diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-12-03 16:12:27 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-12-03 16:12:27 +0000 |
commit | b5de44291122e0fc2bf68540749f66b3992d3ea2 (patch) | |
tree | 8f9d530e63e21e0286cad851a18efd4acdd6bd28 /sys/kern/kern_jail.c | |
parent | c55fbd48a87bd450592bb317754a6bf3961674ff (diff) | |
download | FreeBSD-src-b5de44291122e0fc2bf68540749f66b3992d3ea2.zip FreeBSD-src-b5de44291122e0fc2bf68540749f66b3992d3ea2.tar.gz |
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
Diffstat (limited to 'sys/kern/kern_jail.c')
-rw-r--r-- | sys/kern/kern_jail.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index fc692c8..4784989 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -19,6 +19,8 @@ #include <sys/malloc.h> #include <sys/proc.h> #include <sys/jail.h> +#include <sys/lock.h> +#include <sys/mutex.h> #include <sys/socket.h> #include <sys/sysctl.h> #include <net/if.h> @@ -71,6 +73,7 @@ jail(td, uap) mtx_lock(&Giant); MALLOC(pr, struct prison *, sizeof *pr , M_PRISON, M_WAITOK | M_ZERO); + mtx_init(&pr->pr_mtx, "jail mutex", MTX_DEF); pr->pr_securelevel = securelevel; error = copyinstr(j.hostname, &pr->pr_host, sizeof pr->pr_host, 0); if (error) @@ -108,19 +111,33 @@ void prison_free(struct prison *pr) { + mtx_lock(&pr->pr_mtx); pr->pr_ref--; if (pr->pr_ref == 0) { + mtx_unlock(&pr->pr_mtx); + mtx_destroy(&pr->pr_mtx); if (pr->pr_linux != NULL) FREE(pr->pr_linux, M_PRISON); FREE(pr, M_PRISON); + return; } + mtx_unlock(&pr->pr_mtx); } void prison_hold(struct prison *pr) { + mtx_lock(&pr->pr_mtx); pr->pr_ref++; + mtx_unlock(&pr->pr_mtx); +} + +u_int32_t +prison_getip(struct ucred *cred) +{ + + return (cred->cr_prison->pr_ip); } int |