diff options
author | jamie <jamie@FreeBSD.org> | 2013-05-19 04:10:34 +0000 |
---|---|---|
committer | jamie <jamie@FreeBSD.org> | 2013-05-19 04:10:34 +0000 |
commit | 7941fefd80009514446ab99f32ddfd03121d225b (patch) | |
tree | 75f092c389fa19cc71a84d757fa9671acf2fe9fe /sys/kern | |
parent | 678597bc5abd3902a84210a703be65ad9c972b5d (diff) | |
download | FreeBSD-src-7941fefd80009514446ab99f32ddfd03121d225b.zip FreeBSD-src-7941fefd80009514446ab99f32ddfd03121d225b.tar.gz |
Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't
apply to most jails but do apply to vnet jails. This includes adding
a new sysctl "security.jail.vnet" to identify vnet jails.
PR: conf/149050
Submitted by: mdodd
MFC after: 3 days
Diffstat (limited to 'sys/kern')
-rw-r--r-- | sys/kern/kern_jail.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index c624283..d70a936 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -4132,6 +4132,26 @@ SYSCTL_PROC(_security_jail, OID_AUTO, jailed, CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_jailed, "I", "Process in jail?"); +static int +sysctl_jail_vnet(SYSCTL_HANDLER_ARGS) +{ + int error, havevnet; +#ifdef VIMAGE + struct ucred *cred = req->td->td_ucred; + + havevnet = jailed(cred) && prison_owns_vnet(cred); +#else + havevnet = 0; +#endif + error = SYSCTL_OUT(req, &havevnet, sizeof(havevnet)); + + return (error); +} + +SYSCTL_PROC(_security_jail, OID_AUTO, vnet, + CTLTYPE_INT | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0, + sysctl_jail_vnet, "I", "Jail owns VNET?"); + #if defined(INET) || defined(INET6) SYSCTL_UINT(_security_jail, OID_AUTO, jail_max_af_ips, CTLFLAG_RW, &jail_max_af_ips, 0, |