Introduce a new virtualization container, provisionally named vprocg, to hold

virtualized instances of hostname and domainname, as well as a new top-level
virtualization struct vimage, which holds pointers to struct vnet and struct
vprocg.  Struct vprocg is likely to become replaced in the near future with
a new jail management API import.

As a consequence of this change, change struct ucred to point to a struct
vimage, instead of directly pointing to a vnet.

Merge vnet / vimage / ucred refcounting infrastructure from p4 / vimage
branch.

Permit kldload / kldunload operations to be executed only from the default
vimage context.

This change should have no functional impact on nooptions VIMAGE kernel
builds.

Reviewed by:	bz
Approved by:	julian (mentor)

1 files changed, 12 insertions, 0 deletions

diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c
index 2237107..4e0c5a3 100644
--- a/sys/kern/kern_linker.c
+++ b/sys/kern/kern_linker.c
@@ -992,6 +992,12 @@ kern_kldload(struct thread *td, const char *file, int *fileid)
 	if ((error = priv_check(td, PRIV_KLD_LOAD)) != 0)
 		return (error);
 
+#ifdef VIMAGE
+	/* Only the default vimage is permitted to kldload modules. */
+	if (!IS_DEFAULT_VIMAGE(TD_TO_VIMAGE(td)))
+		return (EPERM);
+#endif
+
 	/*
 	 * It's possible that kldloaded module will attach a new ifnet,
 	 * so vnet context must be set when this ocurs.
@@ -1063,6 +1069,12 @@ kern_kldunload(struct thread *td, int fileid, int flags)
 	if ((error = priv_check(td, PRIV_KLD_UNLOAD)) != 0)
 		return (error);
 
+#ifdef VIMAGE
+	/* Only the default vimage is permitted to kldunload modules. */
+	if (!IS_DEFAULT_VIMAGE(TD_TO_VIMAGE(td)))
+		return (EPERM);
+#endif
+
 	CURVNET_SET(TD_TO_VNET(td));
 	KLD_LOCK();
 	lf = linker_find_file_by_id(fileid);