properties:
projects/random_number_generator/ (props changed)
projects/random_number_generator/sys/ (props changed)
projects/random_number_generator/sys/dev/hyperv/ (props changed)
projects/random_number_generator/usr.sbin/bhyve/ (props changed)
projects/random_number_generator/usr.sbin/jail/ (props changed)
Modified: projects/random_number_generator/etc/rc.d/jail
==============================================================================
--- projects/random_number_generator/etc/rc.d/jail Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/etc/rc.d/jail Sun Oct 13 09:33:48 2013 (r256427)
@@ -226,8 +226,7 @@ parse_options()
eval : \${jail_${_j}_fdescfs_enable:=${jail_fdescfs_enable:-NO}}
if checkyesno jail_${_j}_fdescfs_enable; then
- echo " mount += " \
- "\"fdescfs ${_rootdir%/}/dev/fd fdescfs rw 0 0\";"
+ echo " mount.fdescfs;"
fi
eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}}
if checkyesno jail_${_j}_procfs_enable; then
@@ -438,7 +437,7 @@ jail_start()
echo -n " ${_hostname:-${_jail}}"
else
echo " cannot start jail \"${_hostname:-${jail}}\": "
- tail +2 $_tmp
+ cat $_tmp
fi
rm -f $_tmp
done
Modified: projects/random_number_generator/share/man/man5/rc.conf.5
==============================================================================
--- projects/random_number_generator/share/man/man5/rc.conf.5 Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/share/man/man5/rc.conf.5 Sun Oct 13 09:33:48 2013 (r256427)
@@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd October 10, 2013
+.Dd October 12, 2013
.Dt RC.CONF 5
.Os
.Sh NAME
@@ -3992,9 +3992,7 @@ set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _fstab
.It Li mount
set from
-.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
-or
-.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable.
+.Va jail_ Ns Ao Ar jname Ac Ns Va _procfs_enable .
.It Li exec.fib
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _fib
@@ -4042,6 +4040,9 @@ set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _devfs_ruleset .
This must be an integer,
not a string.
+.It Li mount.fdescfs
+set from
+.Va jail_ Ns Ao Ar jname Ac Ns Va _fdescfs_enable
.It Li allow.set_hostname
set from
.Va jail_ Ns Ao Ar jname Ac Ns Va _set_hostname_allow
Modified: projects/random_number_generator/sys/dev/hyperv/stordisengage/hv_ata_pci_disengage.c
==============================================================================
--- projects/random_number_generator/sys/dev/hyperv/stordisengage/hv_ata_pci_disengage.c Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/sys/dev/hyperv/stordisengage/hv_ata_pci_disengage.c Sun Oct 13 09:33:48 2013 (r256427)
@@ -75,17 +75,11 @@ __FBSDID("$FreeBSD$");
#include <dev/ata/ata-pci.h>
#include <ata_if.h>
-#define HV_X64_MSR_GUEST_OS_ID 0x40000000
-#define HV_X64_CPUID_MIN 0x40000005
-#define HV_X64_CPUID_MAX 0x4000ffff
-
/* prototypes */
static int hv_ata_pci_probe(device_t dev);
static int hv_ata_pci_attach(device_t dev);
static int hv_ata_pci_detach(device_t dev);
-static int hv_check_for_hyper_v(void);
-
/*
* generic PCI ATA device probe
*/
@@ -100,7 +94,7 @@ hv_ata_pci_probe(device_t dev)
/*
* Don't probe if not running in a Hyper-V environment
*/
- if (!hv_check_for_hyper_v())
+ if (vm_guest != VM_GUEST_HV)
return (ENXIO);
if (device_get_unit(parent) != 0 || device_get_ivars(dev) != 0)
@@ -139,33 +133,6 @@ hv_ata_pci_detach(device_t dev)
return (0);
}
-/**
-* Detect Hyper-V and enable fast IDE
-* via enlighted storage driver
-*/
-static int
-hv_check_for_hyper_v(void)
-{
- u_int regs[4];
- int hyper_v_detected;
-
- hyper_v_detected = 0;
- do_cpuid(1, regs);
- if (regs[2] & 0x80000000) {
- /*
- * if(a hypervisor is detected)
- * make sure this really is Hyper-V
- */
- do_cpuid(HV_X64_MSR_GUEST_OS_ID, regs);
- hyper_v_detected =
- regs[0] >= HV_X64_CPUID_MIN &&
- regs[0] <= HV_X64_CPUID_MAX &&
- !memcmp("Microsoft Hv", ®s[1], 12);
- }
-
- return (hyper_v_detected);
-}
-
static device_method_t hv_ata_pci_methods[] = {
/* device interface */
DEVMETHOD(device_probe, hv_ata_pci_probe),
Modified: projects/random_number_generator/sys/dev/hyperv/vmbus/hv_hv.c
==============================================================================
--- projects/random_number_generator/sys/dev/hyperv/vmbus/hv_hv.c Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/sys/dev/hyperv/vmbus/hv_hv.c Sun Oct 13 09:33:48 2013 (r256427)
@@ -218,7 +218,7 @@ hv_vmbus_init(void)
0,
sizeof(hv_vmbus_handle) * MAXCPU);
- if (!hv_vmbus_query_hypervisor_presence())
+ if (vm_guest != VM_GUEST_HV)
goto cleanup;
max_leaf = hv_vmbus_get_hypervisor_version();
Modified: projects/random_number_generator/sys/dev/hyperv/vmbus/hv_vmbus_drv_freebsd.c
==============================================================================
--- projects/random_number_generator/sys/dev/hyperv/vmbus/hv_vmbus_drv_freebsd.c Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/sys/dev/hyperv/vmbus/hv_vmbus_drv_freebsd.c Sun Oct 13 09:33:48 2013 (r256427)
@@ -295,11 +295,15 @@ hv_vmbus_child_device_unregister(struct
return(ret);
}
-static void vmbus_identify(driver_t *driver, device_t parent) {
+static void
+vmbus_identify(driver_t *driver, device_t parent)
+{
+ if (!hv_vmbus_query_hypervisor_presence())
+ return;
+
+ vm_guest = VM_GUEST_HV;
+
BUS_ADD_CHILD(parent, 0, "vmbus", 0);
- if (device_find_child(parent, "vmbus", 0) == NULL) {
- BUS_ADD_CHILD(parent, 0, "vmbus", 0);
- }
}
static int
@@ -307,9 +311,6 @@ vmbus_probe(device_t dev) {
if(bootverbose)
device_printf(dev, "VMBUS: probe\n");
- if (!hv_vmbus_query_hypervisor_presence())
- return (ENXIO);
-
device_set_desc(dev, "Vmbus Devices");
return (0);
@@ -491,10 +492,13 @@ vmbus_attach(device_t dev)
static void
vmbus_init(void)
{
+ if (vm_guest != VM_GUEST_HV)
+ return;
+
/*
* If the system has already booted and thread
- * scheduling is possible indicated by the global
- * cold set to zero, we just call the driver
+ * scheduling is possible, as indicated by the
+ * global cold set to zero, we just call the driver
* initialization directly.
*/
if (!cold)
Modified: projects/random_number_generator/sys/dev/xen/blkfront/blkfront.c
==============================================================================
--- projects/random_number_generator/sys/dev/xen/blkfront/blkfront.c Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/sys/dev/xen/blkfront/blkfront.c Sun Oct 13 09:33:48 2013 (r256427)
@@ -1381,14 +1381,42 @@ xbd_closing(device_t dev)
static int
xbd_probe(device_t dev)
{
+ if (strcmp(xenbus_get_type(dev), "vbd") != 0)
+ return (ENXIO);
- if (!strcmp(xenbus_get_type(dev), "vbd")) {
- device_set_desc(dev, "Virtual Block Device");
- device_quiet(dev);
- return (0);
+ if (xen_hvm_domain()) {
+ int error;
+ char *type;
+
+ /*
+ * When running in an HVM domain, IDE disk emulation is
+ * disabled early in boot so that native drivers will
+ * not see emulated hardware. However, CDROM device
+ * emulation cannot be disabled.
+ *
+ * Through use of FreeBSD's vm_guest and xen_hvm_domain()
+ * APIs, we could modify the native CDROM driver to fail its
+ * probe when running under Xen. Unfortunatlely, the PV
+ * CDROM support in XenServer (up through at least version
+ * 6.2) isn't functional, so we instead rely on the emulated
+ * CDROM instance, and fail to attach the PV one here in
+ * the blkfront driver.
+ */
+ error = xs_read(XST_NIL, xenbus_get_node(dev),
+ "device-type", NULL, (void **) &type);
+ if (error)
+ return (ENXIO);
+
+ if (strncmp(type, "cdrom", 5) == 0) {
+ free(type, M_XENSTORE);
+ return (ENXIO);
+ }
+ free(type, M_XENSTORE);
}
- return (ENXIO);
+ device_set_desc(dev, "Virtual Block Device");
+ device_quiet(dev);
+ return (0);
}
/*
Modified: projects/random_number_generator/sys/sys/systm.h
==============================================================================
--- projects/random_number_generator/sys/sys/systm.h Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/sys/sys/systm.h Sun Oct 13 09:33:48 2013 (r256427)
@@ -71,7 +71,7 @@ extern int vm_guest; /* Running as virt
* and/or add to the VM_GUEST_VM type if specific VM functionality is
* ever implemented (e.g. vendor-specific paravirtualization features).
*/
-enum VM_GUEST { VM_GUEST_NO = 0, VM_GUEST_VM, VM_GUEST_XEN };
+enum VM_GUEST { VM_GUEST_NO = 0, VM_GUEST_VM, VM_GUEST_XEN, VM_GUEST_HV };
#if defined(WITNESS) || defined(INVARIANTS)
void kassert_panic(const char *fmt, ...) __printflike(1, 2);
Modified: projects/random_number_generator/usr.sbin/bhyve/pci_virtio_block.c
==============================================================================
--- projects/random_number_generator/usr.sbin/bhyve/pci_virtio_block.c Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/usr.sbin/bhyve/pci_virtio_block.c Sun Oct 13 09:33:48 2013 (r256427)
@@ -46,17 +46,25 @@ __FBSDID("$FreeBSD$");
#include <unistd.h>
#include <assert.h>
#include <pthread.h>
+#include <md5.h>
#include "bhyverun.h"
#include "pci_emul.h"
#include "virtio.h"
+#ifndef min
+#define min(a, b) ((a) < (b) ? (a) : (b))
+#endif
+
#define VTBLK_RINGSZ 64
#define VTBLK_MAXSEGS 32
#define VTBLK_S_OK 0
#define VTBLK_S_IOERR 1
+#define VTBLK_S_UNSUPP 2
+
+#define VTBLK_BLK_ID_BYTES 20
/*
* Host capabilities
@@ -85,6 +93,7 @@ struct vtblk_config {
struct virtio_blk_hdr {
#define VBH_OP_READ 0
#define VBH_OP_WRITE 1
+#define VBH_OP_IDENT 8
#define VBH_FLAG_BARRIER 0x80000000 /* OR'ed into vbh_type */
uint32_t vbh_type;
uint32_t vbh_ioprio;
@@ -106,6 +115,7 @@ struct pci_vtblk_softc {
struct vqueue_info vbsc_vq;
int vbsc_fd;
struct vtblk_config vbsc_cfg;
+ char vbsc_ident[VTBLK_BLK_ID_BYTES];
};
static void pci_vtblk_reset(void *);
@@ -180,7 +190,7 @@ pci_vtblk_proc(struct pci_vtblk_softc *s
for (i = 1; i < n; i++) {
/*
* - write op implies read-only descriptor,
- * - read op implies write-only descriptor,
+ * - read/ident op implies write-only descriptor,
* therefore test the inverse of the descriptor bit
* to the op.
*/
@@ -189,14 +199,34 @@ pci_vtblk_proc(struct pci_vtblk_softc *s
}
DPRINTF(("virtio-block: %s op, %d bytes, %d segs, offset %ld\n\r",
- writeop ? "write" : "read", iolen, i - 1, offset));
+ writeop ? "write" : "read/ident", iolen, i - 1, offset));
- if (writeop)
+ switch (type) {
+ case VBH_OP_WRITE:
err = pwritev(sc->vbsc_fd, iov + 1, i - 1, offset);
- else
+ break;
+ case VBH_OP_READ:
err = preadv(sc->vbsc_fd, iov + 1, i - 1, offset);
+ break;
+ case VBH_OP_IDENT:
+ /* Assume a single buffer */
+ strlcpy(iov[1].iov_base, sc->vbsc_ident,
+ min(iov[1].iov_len, sizeof(sc->vbsc_ident)));
+ err = 0;
+ break;
+ default:
+ err = -ENOSYS;
+ break;
+ }
- *status = err < 0 ? VTBLK_S_IOERR : VTBLK_S_OK;
+ /* convert errno into a virtio block error return */
+ if (err < 0) {
+ if (err == -ENOSYS)
+ *status = VTBLK_S_UNSUPP;
+ else
+ *status = VTBLK_S_IOERR;
+ } else
+ *status = VTBLK_S_OK;
/*
* Return the descriptor back to the host.
@@ -220,6 +250,8 @@ static int
pci_vtblk_init(struct vmctx *ctx, struct pci_devinst *pi, char *opts)
{
struct stat sbuf;
+ MD5_CTX mdctx;
+ u_char digest[16];
struct pci_vtblk_softc *sc;
off_t size;
int fd;
@@ -274,6 +306,16 @@ pci_vtblk_init(struct vmctx *ctx, struct
sc->vbsc_vq.vq_qsize = VTBLK_RINGSZ;
/* sc->vbsc_vq.vq_notify = we have no per-queue notify */
+ /*
+ * Create an identifier for the backing file. Use parts of the
+ * md5 sum of the filename
+ */
+ MD5Init(&mdctx);
+ MD5Update(&mdctx, opts, strlen(opts));
+ MD5Final(digest, &mdctx);
+ sprintf(sc->vbsc_ident, "BHYVE-%02X%02X-%02X%02X-%02X%02X",
+ digest[0], digest[1], digest[2], digest[3], digest[4], digest[5]);
+
/* setup virtio block config space */
sc->vbsc_cfg.vbc_capacity = size / sectsz;
sc->vbsc_cfg.vbc_seg_max = VTBLK_MAXSEGS;
Modified: projects/random_number_generator/usr.sbin/bsdconfig/share/strings.subr
==============================================================================
--- projects/random_number_generator/usr.sbin/bsdconfig/share/strings.subr Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/usr.sbin/bsdconfig/share/strings.subr Sun Oct 13 09:33:48 2013 (r256427)
@@ -341,17 +341,19 @@ f_shell_unescape()
#
# NOTE: Prefixes are case-insensitive.
#
-# Upon successful completion, the value 0 is returned (or stored to
-# $var_to_set); otherwise -1. Reasons for a -1 return include:
+# Upon successful completion, success status is returned; otherwise the number
+# -1 is produced ($var_to_set set to -1 or if $var_to_set is NULL or missing)
+# on standard output. In the case of failure, the error status will be one of:
#
-# Given $string contains no digits.
-# An unrecognized prefix was given.
-# Result too large to calculate.
+# Status Reason
+# 1 Given $string contains no digits
+# 2 An unrecognized prefix was given
+# 3 Result too large to calculate
#
f_expand_number()
{
local __string="$1" __var_to_set="$2"
- local __cp __num
+ local __cp __num __bshift __maxinput
# Remove any leading non-digits
while :; do
@@ -360,14 +362,14 @@ f_expand_number()
[ "$__string" = "$__cp" ] && break
done
- # Return `-1' if string didn't contain any digits
+ # Produce `-1' if string didn't contain any digits
if [ ! "$__string" ]; then
if [ "$__var_to_set" ]; then
setvar "$__var_to_set" -1
else
echo -1
fi
- return $FAILURE
+ return 1 # 1 = "Given $string contains no digits"
fi
# Store the numbers
@@ -390,9 +392,23 @@ f_expand_number()
[ "$__string" = "$__cp" ] && break
done
- # Test for invalid prefix
+ #
+ # Test for invalid prefix (and determine bitshift length)
+ #
case "$__string" in
- ""|[KkMmGgTtPpEe]*) : known prefix ;;
+ ""|[[:space:]]*) # Shortcut
+ if [ "$__var_to_set" ]; then
+ setvar "$__var_to_set" $__num
+ else
+ echo $__num
+ fi
+ return $SUCCESS ;;
+ [Kk]*) __bshift=10 ;;
+ [Mm]*) __bshift=20 ;;
+ [Gg]*) __bshift=30 ;;
+ [Tt]*) __bshift=40 ;;
+ [Pp]*) __bshift=50 ;;
+ [Ee]*) __bshift=60 ;;
*)
# Unknown prefix
if [ "$__var_to_set" ]; then
@@ -400,29 +416,23 @@ f_expand_number()
else
echo -1
fi
- return $FAILURE
+ return 2 # 2 = "An unrecognized prefix was given"
esac
- # Multiply the number out
- case "$__string" in
- [Kk]) __num=$(( $__num * 1024 )) ;;
- [Mm]) __num=$(( $__num * 1048576 )) ;;
- [Gg]) __num=$(( $__num * 1073741824 )) ;;
- [Tt]) __num=$(( $__num * 1099511627776 )) ;;
- [Pp]) __num=$(( $__num * 1125899906842624 )) ;;
- [Ee]) __num=$(( $__num * 1152921504606846976 )) ;;
- esac
- if [ $__num -le 0 ]; then
- # Arithmetic overflow
+ # Determine if the wheels fall off
+ __maxinput=$(( 0x7fffffffffffffff >> $__bshift ))
+ if [ $__num -gt $__maxinput ]; then
+ # Input (before expanding) would exceed 64-bit signed int
if [ "$__var_to_set" ]; then
setvar "$__var_to_set" -1
else
echo -1
fi
- return $FAILURE
+ return 3 # 3 = "Result too large to calculate"
fi
- # Return the number
+ # Shift the number out and produce it
+ __num=$(( $__num << $__bshift ))
if [ "$__var_to_set" ]; then
setvar "$__var_to_set" $__num
else
Modified: projects/random_number_generator/usr.sbin/jail/command.c
==============================================================================
--- projects/random_number_generator/usr.sbin/jail/command.c Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/usr.sbin/jail/command.c Sun Oct 13 09:33:48 2013 (r256427)
@@ -106,7 +106,12 @@ next_command(struct cfjail *j)
case IP_MOUNT_DEVFS:
if (!bool_param(j->intparams[IP_MOUNT_DEVFS]))
continue;
- /* FALLTHROUGH */
+ j->comstring = &dummystring;
+ break;
+ case IP_MOUNT_FDESCFS:
+ if (!bool_param(j->intparams[IP_MOUNT_FDESCFS]))
+ continue;
+ j->comstring = &dummystring;
case IP__OP:
case IP_STOP_TIMEOUT:
j->comstring = &dummystring;
@@ -452,6 +457,32 @@ run_command(struct cfjail *j)
}
break;
+ case IP_MOUNT_FDESCFS:
+ argv = alloca(7 * sizeof(char *));
+ path = string_param(j->intparams[KP_PATH]);
+ if (path == NULL) {
+ jail_warnx(j, "mount.fdescfs: no path");
+ return -1;
+ }
+ devpath = alloca(strlen(path) + 8);
+ sprintf(devpath, "%s/dev/fd", path);
+ if (check_path(j, "mount.fdescfs", devpath, 0,
+ down ? "fdescfs" : NULL) < 0)
+ return -1;
+ if (down) {
+ *(const char **)&argv[0] = "/sbin/umount";
+ argv[1] = devpath;
+ argv[2] = NULL;
+ } else {
+ *(const char **)&argv[0] = _PATH_MOUNT;
+ *(const char **)&argv[1] = "-t";
+ *(const char **)&argv[2] = "fdescfs";
+ *(const char **)&argv[3] = ".";
+ argv[4] = devpath;
+ argv[5] = NULL;
+ }
+ break;
+
case IP_COMMAND:
if (j->name != NULL)
goto default_command;
Modified: projects/random_number_generator/usr.sbin/jail/config.c
==============================================================================
--- projects/random_number_generator/usr.sbin/jail/config.c Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/usr.sbin/jail/config.c Sun Oct 13 09:33:48 2013 (r256427)
@@ -83,6 +83,7 @@ static const struct ipspec intparams[] =
#endif
[IP_MOUNT] = {"mount", PF_INTERNAL | PF_REV},
[IP_MOUNT_DEVFS] = {"mount.devfs", PF_INTERNAL | PF_BOOL},
+ [IP_MOUNT_FDESCFS] = {"mount.fdescfs", PF_INTERNAL | PF_BOOL},
[IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL},
[IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT},
[IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL},
Modified: projects/random_number_generator/usr.sbin/jail/jail.8
==============================================================================
--- projects/random_number_generator/usr.sbin/jail/jail.8 Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/usr.sbin/jail/jail.8 Sun Oct 13 09:33:48 2013 (r256427)
@@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd August 23, 2013
+.Dd October 12, 2013
.Dt JAIL 8
.Os
.Sh NAME
@@ -682,7 +682,7 @@ to.
An alias for each address will be added to the interface before the
prison is created, and will be removed from the interface after the
prison is removed.
-.It Op Va ip4.addr
+.It Va ip4.addr
In addition to the IP addresses that are passed to the kernel, and
interface and/or a netmask may also be specified, in the form
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar netmask .
@@ -691,7 +691,7 @@ will be added to that interface, as it i
.Va interface
parameter. If a netmask in either dotted-quad or CIDR form is given
after IP address, it will be used when adding the IP alias.
-.It Op Va ip6.addr
+.It Va ip6.addr
In addition to the IP addresses that are passed to the kernel,
and interface and/or a prefix may also be specified, in the form
.Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix .
@@ -722,11 +722,19 @@ An
format file containing filesystems to mount before creating a jail.
.It Va mount.devfs
Mount a
-.Xr devfs
-filesystem on the chrooted /dev directory, and apply the ruleset in the
+.Xr devfs 5
+filesystem on the chrooted
+.Pa /dev
+directory, and apply the ruleset in the
.Va devfs_ruleset
parameter (or a default of ruleset 4: devfsrules_jail)
to restrict the devices visible inside the prison.
+.It Va mount.fdescfs
+Mount a
+.Xr fdescfs 5
+filesystem on the chrooted
+.Pa /dev/fd
+directory.
.It Va allow.dying
Allow making changes to a
.Va dying
@@ -1165,6 +1173,8 @@ environment of the first jail.
.Xr ps 1 ,
.Xr quota 1 ,
.Xr jail_set 2 ,
+.Xr devfs 5 ,
+.Xr fdescfs 5 ,
.Xr jail.conf 5 ,
.Xr procfs 5 ,
.Xr rc.conf 5 ,
Modified: projects/random_number_generator/usr.sbin/jail/jail.c
==============================================================================
--- projects/random_number_generator/usr.sbin/jail/jail.c Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/usr.sbin/jail/jail.c Sun Oct 13 09:33:48 2013 (r256427)
@@ -92,6 +92,7 @@ static const enum intparam startcommands
IP_MOUNT,
IP__MOUNT_FROM_FSTAB,
IP_MOUNT_DEVFS,
+ IP_MOUNT_FDESCFS,
IP_EXEC_PRESTART,
IP__OP,
IP_VNET_INTERFACE,
@@ -108,6 +109,7 @@ static const enum intparam stopcommands[
IP_STOP_TIMEOUT,
IP__OP,
IP_EXEC_POSTSTOP,
+ IP_MOUNT_FDESCFS,
IP_MOUNT_DEVFS,
IP__MOUNT_FROM_FSTAB,
IP_MOUNT,
Modified: projects/random_number_generator/usr.sbin/jail/jailp.h
==============================================================================
--- projects/random_number_generator/usr.sbin/jail/jailp.h Sun Oct 13 09:27:49 2013 (r256426)
+++ projects/random_number_generator/usr.sbin/jail/jailp.h Sun Oct 13 09:33:48 2013 (r256427)
@@ -95,6 +95,7 @@ enum intparam {
#endif
IP_MOUNT, /* Mount points in fstab(5) form */
IP_MOUNT_DEVFS, /* Mount /dev under prison root */
+ IP_MOUNT_FDESCFS, /* Mount /dev/fd under prison root */
IP_MOUNT_FSTAB, /* A standard fstab(5) file */
IP_STOP_TIMEOUT, /* Time to wait after sending SIGTERM */
IP_VNET_INTERFACE, /* Assign interface(s) to vnet jail */
More information about the svn-src-projects
mailing list