diff options
| author | jamie <jamie@FreeBSD.org> | 2009-07-25 14:48:57 +0000 |
|---|---|---|
| committer | jamie <jamie@FreeBSD.org> | 2009-07-25 14:48:57 +0000 |
| commit | 274ea197bb2f446e42dd6f17d5046b348d26d82d (patch) | |
| tree | e2f5557445f7151dc18cefe88f9b884b83f55993 /sys/compat | |
| parent | 0888b985acf99a673549ca79a753e47d3e98fe9a (diff) | |
| download | FreeBSD-src-274ea197bb2f446e42dd6f17d5046b348d26d82d.zip FreeBSD-src-274ea197bb2f446e42dd6f17d5046b348d26d82d.tar.gz | |
Some jail parameters (in particular, "ip4" and "ip6" for IP address
restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.
Approved by: re (kib), bz (mentor)
Discussed with: rwatson
Diffstat (limited to 'sys/compat')
| -rw-r--r-- | sys/compat/linux/linux_mib.c | 78 |
1 files changed, 43 insertions, 35 deletions
diff --git a/sys/compat/linux/linux_mib.c b/sys/compat/linux/linux_mib.c index 58af9c5..5e770f6 100644 --- a/sys/compat/linux/linux_mib.c +++ b/sys/compat/linux/linux_mib.c @@ -237,12 +237,14 @@ linux_prison_create(void *obj, void *data) { struct prison *pr = obj; struct vfsoptlist *opts = data; + int jsys; - if (vfs_flagopt(opts, "nolinux", NULL, 0)) + if (vfs_copyopt(opts, "linux", &jsys, sizeof(jsys)) == 0 && + jsys == JAIL_SYS_INHERIT) return (0); /* * Inherit a prison's initial values from its parent - * (different from NULL which also inherits changes). + * (different from JAIL_SYS_INHERIT which also inherits changes). */ return linux_alloc_prison(pr, NULL); } @@ -252,11 +254,16 @@ linux_prison_check(void *obj __unused, void *data) { struct vfsoptlist *opts = data; char *osname, *osrelease; - int error, len, osrel, oss_version; + int error, jsys, len, osrel, oss_version; /* Check that the parameters are correct. */ - (void)vfs_flagopt(opts, "linux", NULL, 0); - (void)vfs_flagopt(opts, "nolinux", NULL, 0); + error = vfs_copyopt(opts, "linux", &jsys, sizeof(jsys)); + if (error != ENOENT) { + if (error != 0) + return (error); + if (jsys != JAIL_SYS_NEW && jsys != JAIL_SYS_INHERIT) + return (EINVAL); + } error = vfs_getopt(opts, "linux.osname", (void **)&osname, &len); if (error != ENOENT) { if (error != 0) @@ -296,33 +303,40 @@ linux_prison_set(void *obj, void *data) struct prison *pr = obj; struct vfsoptlist *opts = data; char *osname, *osrelease; - int error, gotversion, len, nolinux, oss_version, yeslinux; + int error, gotversion, jsys, len, oss_version; /* Set the parameters, which should be correct. */ - yeslinux = vfs_flagopt(opts, "linux", NULL, 0); - nolinux = vfs_flagopt(opts, "nolinux", NULL, 0); + error = vfs_copyopt(opts, "linux", &jsys, sizeof(jsys)); + if (error == ENOENT) + jsys = -1; error = vfs_getopt(opts, "linux.osname", (void **)&osname, &len); if (error == ENOENT) osname = NULL; else - yeslinux = 1; + jsys = JAIL_SYS_NEW; error = vfs_getopt(opts, "linux.osrelease", (void **)&osrelease, &len); if (error == ENOENT) osrelease = NULL; else - yeslinux = 1; + jsys = JAIL_SYS_NEW; error = vfs_copyopt(opts, "linux.oss_version", &oss_version, sizeof(oss_version)); - gotversion = (error == 0); - yeslinux |= gotversion; - if (nolinux) { - /* "nolinux": inherit the parent's Linux info. */ + if (error == ENOENT) + gotversion = 0; + else { + gotversion = 1; + jsys = JAIL_SYS_NEW; + } + switch (jsys) { + case JAIL_SYS_INHERIT: + /* "linux=inherit": inherit the parent's Linux info. */ mtx_lock(&pr->pr_mtx); osd_jail_del(pr, linux_osd_jail_slot); mtx_unlock(&pr->pr_mtx); - } else if (yeslinux) { + break; + case JAIL_SYS_NEW: /* - * "linux" or "linux.*": + * "linux=new" or "linux.*": * the prison gets its own Linux info. */ error = linux_alloc_prison(pr, &lpr); @@ -348,9 +362,7 @@ linux_prison_set(void *obj, void *data) return (0); } -SYSCTL_JAIL_PARAM_NODE(linux, "Jail Linux parameters"); -SYSCTL_JAIL_PARAM(, nolinux, CTLTYPE_INT | CTLFLAG_RW, - "BN", "Jail w/ no Linux parameters"); +SYSCTL_JAIL_PARAM_SYS_NODE(linux, CTLFLAG_RW, "Jail Linux parameters"); SYSCTL_JAIL_PARAM_STRING(_linux, osname, CTLFLAG_RW, LINUX_MAX_UTSNAME, "Jail Linux kernel OS name"); SYSCTL_JAIL_PARAM_STRING(_linux, osrelease, CTLFLAG_RW, LINUX_MAX_UTSNAME, @@ -371,15 +383,22 @@ linux_prison_get(void *obj, void *data) /* See if this prison is the one with the Linux info. */ lpr = linux_find_prison(pr, &ppr); - i = (ppr == pr); + i = (ppr == pr) ? JAIL_SYS_NEW : JAIL_SYS_INHERIT; error = vfs_setopt(opts, "linux", &i, sizeof(i)); if (error != 0 && error != ENOENT) goto done; - i = !i; - error = vfs_setopt(opts, "nolinux", &i, sizeof(i)); - if (error != 0 && error != ENOENT) - goto done; if (i) { + error = vfs_setopts(opts, "linux.osname", lpr->pr_osname); + if (error != 0 && error != ENOENT) + goto done; + error = vfs_setopts(opts, "linux.osrelease", lpr->pr_osrelease); + if (error != 0 && error != ENOENT) + goto done; + error = vfs_setopt(opts, "linux.oss_version", + &lpr->pr_oss_version, sizeof(lpr->pr_oss_version)); + if (error != 0 && error != ENOENT) + goto done; + } else { /* * If this prison is inheriting its Linux info, report * empty/zero parameters. @@ -394,17 +413,6 @@ linux_prison_get(void *obj, void *data) sizeof(lpr->pr_oss_version)); if (error != 0 && error != ENOENT) goto done; - } else { - error = vfs_setopts(opts, "linux.osname", lpr->pr_osname); - if (error != 0 && error != ENOENT) - goto done; - error = vfs_setopts(opts, "linux.osrelease", lpr->pr_osrelease); - if (error != 0 && error != ENOENT) - goto done; - error = vfs_setopt(opts, "linux.oss_version", - &lpr->pr_oss_version, sizeof(lpr->pr_oss_version)); - if (error != 0 && error != ENOENT) - goto done; } error = 0; |
