#include <sys/cdefs.h>#include "opt_ddb.h"#include "opt_inet.h"#include "opt_inet6.h"#include <sys/param.h>#include <sys/types.h>#include <sys/kernel.h>#include <sys/systm.h>#include <sys/errno.h>#include <sys/sysproto.h>#include <sys/malloc.h>#include <sys/osd.h>#include <sys/priv.h>#include <sys/proc.h>#include <sys/epoch.h>#include <sys/taskqueue.h>#include <sys/fcntl.h>#include <sys/jail.h>#include <sys/linker.h>#include <sys/lock.h>#include <sys/mutex.h>#include <sys/racct.h>#include <sys/rctl.h>#include <sys/refcount.h>#include <sys/sx.h>#include <sys/sysent.h>#include <sys/namei.h>#include <sys/mount.h>#include <sys/queue.h>#include <sys/socket.h>#include <sys/syscallsubr.h>#include <sys/sysctl.h>#include <sys/uuid.h>#include <sys/vnode.h>#include <net/if.h>#include <net/vnet.h>#include <netinet/in.h>#include <security/mac/mac_framework.h>
Go to the source code of this file.
Data Structures | |
| struct | bool_flags |
| struct | jailsys_flags |
Macros | |
| #define | PRISON0_HOSTUUID_MODULE "hostuuid" |
| #define | _PR_IP_SADDRSEL 0 |
| #define | PD_DEREF 0x01 /* Decrement pr_ref */ |
| #define | PD_DEUREF 0x02 /* Decrement pr_uref */ |
| #define | PD_KILL 0x04 /* Remove jail, kill processes, etc */ |
| #define | PD_LOCKED 0x10 /* pr_mtx is held */ |
| #define | PD_LIST_SLOCKED 0x20 /* allprison_lock is held shared */ |
| #define | PD_LIST_XLOCKED 0x40 /* allprison_lock is held exclusive */ |
| #define | PD_OP_FLAGS 0x07 /* Operation flags */ |
| #define | PD_LOCK_FLAGS 0x70 /* Lock status flags */ |
| #define | JAIL_DEFAULT_ALLOW |
| #define | JAIL_DEFAULT_ENFORCE_STATFS 2 |
| #define | JAIL_DEFAULT_DEVFS_RSNUM 0 |
Functions | |
| __FBSDID ("$FreeBSD$") | |
| MALLOC_DEFINE (M_PRISON, "prison", "Prison structures") | |
| static | MALLOC_DEFINE (M_PRISON_RACCT, "prison_racct", "Prison racct structures") |
| MTX_SYSINIT (prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF) | |
| SX_SYSINIT (allprison_lock, &allprison_lock, "allprison") | |
| LIST_HEAD (prison_racct) | |
| void | prison0_init (void) |
| int | sys_jail (struct thread *td, struct jail_args *uap) |
| int | kern_jail (struct thread *td, struct jail *j) |
| int | sys_jail_set (struct thread *td, struct jail_set_args *uap) |
| int | kern_jail_set (struct thread *td, struct uio *optuio, int flags) |
| static int | get_next_prid (struct prison **insprp) |
| int | sys_jail_get (struct thread *td, struct jail_get_args *uap) |
| int | kern_jail_get (struct thread *td, struct uio *optuio, int flags) |
| int | sys_jail_remove (struct thread *td, struct jail_remove_args *uap) |
| int | sys_jail_attach (struct thread *td, struct jail_attach_args *uap) |
| static int | do_jail_attach (struct thread *td, struct prison *pr, int drflags) |
| struct prison * | prison_find (int prid) |
| struct prison * | prison_find_child (struct prison *mypr, int prid) |
| struct prison * | prison_find_name (struct prison *mypr, const char *name) |
| int | prison_flag (struct ucred *cred, unsigned flag) |
| int | prison_allow (struct ucred *cred, unsigned flag) |
| void | prison_hold_locked (struct prison *pr) |
| void | prison_hold (struct prison *pr) |
| void | prison_free_locked (struct prison *pr) |
| void | prison_free (struct prison *pr) |
| static void | prison_free_not_last (struct prison *pr) |
| void | prison_proc_hold (struct prison *pr) |
| void | prison_proc_free (struct prison *pr) |
| static void | prison_proc_free_not_last (struct prison *pr) |
| static void | prison_complete (void *context, int pending) |
| static void | prison_deref (struct prison *pr, int flags) |
| static void | prison_deref_kill (struct prison *pr, struct prisonlist *freeprison) |
| static int | prison_lock_xlock (struct prison *pr, int flags) |
| void | prison_set_allow (struct ucred *cred, unsigned flag, int enable) |
| static void | prison_set_allow_locked (struct prison *pr, unsigned flag, int enable) |
| int | prison_check_af (struct ucred *cred, int af) |
| int | prison_if (struct ucred *cred, const struct sockaddr *sa) |
| int | prison_check (struct ucred *cred1, struct ucred *cred2) |
| int | prison_ischild (struct prison *pr1, struct prison *pr2) |
| bool | prison_isalive (const struct prison *pr) |
| bool | prison_isvalid (struct prison *pr) |
| int | jailed_without_vnet (struct ucred *cred) |
| void | getcredhostname (struct ucred *cred, char *buf, size_t size) |
| void | getcreddomainname (struct ucred *cred, char *buf, size_t size) |
| void | getcredhostuuid (struct ucred *cred, char *buf, size_t size) |
| void | getcredhostid (struct ucred *cred, unsigned long *hostid) |
| void | getjailname (struct ucred *cred, char *name, size_t len) |
| int | prison_canseemount (struct ucred *cred, struct mount *mp) |
| void | prison_enforce_statfs (struct ucred *cred, struct mount *mp, struct statfs *sp) |
| int | prison_priv_check (struct ucred *cred, int priv) |
| char * | prison_name (struct prison *pr1, struct prison *pr2) |
| static char * | prison_path (struct prison *pr1, struct prison *pr2) |
| static | SYSCTL_NODE (_security, OID_AUTO, jail, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "Jails") |
| static int | sysctl_jail_list (SYSCTL_HANDLER_ARGS) |
| SYSCTL_OID (_security_jail, OID_AUTO, list, CTLTYPE_STRUCT|CTLFLAG_RD|CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_list, "S", "List of active jails") | |
| static int | sysctl_jail_jailed (SYSCTL_HANDLER_ARGS) |
| SYSCTL_PROC (_security_jail, OID_AUTO, jailed, CTLTYPE_INT|CTLFLAG_RD|CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_jailed, "I", "Process in jail?") | |
| static int | sysctl_jail_vnet (SYSCTL_HANDLER_ARGS) |
| SYSCTL_PROC (_security_jail, OID_AUTO, vnet, CTLTYPE_INT|CTLFLAG_RD|CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_vnet, "I", "Jail owns vnet?") | |
| static int | sysctl_jail_default_allow (SYSCTL_HANDLER_ARGS) |
| SYSCTL_PROC (_security_jail, OID_AUTO, set_hostname_allowed, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, NULL, PR_ALLOW_SET_HOSTNAME, sysctl_jail_default_allow, "I", "Processes in jail can set their hostnames (deprecated)") | |
| SYSCTL_PROC (_security_jail, OID_AUTO, socket_unixiproute_only, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE,(void *) 1, PR_ALLOW_SOCKET_AF, sysctl_jail_default_allow, "I", "Processes in jail are limited to creating UNIX/IP/route sockets only (deprecated)") | |
| SYSCTL_PROC (_security_jail, OID_AUTO, sysvipc_allowed, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, NULL, PR_ALLOW_SYSVIPC, sysctl_jail_default_allow, "I", "Processes in jail can use System V IPC primitives (deprecated)") | |
| SYSCTL_PROC (_security_jail, OID_AUTO, allow_raw_sockets, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, NULL, PR_ALLOW_RAW_SOCKETS, sysctl_jail_default_allow, "I", "Prison root can create raw sockets (deprecated)") | |
| SYSCTL_PROC (_security_jail, OID_AUTO, chflags_allowed, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, NULL, PR_ALLOW_CHFLAGS, sysctl_jail_default_allow, "I", "Processes in jail can alter system file flags (deprecated)") | |
| SYSCTL_PROC (_security_jail, OID_AUTO, mount_allowed, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, NULL, PR_ALLOW_MOUNT, sysctl_jail_default_allow, "I", "Processes in jail can mount/unmount jail-friendly file systems (deprecated)") | |
| static int | sysctl_jail_default_level (SYSCTL_HANDLER_ARGS) |
| SYSCTL_PROC (_security_jail, OID_AUTO, enforce_statfs, CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_MPSAFE, &jail_default_enforce_statfs, offsetof(struct prison, pr_enforce_statfs), sysctl_jail_default_level, "I", "Processes in jail cannot see all mounted file systems (deprecated)") | |
| SYSCTL_PROC (_security_jail, OID_AUTO, devfs_ruleset, CTLTYPE_INT|CTLFLAG_RD|CTLFLAG_MPSAFE, &jail_default_devfs_rsnum, offsetof(struct prison, pr_devfs_rsnum), sysctl_jail_default_level, "I", "Ruleset for the devfs filesystem in jail (deprecated)") | |
| SYSCTL_NODE (_security_jail, OID_AUTO, param, CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "Jail parameters") | |
| int | sysctl_jail_param (SYSCTL_HANDLER_ARGS) |
| SYSCTL_JAIL_PARAM (, jid, CTLTYPE_INT|CTLFLAG_RDTUN, "I", "Jail ID") | |
| SYSCTL_JAIL_PARAM (, parent, CTLTYPE_INT|CTLFLAG_RD, "I", "Jail parent ID") | |
| SYSCTL_JAIL_PARAM_STRING (, name, CTLFLAG_RW, MAXHOSTNAMELEN, "Jail name") | |
| SYSCTL_JAIL_PARAM_STRING (, path, CTLFLAG_RDTUN, MAXPATHLEN, "Jail root path") | |
| SYSCTL_JAIL_PARAM (, securelevel, CTLTYPE_INT|CTLFLAG_RW, "I", "Jail secure level") | |
| SYSCTL_JAIL_PARAM (, osreldate, CTLTYPE_INT|CTLFLAG_RDTUN, "I", "Jail value for kern.osreldate and uname -K") | |
| SYSCTL_JAIL_PARAM_STRING (, osrelease, CTLFLAG_RDTUN, OSRELEASELEN, "Jail value for kern.osrelease and uname -r") | |
| SYSCTL_JAIL_PARAM (, enforce_statfs, CTLTYPE_INT|CTLFLAG_RW, "I", "Jail cannot see all mounted file systems") | |
| SYSCTL_JAIL_PARAM (, devfs_ruleset, CTLTYPE_INT|CTLFLAG_RW, "I", "Ruleset for in-jail devfs mounts") | |
| SYSCTL_JAIL_PARAM (, persist, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail persistence") | |
| SYSCTL_JAIL_PARAM (, dying, CTLTYPE_INT|CTLFLAG_RD, "B", "Jail is in the process of shutting down") | |
| SYSCTL_JAIL_PARAM_NODE (children, "Number of child jails") | |
| SYSCTL_JAIL_PARAM (_children, cur, CTLTYPE_INT|CTLFLAG_RD, "I", "Current number of child jails") | |
| SYSCTL_JAIL_PARAM (_children, max, CTLTYPE_INT|CTLFLAG_RW, "I", "Maximum number of child jails") | |
| SYSCTL_JAIL_PARAM_SYS_NODE (host, CTLFLAG_RW, "Jail host info") | |
| SYSCTL_JAIL_PARAM_STRING (_host, hostname, CTLFLAG_RW, MAXHOSTNAMELEN, "Jail hostname") | |
| SYSCTL_JAIL_PARAM_STRING (_host, domainname, CTLFLAG_RW, MAXHOSTNAMELEN, "Jail NIS domainname") | |
| SYSCTL_JAIL_PARAM_STRING (_host, hostuuid, CTLFLAG_RW, HOSTUUIDLEN, "Jail host UUID") | |
| SYSCTL_JAIL_PARAM (_host, hostid, CTLTYPE_ULONG|CTLFLAG_RW, "LU", "Jail host ID") | |
| SYSCTL_JAIL_PARAM_NODE (cpuset, "Jail cpuset") | |
| SYSCTL_JAIL_PARAM (_cpuset, id, CTLTYPE_INT|CTLFLAG_RD, "I", "Jail cpuset ID") | |
| SYSCTL_JAIL_PARAM_NODE (allow, "Jail permission flags") | |
| SYSCTL_JAIL_PARAM (_allow, set_hostname, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may set hostname") | |
| SYSCTL_JAIL_PARAM (_allow, sysvipc, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may use SYSV IPC") | |
| SYSCTL_JAIL_PARAM (_allow, raw_sockets, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may create raw sockets") | |
| SYSCTL_JAIL_PARAM (_allow, chflags, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may alter system file flags") | |
| SYSCTL_JAIL_PARAM (_allow, quotas, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may set file quotas") | |
| SYSCTL_JAIL_PARAM (_allow, socket_af, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route") | |
| SYSCTL_JAIL_PARAM (_allow, mlock, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may lock (unlock) physical pages in memory") | |
| SYSCTL_JAIL_PARAM (_allow, reserved_ports, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may bind sockets to reserved ports") | |
| SYSCTL_JAIL_PARAM (_allow, read_msgbuf, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may read the kernel message buffer") | |
| SYSCTL_JAIL_PARAM (_allow, unprivileged_proc_debug, CTLTYPE_INT|CTLFLAG_RW, "B", "Unprivileged processes may use process debugging facilities") | |
| SYSCTL_JAIL_PARAM (_allow, suser, CTLTYPE_INT|CTLFLAG_RW, "B", "Processes in jail with uid 0 have privilege") | |
| SYSCTL_JAIL_PARAM_SUBNODE (allow, mount, "Jail mount/unmount permission flags") | |
| SYSCTL_JAIL_PARAM (_allow_mount,, CTLTYPE_INT|CTLFLAG_RW, "B", "Jail may mount/unmount jail-friendly file systems in general") | |
| unsigned | prison_add_allow (const char *prefix, const char *name, const char *prefix_descr, const char *descr) |
| void | prison_add_vfs (struct vfsconf *vfsp) |
Variables | |
| struct prison | prison0 |
| struct sx | allprison_lock |
| struct prisonlist | allprison = TAILQ_HEAD_INITIALIZER(allprison) |
| const size_t | pr_flag_bool_size = sizeof(pr_flag_bool) |
| static struct jailsys_flags | pr_flag_jailsys [] |
| const size_t | pr_flag_jailsys_size = sizeof(pr_flag_jailsys) |
| static struct bool_flags | pr_flag_allow [NBBY *NBPW] |
| static unsigned | pr_allow_all = PR_ALLOW_ALL_STATIC |
| const size_t | pr_flag_allow_size = sizeof(pr_flag_allow) |
| static unsigned | jail_default_allow = JAIL_DEFAULT_ALLOW |
| static int | jail_default_enforce_statfs = JAIL_DEFAULT_ENFORCE_STATFS |
| static int | jail_default_devfs_rsnum = JAIL_DEFAULT_DEVFS_RSNUM |
Macro Definition Documentation
◆ _PR_IP_SADDRSEL
| #define _PR_IP_SADDRSEL 0 |
Definition at line 96 of file kern_jail.c.
◆ JAIL_DEFAULT_ALLOW
| #define JAIL_DEFAULT_ALLOW |
Definition at line 221 of file kern_jail.c.
◆ JAIL_DEFAULT_DEVFS_RSNUM
| #define JAIL_DEFAULT_DEVFS_RSNUM 0 |
Definition at line 226 of file kern_jail.c.
◆ JAIL_DEFAULT_ENFORCE_STATFS
| #define JAIL_DEFAULT_ENFORCE_STATFS 2 |
Definition at line 225 of file kern_jail.c.
◆ PD_DEREF
| #define PD_DEREF 0x01 /* Decrement pr_ref */ |
◆ PD_DEUREF
| #define PD_DEUREF 0x02 /* Decrement pr_uref */ |
◆ PD_KILL
| #define PD_KILL 0x04 /* Remove jail, kill processes, etc */ |
◆ PD_LIST_SLOCKED
| #define PD_LIST_SLOCKED 0x20 /* allprison_lock is held shared */ |
◆ PD_LIST_XLOCKED
| #define PD_LIST_XLOCKED 0x40 /* allprison_lock is held exclusive */ |
◆ PD_LOCK_FLAGS
| #define PD_LOCK_FLAGS 0x70 /* Lock status flags */ |
◆ PD_LOCKED
| #define PD_LOCKED 0x10 /* pr_mtx is held */ |
◆ PD_OP_FLAGS
| #define PD_OP_FLAGS 0x07 /* Operation flags */ |
◆ PRISON0_HOSTUUID_MODULE
| #define PRISON0_HOSTUUID_MODULE "hostuuid" |
Definition at line 80 of file kern_jail.c.
Function Documentation
◆ __FBSDID()
| __FBSDID | ( | "$FreeBSD$" | ) |
◆ do_jail_attach()
|
static |
Definition at line 2583 of file kern_jail.c.
References allprison_lock, change_dir(), cpuset_setproc_update_set(), crcopysafe(), crfree(), crget(), crhold(), kern_psignal(), PD_DEREF, PD_DEUREF, PD_LIST_SLOCKED, PD_LIST_XLOCKED, PD_LOCK_FLAGS, pr, prison_deref(), prison_hold(), prison_isalive(), proc_set_cred(), pwd_chroot_chdir(), and setsugid().
Referenced by kern_jail_set(), and sys_jail_attach().
◆ get_next_prid()
|
static |
Definition at line 2149 of file kern_jail.c.
References allprison.
Referenced by kern_jail_set().
◆ getcreddomainname()
| void getcreddomainname | ( | struct ucred * | cred, |
| char * | buf, | ||
| size_t | size | ||
| ) |
Definition at line 3466 of file kern_jail.c.
References buf.
◆ getcredhostid()
| void getcredhostid | ( | struct ucred * | cred, |
| unsigned long * | hostid | ||
| ) |
Definition at line 3484 of file kern_jail.c.
◆ getcredhostname()
| void getcredhostname | ( | struct ucred * | cred, |
| char * | buf, | ||
| size_t | size | ||
| ) |
Definition at line 3451 of file kern_jail.c.
References buf, pr, and prison0.
Referenced by corefile_open().
◆ getcredhostuuid()
| void getcredhostuuid | ( | struct ucred * | cred, |
| char * | buf, | ||
| size_t | size | ||
| ) |
Definition at line 3475 of file kern_jail.c.
References buf.
◆ getjailname()
| void getjailname | ( | struct ucred * | cred, |
| char * | name, | ||
| size_t | len | ||
| ) |
Definition at line 3493 of file kern_jail.c.
References name.
◆ jailed_without_vnet()
| int jailed_without_vnet | ( | struct ucred * | cred | ) |
Definition at line 3434 of file kern_jail.c.
◆ kern_jail()
| int kern_jail | ( | struct thread * | td, |
| struct jail * | j | ||
| ) |
Definition at line 353 of file kern_jail.c.
References bool_flags::flag, free(), jail_default_allow, jail_default_enforce_statfs, kern_jail_set(), malloc(), bool_flags::name, bool_flags::noname, and pr_flag_allow.
Referenced by sys_jail().
◆ kern_jail_get()
| int kern_jail_get | ( | struct thread * | td, |
| struct uio * | optuio, | ||
| int | flags | ||
| ) |
Definition at line 2232 of file kern_jail.c.
References allprison, allprison_lock, jailsys_flags::disable, bool_flags::flag, flags, name, bool_flags::name, jailsys_flags::name, jailsys_flags::new, bool_flags::noname, PD_DEREF, PD_LIST_SLOCKED, PD_LOCKED, pr, pr_flag_allow, pr_flag_jailsys, prison_deref(), prison_find_child(), prison_find_name(), prison_hold(), prison_isalive(), prison_ischild(), prison_name(), prison_path(), vfs_buildopts(), vfs_copyopt(), vfs_freeopts(), vfs_getopt(), vfs_getopt_pos(), vfs_opterror(), vfs_setopt(), vfs_setopt_part(), and vfs_setopts().
Referenced by sys_jail_get().
◆ kern_jail_set()
| int kern_jail_set | ( | struct thread * | td, |
| struct uio * | optuio, | ||
| int | flags | ||
| ) |
Definition at line 928 of file kern_jail.c.
References _PR_IP_SADDRSEL, allprison, allprison_lock, cpuset_create_root(), created, jailsys_flags::disable, do_jail_attach(), domain, bool_flags::flag, flags, free(), get_next_prid(), JAIL_DEFAULT_ALLOW, jail_default_enforce_statfs, level, malloc(), name, bool_flags::name, jailsys_flags::name, namei(), NDFREE(), jailsys_flags::new, bool_flags::noname, path, PD_DEREF, PD_DEUREF, PD_KILL, PD_LIST_SLOCKED, PD_LIST_XLOCKED, PD_LOCK_FLAGS, PD_LOCKED, pr, pr_flag_allow, pr_flag_jailsys, prison0, prison_complete(), prison_deref(), prison_find_name(), prison_free_not_last(), prison_hold(), prison_isalive(), prison_ischild(), prison_lock_xlock(), prison_name(), prison_proc_hold(), prison_set_allow_locked(), priv_check(), snprintf(), vfs_buildopts(), vfs_copyopt(), vfs_flagopt(), vfs_freeopts(), vfs_getopt(), vfs_getopt_pos(), vfs_opterror(), vn_path_to_global_path(), vput(), vref(), and vrele().
Referenced by kern_jail(), and sys_jail_set().
◆ LIST_HEAD()
| LIST_HEAD | ( | prison_racct | ) |
Definition at line 137 of file kern_jail.c.
◆ MALLOC_DEFINE() [1/2]
| MALLOC_DEFINE | ( | M_PRISON | , |
| "prison" | , | ||
| "Prison structures" | |||
| ) |
◆ MALLOC_DEFINE() [2/2]
|
static |
◆ MTX_SYSINIT()
| MTX_SYSINIT | ( | prison0 | , |
| &prison0. | pr_mtx, | ||
| "jail mutex" | , | ||
| MTX_DEF | |||
| ) |
◆ prison0_init()
| void prison0_init | ( | void | ) |
Definition at line 239 of file kern_jail.c.
References bootverbose, buf, cpuset_ref(), data, preload_fetch_addr(), preload_fetch_size(), preload_search_by_type(), printf(), prison0, PRISON0_HOSTUUID_MODULE, and validate_uuid().
Referenced by proc0_init().
◆ prison_add_allow()
| unsigned prison_add_allow | ( | const char * | prefix, |
| const char * | name, | ||
| const char * | prefix_descr, | ||
| const char * | descr | ||
| ) |
Definition at line 4404 of file kern_jail.c.
References bool_flags::flag, free(), name, bool_flags::name, bool_flags::noname, parent, pr_allow_all, pr_flag_allow, prison0, sysctl_jail_default_allow(), and sysctl_jail_param().
Referenced by prison_add_vfs().
◆ prison_add_vfs()
| void prison_add_vfs | ( | struct vfsconf * | vfsp | ) |
Definition at line 4518 of file kern_jail.c.
References free(), and prison_add_allow().
Referenced by vfs_register().
◆ prison_allow()
| int prison_allow | ( | struct ucred * | cred, |
| unsigned | flag | ||
| ) |
Definition at line 2761 of file kern_jail.c.
References flag.
Referenced by priv_check_cred(), suser_enabled(), sys_quotactl(), sysctl_jail_default_allow(), sysctl_unprivileged_proc_debug(), vfs_domount_first(), and vfs_suser().
◆ prison_canseemount()
| int prison_canseemount | ( | struct ucred * | cred, |
| struct mount * | mp | ||
| ) |
Definition at line 3528 of file kern_jail.c.
References pr.
Referenced by kern_fhstatfs(), kern_getfsstat(), and prison_enforce_statfs().
◆ prison_check()
| int prison_check | ( | struct ucred * | cred1, |
| struct ucred * | cred2 | ||
| ) |
Definition at line 3378 of file kern_jail.c.
References prison_ischild().
Referenced by cr_cansee(), cr_canseesocket(), cr_cansignal(), p_candebug(), p_cansched(), p_canwait(), and vfs_suser().
◆ prison_check_af()
| int prison_check_af | ( | struct ucred * | cred, |
| int | af | ||
| ) |
Definition at line 3274 of file kern_jail.c.
References pr.
Referenced by socreate().
◆ prison_complete()
|
static |
Definition at line 2924 of file kern_jail.c.
References PD_DEREF, PD_DEUREF, pr, prison_deref(), and prison_lock_xlock().
Referenced by kern_jail_set().
◆ prison_deref()
|
static |
Definition at line 2950 of file kern_jail.c.
References allprison, allprison_lock, allproc_lock, cpuset_rel(), flags, free(), kern_psignal(), PD_DEREF, PD_DEUREF, PD_KILL, PD_LIST_SLOCKED, PD_LIST_XLOCKED, PD_LOCKED, pr, prison0, prison_deref_kill(), prison_hold(), prison_lock_xlock(), and vrele().
Referenced by do_jail_attach(), kern_jail_get(), kern_jail_set(), prison_complete(), and sys_jail_remove().
◆ prison_deref_kill()
|
static |
Definition at line 3119 of file kern_jail.c.
References allprison, pr, prison_free_not_last(), prison_hold(), prison_isalive(), prison_proc_free_not_last(), and prison_proc_hold().
Referenced by prison_deref().
◆ prison_enforce_statfs()
| void prison_enforce_statfs | ( | struct ucred * | cred, |
| struct mount * | mp, | ||
| struct statfs * | sp | ||
| ) |
Definition at line 3563 of file kern_jail.c.
References pr, and prison_canseemount().
Referenced by kern_do_statfs(), and kern_getfsstat().
◆ prison_find()
| struct prison * prison_find | ( | int | prid | ) |
Definition at line 2679 of file kern_jail.c.
References allprison, allprison_lock, pr, and prison_isvalid().
◆ prison_find_child()
| struct prison * prison_find_child | ( | struct prison * | mypr, |
| int | prid | ||
| ) |
Definition at line 2700 of file kern_jail.c.
References allprison_lock, pr, and prison_isvalid().
Referenced by cpuset_which(), kern_jail_get(), sys_jail_attach(), and sys_jail_remove().
◆ prison_find_name()
| struct prison * prison_find_name | ( | struct prison * | mypr, |
| const char * | name | ||
| ) |
Definition at line 2721 of file kern_jail.c.
References allprison_lock, name, pr, prison0, prison_isalive(), and prison_isvalid().
Referenced by kern_jail_get(), and kern_jail_set().
◆ prison_flag()
| int prison_flag | ( | struct ucred * | cred, |
| unsigned | flag | ||
| ) |
Definition at line 2754 of file kern_jail.c.
References flag.
◆ prison_free()
| void prison_free | ( | struct prison * | pr | ) |
Definition at line 2813 of file kern_jail.c.
References pr, and taskqueue_enqueue().
Referenced by crfree_final(), and prison_free_locked().
◆ prison_free_locked()
| void prison_free_locked | ( | struct prison * | pr | ) |
Definition at line 2800 of file kern_jail.c.
References pr, and prison_free().
◆ prison_free_not_last()
|
static |
Definition at line 2829 of file kern_jail.c.
References pr.
Referenced by kern_jail_set(), and prison_deref_kill().
◆ prison_hold()
| void prison_hold | ( | struct prison * | pr | ) |
Definition at line 2783 of file kern_jail.c.
References pr.
Referenced by crcopy(), do_jail_attach(), kern_jail_get(), kern_jail_set(), prison_deref(), prison_deref_kill(), prison_hold_locked(), prison_proc_free(), and vfs_hang_addrlist().
◆ prison_hold_locked()
| void prison_hold_locked | ( | struct prison * | pr | ) |
Definition at line 2775 of file kern_jail.c.
References pr, and prison_hold().
◆ prison_if()
| int prison_if | ( | struct ucred * | cred, |
| const struct sockaddr * | sa | ||
| ) |
Definition at line 3334 of file kern_jail.c.
◆ prison_isalive()
| bool prison_isalive | ( | const struct prison * | pr | ) |
Definition at line 3403 of file kern_jail.c.
References pr.
Referenced by do_jail_attach(), fork_return(), kern_jail_get(), kern_jail_set(), prison_deref_kill(), prison_find_name(), sys_jail_attach(), and sys_jail_remove().
◆ prison_ischild()
| int prison_ischild | ( | struct prison * | pr1, |
| struct prison * | pr2 | ||
| ) |
Definition at line 3389 of file kern_jail.c.
Referenced by kern_jail_get(), kern_jail_set(), msq_prison_cansee(), prison_check(), prison_name(), sem_prison_cansee(), and shm_prison_cansee().
◆ prison_isvalid()
| bool prison_isvalid | ( | struct prison * | pr | ) |
Definition at line 3419 of file kern_jail.c.
References pr.
Referenced by prison_find(), prison_find_child(), and prison_find_name().
◆ prison_lock_xlock()
|
static |
Definition at line 3205 of file kern_jail.c.
References allprison_lock, flags, PD_LIST_SLOCKED, PD_LIST_XLOCKED, PD_LOCKED, and pr.
Referenced by kern_jail_set(), prison_complete(), and prison_deref().
◆ prison_name()
| char * prison_name | ( | struct prison * | pr1, |
| struct prison * | pr2 | ||
| ) |
Definition at line 3985 of file kern_jail.c.
References name, prison0, and prison_ischild().
Referenced by kern_jail_get(), kern_jail_set(), and sysctl_jail_list().
◆ prison_path()
|
static |
Definition at line 4010 of file kern_jail.c.
Referenced by kern_jail_get(), and sysctl_jail_list().
◆ prison_priv_check()
| int prison_priv_check | ( | struct ucred * | cred, |
| int | priv | ||
| ) |
Definition at line 3613 of file kern_jail.c.
References pr.
Referenced by priv_check_cred().
◆ prison_proc_free()
| void prison_proc_free | ( | struct prison * | pr | ) |
Definition at line 2874 of file kern_jail.c.
References pr, prison_hold(), and taskqueue_enqueue().
Referenced by exit1().
◆ prison_proc_free_not_last()
|
static |
Definition at line 2903 of file kern_jail.c.
References pr.
Referenced by prison_deref_kill().
◆ prison_proc_hold()
| void prison_proc_hold | ( | struct prison * | pr | ) |
Definition at line 2856 of file kern_jail.c.
References pr.
Referenced by do_fork(), kern_jail_set(), and prison_deref_kill().
◆ prison_set_allow()
| void prison_set_allow | ( | struct ucred * | cred, |
| unsigned | flag, | ||
| int | enable | ||
| ) |
Definition at line 3240 of file kern_jail.c.
References allprison_lock, flag, pr, and prison_set_allow_locked().
Referenced by sysctl_kern_suser_enabled(), and sysctl_unprivileged_proc_debug().
◆ prison_set_allow_locked()
|
static |
Definition at line 3253 of file kern_jail.c.
Referenced by kern_jail_set(), and prison_set_allow().
◆ SX_SYSINIT()
| SX_SYSINIT | ( | allprison_lock | , |
| & | allprison_lock, | ||
| "allprison" | |||
| ) |
◆ sys_jail()
| int sys_jail | ( | struct thread * | td, |
| struct jail_args * | uap | ||
| ) |
Definition at line 304 of file kern_jail.c.
References kern_jail().
◆ sys_jail_attach()
| int sys_jail_attach | ( | struct thread * | td, |
| struct jail_attach_args * | uap | ||
| ) |
Definition at line 2556 of file kern_jail.c.
References allprison_lock, do_jail_attach(), PD_LIST_SLOCKED, PD_LOCKED, pr, prison_find_child(), prison_isalive(), and priv_check().
◆ sys_jail_get()
| int sys_jail_get | ( | struct thread * | td, |
| struct jail_get_args * | uap | ||
| ) |
Definition at line 2211 of file kern_jail.c.
References copyinuio(), free(), and kern_jail_get().
◆ sys_jail_remove()
| int sys_jail_remove | ( | struct thread * | td, |
| struct jail_remove_args * | uap | ||
| ) |
Definition at line 2525 of file kern_jail.c.
References allprison_lock, PD_KILL, PD_LIST_XLOCKED, PD_LOCKED, pr, prison_deref(), prison_find_child(), prison_isalive(), and priv_check().
◆ sys_jail_set()
| int sys_jail_set | ( | struct thread * | td, |
| struct jail_set_args * | uap | ||
| ) |
Definition at line 518 of file kern_jail.c.
References copyinuio(), free(), and kern_jail_set().
◆ sysctl_jail_default_allow()
|
static |
Definition at line 4183 of file kern_jail.c.
References jail_default_allow, prison0, prison_allow(), and sysctl_handle_int().
Referenced by prison_add_allow().
◆ sysctl_jail_default_level()
|
static |
Definition at line 4239 of file kern_jail.c.
References level, pr, prison0, and sysctl_handle_int().
◆ sysctl_jail_jailed()
|
static |
Definition at line 4137 of file kern_jail.c.
◆ sysctl_jail_list()
|
static |
Definition at line 4061 of file kern_jail.c.
References allprison_lock, free(), malloc(), pr, prison_name(), and prison_path().
◆ SYSCTL_JAIL_PARAM() [1/24]
| SYSCTL_JAIL_PARAM | ( | devfs_ruleset | , |
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "I" | , | ||
| "Ruleset for in-jail devfs mounts" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [2/24]
| SYSCTL_JAIL_PARAM | ( | dying | , |
| CTLTYPE_INT| | CTLFLAG_RD, | ||
| "B" | , | ||
| "Jail is in the process of shutting down" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [3/24]
| SYSCTL_JAIL_PARAM | ( | enforce_statfs | , |
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "I" | , | ||
| "Jail cannot see all mounted file systems" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [4/24]
| SYSCTL_JAIL_PARAM | ( | jid | , |
| CTLTYPE_INT| | CTLFLAG_RDTUN, | ||
| "I" | , | ||
| "Jail ID" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [5/24]
| SYSCTL_JAIL_PARAM | ( | osreldate | , |
| CTLTYPE_INT| | CTLFLAG_RDTUN, | ||
| "I" | , | ||
| "Jail value for kern.osreldate and uname -K" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [6/24]
◆ SYSCTL_JAIL_PARAM() [7/24]
| SYSCTL_JAIL_PARAM | ( | persist | , |
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail persistence" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [8/24]
| SYSCTL_JAIL_PARAM | ( | securelevel | , |
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "I" | , | ||
| "Jail secure level" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [9/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| chflags | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may alter system file flags" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [10/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| mlock | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may lock (unlock) physical pages in memory" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [11/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| quotas | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may set file quotas" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [12/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| raw_sockets | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may create raw sockets" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [13/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| read_msgbuf | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may read the kernel message buffer" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [14/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| reserved_ports | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may bind sockets to reserved ports" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [15/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| set_hostname | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may set hostname" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [16/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| socket_af | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may create sockets other than just UNIX/IPv4/IPv6/route" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [17/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| suser | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Processes in jail with uid 0 have privilege" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [18/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| sysvipc | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may use SYSV IPC" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [19/24]
| SYSCTL_JAIL_PARAM | ( | _allow | , |
| unprivileged_proc_debug | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Unprivileged processes may use process debugging facilities" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [20/24]
| SYSCTL_JAIL_PARAM | ( | _allow_mount | , |
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "B" | , | ||
| "Jail may mount/unmount jail-friendly file systems in general" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [21/24]
| SYSCTL_JAIL_PARAM | ( | _children | , |
| cur | , | ||
| CTLTYPE_INT| | CTLFLAG_RD, | ||
| "I" | , | ||
| "Current number of child jails" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [22/24]
| SYSCTL_JAIL_PARAM | ( | _children | , |
| max | , | ||
| CTLTYPE_INT| | CTLFLAG_RW, | ||
| "I" | , | ||
| "Maximum number of child jails" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [23/24]
| SYSCTL_JAIL_PARAM | ( | _cpuset | , |
| id | , | ||
| CTLTYPE_INT| | CTLFLAG_RD, | ||
| "I" | , | ||
| "Jail cpuset ID" | |||
| ) |
◆ SYSCTL_JAIL_PARAM() [24/24]
| SYSCTL_JAIL_PARAM | ( | _host | , |
| hostid | , | ||
| CTLTYPE_ULONG| | CTLFLAG_RW, | ||
| "LU" | , | ||
| "Jail host ID" | |||
| ) |
◆ sysctl_jail_param()
| int sysctl_jail_param | ( | SYSCTL_HANDLER_ARGS | ) |
Definition at line 4274 of file kern_jail.c.
References snprintf(), and sysctl_handle_string().
Referenced by prison_add_allow().
◆ SYSCTL_JAIL_PARAM_NODE() [1/3]
| SYSCTL_JAIL_PARAM_NODE | ( | allow | , |
| "Jail permission flags" | |||
| ) |
◆ SYSCTL_JAIL_PARAM_NODE() [2/3]
| SYSCTL_JAIL_PARAM_NODE | ( | children | , |
| "Number of child jails" | |||
| ) |
◆ SYSCTL_JAIL_PARAM_NODE() [3/3]
| SYSCTL_JAIL_PARAM_NODE | ( | cpuset | , |
| "Jail cpuset" | |||
| ) |
◆ SYSCTL_JAIL_PARAM_STRING() [1/6]
◆ SYSCTL_JAIL_PARAM_STRING() [2/6]
| SYSCTL_JAIL_PARAM_STRING | ( | osrelease | , |
| CTLFLAG_RDTUN | , | ||
| OSRELEASELEN | , | ||
| "Jail value for kern.osrelease and uname -r" | |||
| ) |
◆ SYSCTL_JAIL_PARAM_STRING() [3/6]
◆ SYSCTL_JAIL_PARAM_STRING() [4/6]
| SYSCTL_JAIL_PARAM_STRING | ( | _host | , |
| domainname | , | ||
| CTLFLAG_RW | , | ||
| MAXHOSTNAMELEN | , | ||
| "Jail NIS domainname" | |||
| ) |
◆ SYSCTL_JAIL_PARAM_STRING() [5/6]
| SYSCTL_JAIL_PARAM_STRING | ( | _host | , |
| hostname | , | ||
| CTLFLAG_RW | , | ||
| MAXHOSTNAMELEN | , | ||
| "Jail hostname" | |||
| ) |
◆ SYSCTL_JAIL_PARAM_STRING() [6/6]
| SYSCTL_JAIL_PARAM_STRING | ( | _host | , |
| hostuuid | , | ||
| CTLFLAG_RW | , | ||
| HOSTUUIDLEN | , | ||
| "Jail host UUID" | |||
| ) |
◆ SYSCTL_JAIL_PARAM_SUBNODE()
| SYSCTL_JAIL_PARAM_SUBNODE | ( | allow | , |
| mount | , | ||
| "Jail mount/unmount permission flags" | |||
| ) |
◆ SYSCTL_JAIL_PARAM_SYS_NODE()
| SYSCTL_JAIL_PARAM_SYS_NODE | ( | host | , |
| CTLFLAG_RW | , | ||
| "Jail host info" | |||
| ) |
◆ sysctl_jail_vnet()
|
static |
Definition at line 4152 of file kern_jail.c.
◆ SYSCTL_NODE() [1/2]
|
static |
◆ SYSCTL_NODE() [2/2]
| SYSCTL_NODE | ( | _security_jail | , |
| OID_AUTO | , | ||
| param | , | ||
| CTLFLAG_RW| | CTLFLAG_MPSAFE, | ||
| 0 | , | ||
| "Jail parameters" | |||
| ) |
◆ SYSCTL_OID()
| SYSCTL_OID | ( | _security_jail | , |
| OID_AUTO | , | ||
| list | , | ||
| CTLTYPE_STRUCT|CTLFLAG_RD| | CTLFLAG_MPSAFE, | ||
| NULL | , | ||
| 0 | , | ||
| sysctl_jail_list | , | ||
| "S" | , | ||
| "List of active jails" | |||
| ) |
◆ SYSCTL_PROC() [1/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| allow_raw_sockets | , | ||
| CTLTYPE_INT|CTLFLAG_RW| | CTLFLAG_MPSAFE, | ||
| NULL | , | ||
| PR_ALLOW_RAW_SOCKETS | , | ||
| sysctl_jail_default_allow | , | ||
| "I" | , | ||
| "Prison root can create raw sockets (deprecated)" | |||
| ) |
◆ SYSCTL_PROC() [2/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| chflags_allowed | , | ||
| CTLTYPE_INT|CTLFLAG_RW| | CTLFLAG_MPSAFE, | ||
| NULL | , | ||
| PR_ALLOW_CHFLAGS | , | ||
| sysctl_jail_default_allow | , | ||
| "I" | , | ||
| "Processes in jail can alter system file flags (deprecated)" | |||
| ) |
◆ SYSCTL_PROC() [3/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| devfs_ruleset | , | ||
| CTLTYPE_INT|CTLFLAG_RD| | CTLFLAG_MPSAFE, | ||
| & | jail_default_devfs_rsnum, | ||
| offsetof(struct prison, pr_devfs_rsnum) | , | ||
| sysctl_jail_default_level | , | ||
| "I" | , | ||
| "Ruleset for the devfs filesystem in jail (deprecated)" | |||
| ) |
◆ SYSCTL_PROC() [4/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| enforce_statfs | , | ||
| CTLTYPE_INT|CTLFLAG_RW| | CTLFLAG_MPSAFE, | ||
| & | jail_default_enforce_statfs, | ||
| offsetof(struct prison, pr_enforce_statfs) | , | ||
| sysctl_jail_default_level | , | ||
| "I" | , | ||
| "Processes in jail cannot see all mounted file systems (deprecated)" | |||
| ) |
◆ SYSCTL_PROC() [5/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| jailed | , | ||
| CTLTYPE_INT|CTLFLAG_RD| | CTLFLAG_MPSAFE, | ||
| NULL | , | ||
| 0 | , | ||
| sysctl_jail_jailed | , | ||
| "I" | , | ||
| "Process in jail?" | |||
| ) |
◆ SYSCTL_PROC() [6/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| mount_allowed | , | ||
| CTLTYPE_INT|CTLFLAG_RW| | CTLFLAG_MPSAFE, | ||
| NULL | , | ||
| PR_ALLOW_MOUNT | , | ||
| sysctl_jail_default_allow | , | ||
| "I" | , | ||
| "Processes in jail can mount/unmount jail-friendly file systems (deprecated)" | |||
| ) |
◆ SYSCTL_PROC() [7/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| set_hostname_allowed | , | ||
| CTLTYPE_INT|CTLFLAG_RW| | CTLFLAG_MPSAFE, | ||
| NULL | , | ||
| PR_ALLOW_SET_HOSTNAME | , | ||
| sysctl_jail_default_allow | , | ||
| "I" | , | ||
| "Processes in jail can set their hostnames (deprecated)" | |||
| ) |
◆ SYSCTL_PROC() [8/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| socket_unixiproute_only | , | ||
| CTLTYPE_INT|CTLFLAG_RW| | CTLFLAG_MPSAFE, | ||
| (void *) | 1, | ||
| PR_ALLOW_SOCKET_AF | , | ||
| sysctl_jail_default_allow | , | ||
| "I" | , | ||
| "Processes in jail are limited to creating UNIX/IP/route sockets only (deprecated)" | |||
| ) |
◆ SYSCTL_PROC() [9/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| sysvipc_allowed | , | ||
| CTLTYPE_INT|CTLFLAG_RW| | CTLFLAG_MPSAFE, | ||
| NULL | , | ||
| PR_ALLOW_SYSVIPC | , | ||
| sysctl_jail_default_allow | , | ||
| "I" | , | ||
| "Processes in jail can use System V IPC primitives (deprecated)" | |||
| ) |
◆ SYSCTL_PROC() [10/10]
| SYSCTL_PROC | ( | _security_jail | , |
| OID_AUTO | , | ||
| vnet | , | ||
| CTLTYPE_INT|CTLFLAG_RD| | CTLFLAG_MPSAFE, | ||
| NULL | , | ||
| 0 | , | ||
| sysctl_jail_vnet | , | ||
| "I" | , | ||
| "Jail owns vnet?" | |||
| ) |
Variable Documentation
◆ allprison
| struct prisonlist allprison = TAILQ_HEAD_INITIALIZER(allprison) |
Definition at line 136 of file kern_jail.c.
Referenced by get_next_prid(), kern_jail_get(), kern_jail_set(), mountcheckdirs(), mqfs_prison_remove(), msginit(), prison_deref(), prison_deref_kill(), prison_find(), seminit(), and shminit().
◆ allprison_lock
| struct sx allprison_lock |
Definition at line 134 of file kern_jail.c.
Referenced by cpuset_which(), do_jail_attach(), kern_jail_get(), kern_jail_set(), mountcheckdirs(), msginit(), prison_deref(), prison_find(), prison_find_child(), prison_find_name(), prison_lock_xlock(), prison_set_allow(), seminit(), shminit(), sys_jail_attach(), sys_jail_remove(), sysctl_hostid(), sysctl_hostname(), sysctl_jail_list(), and sysctl_kern_securelvl().
◆ jail_default_allow
|
static |
Definition at line 227 of file kern_jail.c.
Referenced by kern_jail(), and sysctl_jail_default_allow().
◆ jail_default_devfs_rsnum
|
static |
Definition at line 229 of file kern_jail.c.
◆ jail_default_enforce_statfs
|
static |
Definition at line 228 of file kern_jail.c.
Referenced by kern_jail(), and kern_jail_set().
◆ pr_allow_all
|
static |
Definition at line 218 of file kern_jail.c.
Referenced by prison_add_allow().
◆ pr_flag_allow
|
static |
Definition at line 202 of file kern_jail.c.
Referenced by kern_jail(), kern_jail_get(), kern_jail_set(), and prison_add_allow().
◆ pr_flag_allow_size
| const size_t pr_flag_allow_size = sizeof(pr_flag_allow) |
Definition at line 219 of file kern_jail.c.
◆ pr_flag_bool_size
| const size_t pr_flag_bool_size = sizeof(pr_flag_bool) |
Definition at line 181 of file kern_jail.c.
◆ pr_flag_jailsys
|
static |
Definition at line 183 of file kern_jail.c.
Referenced by kern_jail_get(), and kern_jail_set().
◆ pr_flag_jailsys_size
| const size_t pr_flag_jailsys_size = sizeof(pr_flag_jailsys) |
Definition at line 195 of file kern_jail.c.
◆ prison0
| struct prison prison0 |
Definition at line 101 of file kern_jail.c.
Referenced by dump_init_header(), getcredhostname(), kern_jail_set(), linker_file_unload(), linker_load_file(), mountcheckdirs(), msginit(), prison0_init(), prison_add_allow(), prison_deref(), prison_find_name(), prison_name(), proc0_init(), seminit(), shminit(), sysctl_jail_default_allow(), sysctl_jail_default_level(), vfs_hang_addrlist(), and vfs_mountroot().
