svn commit: r250915 - in stable/9: etc etc/rc.d sys/kern
Jamie Gritton
jamie at FreeBSD.org
Wed May 22 18:26:13 UTC 2013
Author: jamie
Date: Wed May 22 18:26:12 2013
New Revision: 250915
URL: http://svnweb.freebsd.org/changeset/base/250915
Log:
MFC r250804:
Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't
apply to most jails but do apply to vnet jails. This includes adding
a new sysctl "security.jail.vnet" to identify vnet jails.
PR: conf/149050
Submitted by: mdodd
Modified:
stable/9/etc/rc
stable/9/etc/rc.d/ipfw
stable/9/etc/rc.d/netif
stable/9/etc/rc.d/routing
stable/9/etc/rc.shutdown
stable/9/sys/kern/kern_jail.c
Directory Properties:
stable/9/etc/ (props changed)
stable/9/etc/rc.d/ (props changed)
stable/9/sys/ (props changed)
Modified: stable/9/etc/rc
==============================================================================
--- stable/9/etc/rc Wed May 22 17:47:45 2013 (r250914)
+++ stable/9/etc/rc Wed May 22 18:26:12 2013 (r250915)
@@ -77,6 +77,9 @@ if [ `/sbin/sysctl -n security.jail.jail
if [ "$early_late_divider" = "FILESYSTEMS" ]; then
early_late_divider=NETWORKING
fi
+ if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then
+ skip="$skip -s nojailvnet"
+ fi
fi
# Do a first pass to get everything up to $early_late_divider so that
Modified: stable/9/etc/rc.d/ipfw
==============================================================================
--- stable/9/etc/rc.d/ipfw Wed May 22 17:47:45 2013 (r250914)
+++ stable/9/etc/rc.d/ipfw Wed May 22 18:26:12 2013 (r250915)
@@ -5,7 +5,7 @@
# PROVIDE: ipfw
# REQUIRE: ppp
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
. /etc/network.subr
Modified: stable/9/etc/rc.d/netif
==============================================================================
--- stable/9/etc/rc.d/netif Wed May 22 17:47:45 2013 (r250914)
+++ stable/9/etc/rc.d/netif Wed May 22 18:26:12 2013 (r250915)
@@ -28,7 +28,7 @@
# PROVIDE: netif
# REQUIRE: atm1 FILESYSTEMS serial sppp sysctl
# REQUIRE: ipfilter ipfs
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
. /etc/network.subr
Modified: stable/9/etc/rc.d/routing
==============================================================================
--- stable/9/etc/rc.d/routing Wed May 22 17:47:45 2013 (r250914)
+++ stable/9/etc/rc.d/routing Wed May 22 18:26:12 2013 (r250915)
@@ -7,7 +7,7 @@
# PROVIDE: routing
# REQUIRE: faith netif ppp stf
-# KEYWORD: nojail
+# KEYWORD: nojailvnet
. /etc/rc.subr
. /etc/network.subr
Modified: stable/9/etc/rc.shutdown
==============================================================================
--- stable/9/etc/rc.shutdown Wed May 22 17:47:45 2013 (r250914)
+++ stable/9/etc/rc.shutdown Wed May 22 18:26:12 2013 (r250915)
@@ -81,7 +81,12 @@ fi
# and perform the operation
#
rcorder_opts="-k shutdown"
-[ `/sbin/sysctl -n security.jail.jailed` -eq 1 ] && rcorder_opts="$rcorder_opts -s nojail"
+if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then
+ rcorder_opts="$rcorder_opts -s nojail"
+ if [ `/sbin/sysctl -n security.jail.vnet` -ne 1 ]; then
+ rcorder_opts="$rcorder_opts -s nojailvnet"
+ fi
+fi
case ${local_startup} in
[Nn][Oo] | '') ;;
Modified: stable/9/sys/kern/kern_jail.c
==============================================================================
--- stable/9/sys/kern/kern_jail.c Wed May 22 17:47:45 2013 (r250914)
+++ stable/9/sys/kern/kern_jail.c Wed May 22 18:26:12 2013 (r250915)
@@ -4147,6 +4147,26 @@ SYSCTL_PROC(_security_jail, OID_AUTO, ja
CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
sysctl_jail_jailed, "I", "Process in jail?");
+static int
+sysctl_jail_vnet(SYSCTL_HANDLER_ARGS)
+{
+ int error, havevnet;
+#ifdef VIMAGE
+ struct ucred *cred = req->td->td_ucred;
+
+ havevnet = jailed(cred) && prison_owns_vnet(cred);
+#else
+ havevnet = 0;
+#endif
+ error = SYSCTL_OUT(req, &havevnet, sizeof(havevnet));
+
+ return (error);
+}
+
+SYSCTL_PROC(_security_jail, OID_AUTO, vnet,
+ CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
+ sysctl_jail_vnet, "I", "Jail owns VNET?");
+
#if defined(INET) || defined(INET6)
SYSCTL_UINT(_security_jail, OID_AUTO, jail_max_af_ips, CTLFLAG_RW,
&jail_max_af_ips, 0,
More information about the svn-src-stable
mailing list