diff options
author | zec <zec@FreeBSD.org> | 2009-05-08 14:11:06 +0000 |
---|---|---|
committer | zec <zec@FreeBSD.org> | 2009-05-08 14:11:06 +0000 |
commit | 639797b2e609797fdaf2c8e88b9203bfc7c70b7e (patch) | |
tree | 070fe9c96176ed914dfefc12a45fea29b98c4122 /sys/kern/kern_linker.c | |
parent | f851007175f37de5aec0c77eb852e3444150e653 (diff) | |
download | FreeBSD-src-639797b2e609797fdaf2c8e88b9203bfc7c70b7e.zip FreeBSD-src-639797b2e609797fdaf2c8e88b9203bfc7c70b7e.tar.gz |
Introduce a new virtualization container, provisionally named vprocg, to hold
virtualized instances of hostname and domainname, as well as a new top-level
virtualization struct vimage, which holds pointers to struct vnet and struct
vprocg. Struct vprocg is likely to become replaced in the near future with
a new jail management API import.
As a consequence of this change, change struct ucred to point to a struct
vimage, instead of directly pointing to a vnet.
Merge vnet / vimage / ucred refcounting infrastructure from p4 / vimage
branch.
Permit kldload / kldunload operations to be executed only from the default
vimage context.
This change should have no functional impact on nooptions VIMAGE kernel
builds.
Reviewed by: bz
Approved by: julian (mentor)
Diffstat (limited to 'sys/kern/kern_linker.c')
-rw-r--r-- | sys/kern/kern_linker.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c index 2237107..4e0c5a3 100644 --- a/sys/kern/kern_linker.c +++ b/sys/kern/kern_linker.c @@ -992,6 +992,12 @@ kern_kldload(struct thread *td, const char *file, int *fileid) if ((error = priv_check(td, PRIV_KLD_LOAD)) != 0) return (error); +#ifdef VIMAGE + /* Only the default vimage is permitted to kldload modules. */ + if (!IS_DEFAULT_VIMAGE(TD_TO_VIMAGE(td))) + return (EPERM); +#endif + /* * It's possible that kldloaded module will attach a new ifnet, * so vnet context must be set when this ocurs. @@ -1063,6 +1069,12 @@ kern_kldunload(struct thread *td, int fileid, int flags) if ((error = priv_check(td, PRIV_KLD_UNLOAD)) != 0) return (error); +#ifdef VIMAGE + /* Only the default vimage is permitted to kldunload modules. */ + if (!IS_DEFAULT_VIMAGE(TD_TO_VIMAGE(td))) + return (EPERM); +#endif + CURVNET_SET(TD_TO_VNET(td)); KLD_LOCK(); lf = linker_find_file_by_id(fileid); |