diff options
| author | rwatson <rwatson@FreeBSD.org> | 2001-02-21 06:39:57 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2001-02-21 06:39:57 +0000 |
| commit | ab5676fc870d2d819cf41120313443182db079cf (patch) | |
| tree | 3ed13007d645ee25bab52d52b6aba08f7f0bcf1e /sys/compat | |
| parent | 17bdecb1829f632354d48f743f10ff707edded9c (diff) | |
| download | FreeBSD-src-ab5676fc870d2d819cf41120313443182db079cf.zip FreeBSD-src-ab5676fc870d2d819cf41120313443182db079cf.tar.gz | |
o Move per-process jail pointer (p->pr_prison) to inside of the subject
credential structure, ucred (cr->cr_prison).
o Allow jail inheritence to be a function of credential inheritence.
o Abstract prison structure reference counting behind pr_hold() and
pr_free(), invoked by the similarly named credential reference
management functions, removing this code from per-ABI fork/exit code.
o Modify various jail() functions to use struct ucred arguments instead
of struct proc arguments.
o Introduce jailed() function to determine if a credential is jailed,
rather than directly checking pointers all over the place.
o Convert PRISON_CHECK() macro to prison_check() function.
o Move jail() function prototypes to jail.h.
o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the
flag in the process flags field itself.
o Eliminate that "const" qualifier from suser/p_can/etc to reflect
mutex use.
Notes:
o Some further cleanup of the linux/jail code is still required.
o It's now possible to consider resolving some of the process vs
credential based permission checking confusion in the socket code.
o Mutex protection of struct prison is still not present, and is
required to protect the reference count plus some fields in the
structure.
Reviewed by: freebsd-arch
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/compat')
| -rw-r--r-- | sys/compat/linprocfs/linprocfs.c | 2 | ||||
| -rw-r--r-- | sys/compat/linprocfs/linprocfs_misc.c | 2 | ||||
| -rw-r--r-- | sys/compat/linux/linux_mib.c | 11 | ||||
| -rw-r--r-- | sys/compat/svr4/svr4_misc.c | 9 |
4 files changed, 8 insertions, 16 deletions
diff --git a/sys/compat/linprocfs/linprocfs.c b/sys/compat/linprocfs/linprocfs.c index 749d16a..8ba6c41 100644 --- a/sys/compat/linprocfs/linprocfs.c +++ b/sys/compat/linprocfs/linprocfs.c @@ -44,7 +44,6 @@ #include <sys/param.h> #include <sys/blist.h> #include <sys/dkstat.h> -#include <sys/jail.h> #include <sys/kernel.h> #include <sys/proc.h> #include <sys/resourcevar.h> @@ -52,6 +51,7 @@ #include <sys/systm.h> #include <sys/tty.h> #include <sys/vnode.h> +#include <sys/jail.h> #include <vm/vm.h> #include <vm/pmap.h> diff --git a/sys/compat/linprocfs/linprocfs_misc.c b/sys/compat/linprocfs/linprocfs_misc.c index 749d16a..8ba6c41 100644 --- a/sys/compat/linprocfs/linprocfs_misc.c +++ b/sys/compat/linprocfs/linprocfs_misc.c @@ -44,7 +44,6 @@ #include <sys/param.h> #include <sys/blist.h> #include <sys/dkstat.h> -#include <sys/jail.h> #include <sys/kernel.h> #include <sys/proc.h> #include <sys/resourcevar.h> @@ -52,6 +51,7 @@ #include <sys/systm.h> #include <sys/tty.h> #include <sys/vnode.h> +#include <sys/jail.h> #include <vm/vm.h> #include <vm/pmap.h> diff --git a/sys/compat/linux/linux_mib.c b/sys/compat/linux/linux_mib.c index 8482dd9..35d4a25 100644 --- a/sys/compat/linux/linux_mib.c +++ b/sys/compat/linux/linux_mib.c @@ -117,10 +117,11 @@ get_prison(struct proc *p) register struct prison *pr; register struct linux_prison *lpr; - pr = p->p_prison; - if (pr == NULL) + if (!jailed(p->p_ucred)) return (NULL); + pr = p->p_ucred->cr_prison; + if (pr->pr_linux == NULL) { MALLOC(lpr, struct linux_prison *, sizeof *lpr, M_PRISON, M_WAITOK|M_ZERO); @@ -137,7 +138,7 @@ linux_get_osname(p) register struct prison *pr; register struct linux_prison *lpr; - pr = p->p_prison; + pr = p->p_ucred->cr_prison; if (pr != NULL && pr->pr_linux != NULL) { lpr = pr->pr_linux; if (lpr->pr_osname[0]) @@ -170,7 +171,7 @@ linux_get_osrelease(p) register struct prison *pr; register struct linux_prison *lpr; - pr = p->p_prison; + pr = p->p_ucred->cr_prison; if (pr != NULL && pr->pr_linux != NULL) { lpr = pr->pr_linux; if (lpr->pr_osrelease[0]) @@ -203,7 +204,7 @@ linux_get_oss_version(p) register struct prison *pr; register struct linux_prison *lpr; - pr = p->p_prison; + pr = p->p_ucred->cr_prison; if (pr != NULL && pr->pr_linux != NULL) { lpr = pr->pr_linux; if (lpr->pr_oss_version) diff --git a/sys/compat/svr4/svr4_misc.c b/sys/compat/svr4/svr4_misc.c index 680109b..3d40681 100644 --- a/sys/compat/svr4/svr4_misc.c +++ b/sys/compat/svr4/svr4_misc.c @@ -1299,15 +1299,6 @@ loop: q->p_cred = NULL; } - /* - * Destroy empty prisons - */ - if (q->p_prison && !--q->p_prison->pr_ref) { - if (q->p_prison->pr_linux != NULL) - FREE(q->p_prison->pr_linux, M_PRISON); - FREE(q->p_prison, M_PRISON); - } - /* * Remove unused arguments */ |
