Introduce a new sysctl, kern.jailcansethostname, which determines whether

or not a process in a jail, with privilege, may set the jail's hostname.
Defaults to 1, which permits this.  May be set to 0 by a process with
appropriate privilege outside of jail.  Preventing hostname renaming
from within a jail is currently required to make jails manageable, as they
a currently identifiable only by hostname using /proc, which may be
modified without this sysctl being set to 0.  This will be documented
in upcoming man commits.

Authorized by:	jkh, the ever-patient

1 files changed, 9 insertions, 2 deletions

diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c
index 506ce86..c93cc6f 100644
--- a/sys/kern/kern_mib.c
+++ b/sys/kern/kern_mib.c
@@ -145,6 +145,11 @@ static char	machine_arch[] = MACHINE_ARCH;
 SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD,
     machine_arch, 0, "System architecture");
 
+static int	jailcansethostname=1;
+SYSCTL_INT(_kern, KERN_JAILCANSETHOSTNAME, jailcansethostname,
+	CTLFLAG_RW, &jailcansethostname, 0,
+	"Jail can set its hostname");
+
 char hostname[MAXHOSTNAMELEN];
 
 static int
@@ -152,11 +157,13 @@ sysctl_hostname SYSCTL_HANDLER_ARGS
 {
 	int error;
 
-	if (req->p->p_prison) 
+	if (req->p->p_prison) {
+		if (!jailcansethostname)
+			return(EPERM);
 		error = sysctl_handle_string(oidp, 
 		    req->p->p_prison->pr_host,
 		    sizeof req->p->p_prison->pr_host, req);
-	else
+	} else
 		error = sysctl_handle_string(oidp, 
 		    hostname, sizeof hostname, req);
 	return (error);