diff options
author | rwatson <rwatson@FreeBSD.org> | 2001-12-03 16:12:27 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2001-12-03 16:12:27 +0000 |
commit | b5de44291122e0fc2bf68540749f66b3992d3ea2 (patch) | |
tree | 8f9d530e63e21e0286cad851a18efd4acdd6bd28 /sys/netinet | |
parent | c55fbd48a87bd450592bb317754a6bf3961674ff (diff) | |
download | FreeBSD-src-b5de44291122e0fc2bf68540749f66b3992d3ea2.zip FreeBSD-src-b5de44291122e0fc2bf68540749f66b3992d3ea2.tar.gz |
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
Diffstat (limited to 'sys/netinet')
-rw-r--r-- | sys/netinet/in_pcb.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c index 41987af..96af0d6 100644 --- a/sys/netinet/in_pcb.c +++ b/sys/netinet/in_pcb.c @@ -505,7 +505,7 @@ in_pcbconnect(inp, nam, td) cred = inp->inp_socket->so_cred; if (inp->inp_laddr.s_addr == INADDR_ANY && jailed(cred)) { bzero(&sa, sizeof (sa)); - sa.sin_addr.s_addr = htonl(cred->cr_prison->pr_ip); + sa.sin_addr.s_addr = htonl(prison_getip(cred)); sa.sin_len=sizeof (sa); sa.sin_family = AF_INET; error = in_pcbbind(inp, (struct sockaddr *)&sa, td); @@ -1032,7 +1032,7 @@ prison_xinpcb(struct proc *p, struct inpcb *inp) { if (!jailed(p->p_ucred)) return (0); - if (ntohl(inp->inp_laddr.s_addr) == p->p_ucred->cr_prison->pr_ip) + if (ntohl(inp->inp_laddr.s_addr) == prison_getip(p->p_ucred)) return (0); return (1); } |