diff options
| author | zec <zec@FreeBSD.org> | 2009-05-08 14:11:06 +0000 |
|---|---|---|
| committer | zec <zec@FreeBSD.org> | 2009-05-08 14:11:06 +0000 |
| commit | 639797b2e609797fdaf2c8e88b9203bfc7c70b7e (patch) | |
| tree | 070fe9c96176ed914dfefc12a45fea29b98c4122 /sys/kern/kern_jail.c | |
| parent | f851007175f37de5aec0c77eb852e3444150e653 (diff) | |
| download | FreeBSD-src-639797b2e609797fdaf2c8e88b9203bfc7c70b7e.zip FreeBSD-src-639797b2e609797fdaf2c8e88b9203bfc7c70b7e.tar.gz | |
Introduce a new virtualization container, provisionally named vprocg, to hold
virtualized instances of hostname and domainname, as well as a new top-level
virtualization struct vimage, which holds pointers to struct vnet and struct
vprocg. Struct vprocg is likely to become replaced in the near future with
a new jail management API import.
As a consequence of this change, change struct ucred to point to a struct
vimage, instead of directly pointing to a vnet.
Merge vnet / vimage / ucred refcounting infrastructure from p4 / vimage
branch.
Permit kldload / kldunload operations to be executed only from the default
vimage context.
This change should have no functional impact on nooptions VIMAGE kernel
builds.
Reviewed by: bz
Approved by: julian (mentor)
Diffstat (limited to 'sys/kern/kern_jail.c')
| -rw-r--r-- | sys/kern/kern_jail.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 069f1f0..3bc5c10 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -2218,6 +2218,10 @@ prison_check(struct ucred *cred1, struct ucred *cred2) if (cred2->cr_prison != cred1->cr_prison) return (ESRCH); } +#ifdef VIMAGE + if (cred2->cr_vimage->v_procg != cred1->cr_vimage->v_procg) + return (ESRCH); +#endif return (0); } |
