diff options
author | rwatson <rwatson@FreeBSD.org> | 2000-02-10 05:32:03 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2000-02-10 05:32:03 +0000 |
commit | f2722ad13879d5b79d762d3fb26ac2555f2896cc (patch) | |
tree | 838ecf952a16d90ed0ac06b11ec7a2c129103028 /sys | |
parent | b4155d9e95a7f57e00a04dadc0a41fa2152d05f4 (diff) | |
download | FreeBSD-src-f2722ad13879d5b79d762d3fb26ac2555f2896cc.zip FreeBSD-src-f2722ad13879d5b79d762d3fb26ac2555f2896cc.tar.gz |
Introduce a new sysctl, kern.jailcansethostname, which determines whether
or not a process in a jail, with privilege, may set the jail's hostname.
Defaults to 1, which permits this. May be set to 0 by a process with
appropriate privilege outside of jail. Preventing hostname renaming
from within a jail is currently required to make jails manageable, as they
a currently identifiable only by hostname using /proc, which may be
modified without this sysctl being set to 0. This will be documented
in upcoming man commits.
Authorized by: jkh, the ever-patient
Diffstat (limited to 'sys')
-rw-r--r-- | sys/kern/kern_mib.c | 11 | ||||
-rw-r--r-- | sys/sys/sysctl.h | 4 |
2 files changed, 12 insertions, 3 deletions
diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index 506ce86..c93cc6f 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -145,6 +145,11 @@ static char machine_arch[] = MACHINE_ARCH; SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD, machine_arch, 0, "System architecture"); +static int jailcansethostname=1; +SYSCTL_INT(_kern, KERN_JAILCANSETHOSTNAME, jailcansethostname, + CTLFLAG_RW, &jailcansethostname, 0, + "Jail can set its hostname"); + char hostname[MAXHOSTNAMELEN]; static int @@ -152,11 +157,13 @@ sysctl_hostname SYSCTL_HANDLER_ARGS { int error; - if (req->p->p_prison) + if (req->p->p_prison) { + if (!jailcansethostname) + return(EPERM); error = sysctl_handle_string(oidp, req->p->p_prison->pr_host, sizeof req->p->p_prison->pr_host, req); - else + } else error = sysctl_handle_string(oidp, hostname, sizeof hostname, req); return (error); diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index d5697a6..0e61c04 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -260,7 +260,8 @@ void sysctl_unregister_oid(struct sysctl_oid *oidp); #define KERN_PS_STRINGS 32 /* int: address of PS_STRINGS */ #define KERN_USRSTACK 33 /* int: address of USRSTACK */ #define KERN_LOGSIGEXIT 34 /* int: do we log sigexit procs? */ -#define KERN_MAXID 35 /* number of valid kern ids */ +#define KERN_JAILCANSETHOSTNAME 35 /* int: jailed p can set hostname */ +#define KERN_MAXID 36 /* number of valid kern ids */ #define CTL_KERN_NAMES { \ { 0, 0 }, \ @@ -298,6 +299,7 @@ void sysctl_unregister_oid(struct sysctl_oid *oidp); { "ps_strings", CTLTYPE_INT }, \ { "usrstack", CTLTYPE_INT }, \ { "logsigexit", CTLTYPE_INT }, \ + { "jailcansethostname", CTLTYPE_INT }, \ } /* |