PERFORCE change 105881 for review
Robert Watson
rwatson at FreeBSD.org
Sat Sep 9 10:01:50 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=105881
Change 105881 by rwatson at rwatson_sesame on 2006/09/09 10:01:13
Complete privilege mapping for Jail.
Affected files ...
.. //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#3 edit
Differences ...
==== //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#3 (text+ko) ====
@@ -535,82 +535,189 @@
return (0);
switch (priv) {
+ /* case PRIV_ROOT: */
+ /* case PRIV_ACCT: */
+ /* case PRIV_MAXFILES: */
+ /* case PRIV_MAXPROC: */
+ case PRIV_KTRACE:
+ /* case PRIV_SETDUMPER: */
+ /* case PRIV_NFSD: */
+ /* case PRIV_REBOOT: */
+ /* case PRIV_SWAPON: */
+ /* case PRIV_SWAPOFF: */
+ /* case PRIV_MSGBUF: */
+ /* case PRIV_WITNESS: */
+ /* case PRIV_IO: */
+ /* case PRIV_KEYBOARD: */
+ /* case PRIV_DRIVER: */
+ /* case PRIV_ADJTIME: */
+ /* case PRIV_NTP_ADJTIME: */
+ /* case PRIV_CLOCK_SETTIME: */
+ /* case PRIV_SETTIMEOFDAY: */
+ /* case PRIV_SETHOSTID: */
+ /* case PRIV_SETDOMAINNAME: */
+ /* case PRIV_AUDIT_CONTROL: */
+ /* case PRIV_AUDIT_FAILSTOP: */
+ case PRIV_AUDIT_GETAUDIT:
+ case PRIV_AUDIT_SETAUDIT:
+ case PRIV_AUDIT_SUBMIT:
case PRIV_CRED_SETUID:
case PRIV_CRED_SETEUID:
case PRIV_CRED_SETGID:
case PRIV_CRED_SETEGID:
+ case PRIV_CRED_SETGROUPS:
case PRIV_CRED_SETREUID:
case PRIV_CRED_SETREGID:
case PRIV_CRED_SETRESUID:
case PRIV_CRED_SETRESGID:
- case PRIV_CRED_SETGROUPS:
- /*
- * Grant most process credential privileges, as root within a
- * jail can set up credentials as it sees fit. The ability
- * to modify jail settings, and in particular to attach to a
- * jail, is not granted.
- */
- return (0);
-
- case PRIV_SIGNAL_SUGID:
- case PRIV_SIGNAL_DIFFCRED:
+ case PRIV_SEEOTHERGIDS:
+ case PRIV_SEEOTHERUIDS:
+ case PRIV_DEBUG_DIFFCRED:
+ case PRIV_DEBUG_SUGID:
+ case PRIV_DEBUG_UNPRIV:
+ /* case PRIV_FIRMWARE_LOAD: */
+ /* case PRIV_JAIL_ATTACH: */
+ /* case PRIV_KENV_SET: */
+ /* case PRIV_KENV_UNSET: */
+ /* case PRIV_KLD_LOAD: */
+ /* case PRIV_KLD_UNLOAD: */
+ /* case PRIV_MAC_PARTITION: */
+ case PRIV_PROC_LIMIT:
case PRIV_PROC_SETLOGIN:
- /*
- * Inter-process privileges are generally granted, since a
- * separate jail name space check will be performed to scope
- * these calls to the current jail.
- */
- return (0);
-
- case PRIV_SCHED_SETPRIORITY:
case PRIV_PROC_SETRLIMIT:
- /*
- * Root in jail can modify resource limits and scheduler
- * properties as it sees fit.
- */
- return (0);
- case PRIV_IPC_READ:
- case PRIV_IPC_EXEC:
- case PRIV_IPC_WRITE:
- case PRIV_IPC_ADMIN:
- case PRIV_IPC_MSGSIZE:
- /*
- * Grant System V IPC privileges -- we enable access to the
- * services using a single setting, and assume that if System
- * V IPC is available in the jail, privilege will be granted
- * to root in the jail.
- */
- return (0);
-
- case PRIV_MQ_ADMIN:
- /*
- * POSIX message queue administrative privilege is granted:
- * if the jail can name the resource, then root in the jail
- * can manage it.
- */
- return (0);
-
+ /* XXXRW: Not yet. */
+ /* case PRIV_IPC_READ: */
+ /* case PRIV_IPC_WRITE: */
+ /* case PRIV_IPC_EXEC: */
+ /* case PRIV_IPC_ADMIN: */
+ /* case PRIV_IPC_MSGSIZE: */
+ /* case PRIV_MQ_ADMIN: */
+ /* case PRIV_PMC_MANAGE: */
+ /* case PRIV_PMC_SYSTEM: */
+ case PRIV_SCHED_DIFFCRED:
+ /* case PRIV_SCHED_SETPRIORITY: */
+ /* case PRIV_SCHED_RTPRIO: */
+ /* case PRIV_SCHED_SETPOLICY: */
+ /* case PRIV_SCHED_SET: */
+ /* case PRIV_SCHED_SETPARAM: */
+ /* case PRIV_SEM_WRITE: */
+ case PRIV_SIGNAL_DIFFCRED:
+ case PRIV_SIGNAL_SUGID:
+ /* case PRIV_SYSCTL_DEBUG: */
+ /* case PRIV_SYSCTL_WRITE: */
+ case PRIV_SYSCTL_WRITEJAIL:
+ /* case PRIV_TTY_CONSOLE: */
+ /* case PRIV_TTY_DRAINWAIT: */
+ /* case PRIV_TTY_DTRWAIT: */
+ /* case PRIV_TTY_EXCLUSIVE: */
+ /* case PRIV_TTY_PRISON: */
+ /* case PRIV_TTY_STI: */
+ /* case PRIV_TTY_SETA: */
+ /* case PRIV_UFS_EXTATTRCTL: */
+ case PRIV_UFS_GETQUOTA:
+ case PRIV_UFS_QUOTAOFF: /* XXXRW: Slightly surprising. */
+ case PRIV_UFS_QUOTAON: /* XXXRW: Slightly surprising. */
+ case PRIV_UFS_SETQUOTA:
+ case PRIV_UFS_SETUSE: /* XXXRW: Slightly surprising. */
+ /* case PRIV_UFS_EXCEEDQUOTA: */
case PRIV_VFS_READ:
case PRIV_VFS_WRITE:
+ case PRIV_VFS_ADMIN:
case PRIV_VFS_EXEC:
- case PRIV_VFS_ADMIN:
case PRIV_VFS_LOOKUP:
- /*
- * In general, grant file permission exemption in VFS, but
- * not the right to manipulate the name space (mounting,
- * chroot, etc).
- */
+ case PRIV_VFS_BLOCKRESERVE: /* XXXRW: Slightly surprising. */
+ case PRIV_VFS_CHFLAGS_DEV:
+ case PRIV_VFS_CHOWN:
+ case PRIV_VFS_CHROOT:
+ case PRIV_VFS_CLEARSUGID:
+ /* case PRIV_VFS_EXTATTR_SYSTEM: */
+ case PRIV_VFS_FCHROOT:
+ /* case PRIV_VFS_FHOPEN: */
+ /* case PRIV_VFS_FHSTAT: */
+ /* case PRIV_VFS_FHSTATFS: */
+ /* case PRIV_VFS_GENERATION: */
+ /* case PRIV_VFS_GETFH: */
+ case PRIV_VFS_LINK:
+ /* case PRIV_VFS_MKNOD_DEV: */
+ /* case PRIV_VFS_MOUNT: */
+ /* case PRIV_VFS_MOUNT_OWNER: */
+ /* case PRIV_VFS_MOUNT_EXPORTED: */
+ /* case PRIV_VFS_MOUNT_PERM: */
+ /* case PRIV_VFS_MOUNT_SUIDDIR: */
+ case PRIV_VFS_SETGID:
+ case PRIV_VFS_STICKYFILE:
return (0);
- case PRIV_VFS_CHFLAGS_DEV:
- case PRIV_VFS_REVOKE:
- /*
- * Grant rights relating to managing visible device nodes and
- * ttys.
- */
+ case PRIV_VFS_SYSFLAGS:
+ if (jail_chflags_allowed)
+ return (0);
+ else
+ return (EPERM);
+ /* case PRIV_VFS_UNMOUNT: */
+ /* case PRIV_VM_MADV_PROTECT: */
+ /* case PRIV_VM_MLOCK: */
+ /* case PRIV_VM_MUNLOCK: */
+ /* case PRIV_DEVFS_RULE: */
+ /* case PRIV_DEVFS_SYMLINK: */
+ /* case PRIV_RANDOM_RESEED: */
+ /* case PRIV_NET_BRIDGE: */
+ /* case PRIV_NET_GRE: */
+ /* case PRIV_NET_PPP: */
+ /* case PRIV_NET_SLIP: */
+ /* case PRIV_NET_BPF: */
+ /* case PRIV_NET_RAW: */
+ /* case PRIV_NET_ROUTE: */
+ /* case PRIV_NET_TAP: */
+ /* case PRIV_NET_SETIFMTU: */
+ /* case PRIV_NET_SETIFFLAGS: */
+ /* case PRIV_NET_SETIFCAP: */
+ /* case PRIV_NET_SETIFNAME: */
+ /* case PRIV_NET_SETIFMETRIC: */
+ /* case PRIV_NET_SETIFPHYS: */
+ /* case PRIV_NET_SETIFMAC: */
+ /* case PRIV_NET_ADDMULTI: */
+ /* case PRIV_NET_DELMULTI: */
+ /* case PRIV_NET_HWIOCTL: */
+ /* case PRIV_NET_SETLLADDR: */
+ /* case PRIV_NET_ADDIFGROUP: */
+ /* case PRIV_NET_DELIFGROUP: */
+ /* case PRIV_NET_IFCREATE: */
+ /* case PRIV_NET_IFDESTROY: */
+ /* case PRIV_NET80211_GETKEY: */
+ /* case PRIV_NET80211_MANAGE: */
+ /* case PRIV_NETATALK_RESERVEDPORT: */
+ /* case PRIV_NETATM_CFG: */
+ /* case PRIV_NETATM_ADD: */
+ /* case PRIV_NETATM_DEL: */
+ /* case PRIV_NETATM_SET: */
+ /* case PRIV_NETGRAPH_CONTROL: */
+ /* case PRIV_NETGRAPH_TTY: */
+ case PRIV_NETINET_RESERVEDPORT:
return (0);
+ /* case PRIV_NETINET_IPFW: */
+ /* case PRIV_NETINET_DIVERT: */
+ /* case PRIV_NETINET_PF: */
+ /* case PRIV_NETINET_DUMMYNET: */
+ /* case PRIV_NETINET_CARP: */
+ /* case PRIV_NETINET_MROUTE: */
+ case PRIV_NETINET_RAW:
+ if (jail_allow_raw_sockets)
+ return (0);
+ else
+ return (EPERM);
+ case PRIV_NETINET_GETCRED:
+ /* case PRIV_NETINET_ADDRCTRL6: */
+ /* case PRIV_NETINET_ND6: */
+ /* case PRIV_NETINET_SCOPE6: */
+ /* case PRIV_NETINET_ALIFETIME6: */
+ /* case PRIV_NETINET_IPSEC: */
+ /* case PRIV_NETIPX_RESERVEDPORT: */
+ /* case PRIV_NETIPX_RAW: */
+ /* case PRIV_NETNCP: */
+ /* case PRIV_NETSMB: */
+ /* case PRIV_VM86_INTCALL: */
default:
/*
More information about the trustedbsd-cvs
mailing list