diff options
author | ian <ian@FreeBSD.org> | 2015-03-25 20:57:54 +0000 |
---|---|---|
committer | ian <ian@FreeBSD.org> | 2015-03-25 20:57:54 +0000 |
commit | 17ca262c02e86a8249998b8b6f269c54d2cc0393 (patch) | |
tree | 3d7f5bb95a341c4bd3b3cb5a0b72e24c35e06d6e /sys/sys | |
parent | 024d3d32c2e26de3eb9d5db776dbab29ad79618e (diff) | |
download | FreeBSD-src-17ca262c02e86a8249998b8b6f269c54d2cc0393.zip FreeBSD-src-17ca262c02e86a8249998b8b6f269c54d2cc0393.tar.gz |
MFC r279361, r279395, r279396:
Allow the kern.osrelease and kern.osreldate sysctl values to be set in a
jail's creation parameters. This allows the kernel version to be reliably
spoofed within the jail whether examined directly with sysctl or
indirectly with the uname -r and -K options.
Export the new osreldate and osrelease jail parms in jail_get(2).
Fix line wrap.
Diffstat (limited to 'sys/sys')
-rw-r--r-- | sys/sys/jail.h | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 08b5f4b..cfe71d8 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -134,6 +134,7 @@ MALLOC_DECLARE(M_PRISON); #include <sys/osd.h> #define HOSTUUIDLEN 64 +#define OSRELEASELEN 32 struct racct; struct prison_racct; @@ -177,13 +178,15 @@ struct prison { int pr_securelevel; /* (p) securelevel */ int pr_enforce_statfs; /* (p) statfs permission */ int pr_devfs_rsnum; /* (p) devfs ruleset */ - int pr_spare[4]; + int pr_spare[3]; + int pr_osreldate; /* (c) kern.osreldate value */ unsigned long pr_hostid; /* (p) jail hostid */ char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ char pr_path[MAXPATHLEN]; /* (c) chroot path */ char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ + char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */ }; struct prison_racct { @@ -364,6 +367,7 @@ void getcredhostname(struct ucred *, char *, size_t); void getcreddomainname(struct ucred *, char *, size_t); void getcredhostuuid(struct ucred *, char *, size_t); void getcredhostid(struct ucred *, unsigned long *); +void prison0_init(void); int prison_allow(struct ucred *, unsigned); int prison_check(struct ucred *cred1, struct ucred *cred2); int prison_owns_vnet(struct ucred *); |