diff options
author | rwatson <rwatson@FreeBSD.org> | 2000-02-10 05:32:03 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2000-02-10 05:32:03 +0000 |
commit | f2722ad13879d5b79d762d3fb26ac2555f2896cc (patch) | |
tree | 838ecf952a16d90ed0ac06b11ec7a2c129103028 /sys/kern/kern_mib.c | |
parent | b4155d9e95a7f57e00a04dadc0a41fa2152d05f4 (diff) | |
download | FreeBSD-src-f2722ad13879d5b79d762d3fb26ac2555f2896cc.zip FreeBSD-src-f2722ad13879d5b79d762d3fb26ac2555f2896cc.tar.gz |
Introduce a new sysctl, kern.jailcansethostname, which determines whether
or not a process in a jail, with privilege, may set the jail's hostname.
Defaults to 1, which permits this. May be set to 0 by a process with
appropriate privilege outside of jail. Preventing hostname renaming
from within a jail is currently required to make jails manageable, as they
a currently identifiable only by hostname using /proc, which may be
modified without this sysctl being set to 0. This will be documented
in upcoming man commits.
Authorized by: jkh, the ever-patient
Diffstat (limited to 'sys/kern/kern_mib.c')
-rw-r--r-- | sys/kern/kern_mib.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index 506ce86..c93cc6f 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -145,6 +145,11 @@ static char machine_arch[] = MACHINE_ARCH; SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD, machine_arch, 0, "System architecture"); +static int jailcansethostname=1; +SYSCTL_INT(_kern, KERN_JAILCANSETHOSTNAME, jailcansethostname, + CTLFLAG_RW, &jailcansethostname, 0, + "Jail can set its hostname"); + char hostname[MAXHOSTNAMELEN]; static int @@ -152,11 +157,13 @@ sysctl_hostname SYSCTL_HANDLER_ARGS { int error; - if (req->p->p_prison) + if (req->p->p_prison) { + if (!jailcansethostname) + return(EPERM); error = sysctl_handle_string(oidp, req->p->p_prison->pr_host, sizeof req->p->p_prison->pr_host, req); - else + } else error = sysctl_handle_string(oidp, hostname, sizeof hostname, req); return (error); |