diff options
39 files changed, 411 insertions, 281 deletions
diff --git a/sys/amd64/amd64/dump_machdep.c b/sys/amd64/amd64/dump_machdep.c index 34a4ecc7..a62f1e4 100644 --- a/sys/amd64/amd64/dump_machdep.c +++ b/sys/amd64/amd64/dump_machdep.c @@ -34,7 +34,6 @@ __FBSDID("$FreeBSD$"); #include <sys/sysctl.h> #include <sys/kernel.h> #include <sys/kerneldump.h> -#include <sys/vimage.h> #include <vm/vm.h> #include <vm/pmap.h> #include <machine/elf.h> diff --git a/sys/amd64/amd64/minidump_machdep.c b/sys/amd64/amd64/minidump_machdep.c index 676d013..a9af809 100644 --- a/sys/amd64/amd64/minidump_machdep.c +++ b/sys/amd64/amd64/minidump_machdep.c @@ -34,7 +34,6 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/kerneldump.h> #include <sys/msgbuf.h> -#include <sys/vimage.h> #include <vm/vm.h> #include <vm/pmap.h> #include <machine/atomic.h> diff --git a/sys/arm/arm/dump_machdep.c b/sys/arm/arm/dump_machdep.c index c45581f..5a07dca 100644 --- a/sys/arm/arm/dump_machdep.c +++ b/sys/arm/arm/dump_machdep.c @@ -35,7 +35,6 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/proc.h> #include <sys/kerneldump.h> -#include <sys/vimage.h> #include <vm/vm.h> #include <vm/pmap.h> #include <machine/elf.h> diff --git a/sys/cddl/compat/opensolaris/kern/opensolaris.c b/sys/cddl/compat/opensolaris/kern/opensolaris.c index 003120f..5595bd1 100644 --- a/sys/cddl/compat/opensolaris/kern/opensolaris.c +++ b/sys/cddl/compat/opensolaris/kern/opensolaris.c @@ -31,11 +31,11 @@ #include <sys/conf.h> #include <sys/cpuvar.h> #include <sys/errno.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/misc.h> #include <sys/module.h> #include <sys/mutex.h> -#include <sys/vimage.h> cpu_core_t cpu_core[MAXCPU]; kmutex_t cpu_lock; @@ -83,7 +83,7 @@ opensolaris_modevent(module_t mod __unused, int type, void *data __unused) switch (type) { case MOD_LOAD: - utsname.nodename = G_hostname; + utsname.nodename = prison0.pr_host; break; case MOD_UNLOAD: diff --git a/sys/cddl/compat/opensolaris/kern/opensolaris_misc.c b/sys/cddl/compat/opensolaris/kern/opensolaris_misc.c index af98827..4f46933 100644 --- a/sys/cddl/compat/opensolaris/kern/opensolaris_misc.c +++ b/sys/cddl/compat/opensolaris/kern/opensolaris_misc.c @@ -28,6 +28,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/libkern.h> #include <sys/limits.h> @@ -57,7 +58,7 @@ ddi_strtoul(const char *str, char **nptr, int base, unsigned long *result) { if (str == hw_serial) { - *result = hostid; + *result = prison0.pr_hostid; return (0); } diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index 7279197..dc8edf5 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -64,7 +64,6 @@ __FBSDID("$FreeBSD$"); #include <sys/vnode.h> #include <sys/wait.h> #include <sys/cpuset.h> -#include <sys/vimage.h> #include <security/mac/mac_framework.h> @@ -715,10 +714,10 @@ linux_times(struct thread *td, struct linux_times_args *args) int linux_newuname(struct thread *td, struct linux_newuname_args *args) { - INIT_VPROCG(TD_TO_VPROCG(td)); struct l_new_utsname utsname; char osname[LINUX_MAX_UTSNAME]; char osrelease[LINUX_MAX_UTSNAME]; + struct prison *pr; char *p; #ifdef DEBUG @@ -741,9 +740,10 @@ linux_newuname(struct thread *td, struct linux_newuname_args *args) } strlcpy(utsname.machine, linux_platform, LINUX_MAX_UTSNAME); - mtx_lock(&hostname_mtx); - strlcpy(utsname.domainname, V_domainname, LINUX_MAX_UTSNAME); - mtx_unlock(&hostname_mtx); + pr = td->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + strlcpy(utsname.domainname, pr->pr_domain, LINUX_MAX_UTSNAME); + mtx_unlock(&pr->pr_mtx); return (copyout(&utsname, args->buf, sizeof(utsname))); } diff --git a/sys/compat/svr4/svr4_stat.c b/sys/compat/svr4/svr4_stat.c index 8c7b9b8..42e6122 100644 --- a/sys/compat/svr4/svr4_stat.c +++ b/sys/compat/svr4/svr4_stat.c @@ -43,7 +43,6 @@ __FBSDID("$FreeBSD$"); #include <sys/sysctl.h> #include <sys/sysproto.h> #include <sys/un.h> -#include <sys/vimage.h> #include <vm/vm.h> @@ -386,7 +385,7 @@ svr4_ustat(td, uap) return 0; } -/*extern char ostype[], hostname[], osrelease[], version[], machine[];*/ +/*extern char ostype[], osrelease[], version[], machine[];*/ int svr4_sys_uname(td, uap) @@ -412,15 +411,12 @@ svr4_sys_systeminfo(td, uap) struct thread *td; struct svr4_sys_systeminfo_args *uap; { - INIT_VPROCG(TD_TO_VPROCG(td)); + struct prison *pr; char *str = NULL; int error = 0; register_t *retval = td->td_retval; size_t len = 0; - char buf[11]; /* XXX NetBSD uses 256, but we use 11 - here as that seems like awfully - excessive kstack usage for hostid - string... */ + char buf[MAXHOSTNAMELEN]; u_int rlen = uap->len; switch (uap->what) { @@ -429,7 +425,8 @@ svr4_sys_systeminfo(td, uap) break; case SVR4_SI_HOSTNAME: - str = V_hostname; + getcredhostname(td->td_ucred, buf, sizeof(buf)); + str = buf; break; case SVR4_SI_RELEASE: @@ -470,8 +467,11 @@ svr4_sys_systeminfo(td, uap) break; case SVR4_SI_SRPC_DOMAIN: - /* XXXRW: locking? */ - str = V_domainname; + pr = td->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + strlcpy(buf, pr->pr_domain, sizeof(buf)); + mtx_unlock(&pr->pr_mtx); + str = buf; break; case SVR4_SI_PLATFORM: diff --git a/sys/ddb/db_textdump.c b/sys/ddb/db_textdump.c index e906962..8e78fbf 100644 --- a/sys/ddb/db_textdump.c +++ b/sys/ddb/db_textdump.c @@ -68,7 +68,6 @@ __FBSDID("$FreeBSD$"); #include <sys/msgbuf.h> #include <sys/sysctl.h> #include <sys/systm.h> -#include <sys/vimage.h> #include <ddb/ddb.h> #include <ddb/db_lex.h> diff --git a/sys/dev/firewire/firewire.c b/sys/dev/firewire/firewire.c index c2484ae..aff0418 100644 --- a/sys/dev/firewire/firewire.c +++ b/sys/dev/firewire/firewire.c @@ -39,13 +39,13 @@ #include <sys/systm.h> #include <sys/types.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/module.h> #include <sys/malloc.h> #include <sys/conf.h> #include <sys/sysctl.h> #include <sys/kthread.h> -#include <sys/vimage.h> #include <sys/kdb.h> @@ -723,7 +723,9 @@ fw_reset_crom(struct firewire_comm *fc) crom_add_simple_text(src, root, &buf->vendor, "FreeBSD Project"); crom_add_entry(root, CSRKEY_HW, __FreeBSD_version); #endif - crom_add_simple_text(src, root, &buf->hw, G_hostname); + mtx_lock(&prison0.pr_mtx); + crom_add_simple_text(src, root, &buf->hw, prison0.pr_host); + mtx_unlock(&prison0.pr_mtx); } /* diff --git a/sys/dev/syscons/daemon/daemon_saver.c b/sys/dev/syscons/daemon/daemon_saver.c index ac91313..7530b4d 100644 --- a/sys/dev/syscons/daemon/daemon_saver.c +++ b/sys/dev/syscons/daemon/daemon_saver.c @@ -32,11 +32,11 @@ #include <sys/systm.h> #include <sys/module.h> #include <sys/malloc.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/sysctl.h> #include <sys/consio.h> #include <sys/fbio.h> -#include <sys/vimage.h> #include <machine/pc/display.h> @@ -352,11 +352,12 @@ static int daemon_init(video_adapter_t *adp) { - /* XXXRW: Locking -- these can change! */ - messagelen = strlen(G_hostname) + 3 + strlen(ostype) + 1 + + mtx_lock(&prison0.pr_mtx); + messagelen = strlen(prison0.pr_host) + 3 + strlen(ostype) + 1 + strlen(osrelease); message = malloc(messagelen + 1, M_DEVBUF, M_WAITOK); - sprintf(message, "%s - %s %s", G_hostname, ostype, osrelease); + sprintf(message, "%s - %s %s", prison0.pr_host, ostype, osrelease); + mtx_unlock(&prison0.pr_mtx); blanked = 0; switch (adp->va_mode) { case M_PC98_80x25: diff --git a/sys/fs/cd9660/cd9660_rrip.c b/sys/fs/cd9660/cd9660_rrip.c index 9a32e9b..a688039 100644 --- a/sys/fs/cd9660/cd9660_rrip.c +++ b/sys/fs/cd9660/cd9660_rrip.c @@ -41,10 +41,10 @@ __FBSDID("$FreeBSD$"); #include <sys/systm.h> #include <sys/bio.h> #include <sys/buf.h> +#include <sys/jail.h> #include <sys/vnode.h> #include <sys/mount.h> #include <sys/kernel.h> -#include <sys/vimage.h> #include <fs/cd9660/iso.h> #include <fs/cd9660/cd9660_node.h> @@ -114,11 +114,11 @@ cd9660_rrip_slink(p,ana) ISO_RRIP_SLINK *p; ISO_RRIP_ANALYZE *ana; { - INIT_VPROCG(TD_TO_VPROCG(curthread)); ISO_RRIP_SLINK_COMPONENT *pcomp; ISO_RRIP_SLINK_COMPONENT *pcompe; int len, wlen, cont; char *outbuf, *inbuf; + char hostbuf[MAXHOSTNAMELEN]; pcomp = (ISO_RRIP_SLINK_COMPONENT *)p->component; pcompe = (ISO_RRIP_SLINK_COMPONENT *)((char *)p + isonum_711(p->h.length)); @@ -172,10 +172,11 @@ cd9660_rrip_slink(p,ana) break; case ISO_SUSP_CFLAG_HOST: - /* XXXRW: locking. */ /* Inserting hostname i.e. "kurt.tools.de" */ - inbuf = V_hostname; - wlen = strlen(V_hostname); + getcredhostname(curthread->td_ucred, hostbuf, + sizeof(hostbuf)); + inbuf = hostbuf; + wlen = strlen(inbuf); break; case ISO_SUSP_CFLAG_CONTINUE: @@ -225,10 +226,10 @@ cd9660_rrip_altname(p,ana) ISO_RRIP_ALTNAME *p; ISO_RRIP_ANALYZE *ana; { - INIT_VPROCG(TD_TO_VPROCG(curthread)); char *inbuf; int wlen; int cont; + char hostbuf[MAXHOSTNAMELEN]; inbuf = ".."; wlen = 0; @@ -246,10 +247,10 @@ cd9660_rrip_altname(p,ana) break; case ISO_SUSP_CFLAG_HOST: - /* XXXRW: locking. */ /* Inserting hostname i.e. "kurt.tools.de" */ - inbuf = V_hostname; - wlen = strlen(V_hostname); + getcredhostname(curthread->td_ucred, hostbuf, sizeof(hostbuf)); + inbuf = hostbuf; + wlen = strlen(inbuf); break; case ISO_SUSP_CFLAG_CONTINUE: diff --git a/sys/fs/nfs/nfsport.h b/sys/fs/nfs/nfsport.h index 4bbc4f2..5712eae 100644 --- a/sys/fs/nfs/nfsport.h +++ b/sys/fs/nfs/nfsport.h @@ -49,6 +49,7 @@ #include <sys/fcntl.h> #include <sys/file.h> #include <sys/filedesc.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/lockf.h> #include <sys/malloc.h> diff --git a/sys/fs/nfsclient/nfs_clstate.c b/sys/fs/nfsclient/nfs_clstate.c index e3cf76a..2295627 100644 --- a/sys/fs/nfsclient/nfs_clstate.c +++ b/sys/fs/nfsclient/nfs_clstate.c @@ -675,10 +675,16 @@ nfscl_getcl(vnode_t vp, struct ucred *cred, NFSPROC_T *p, struct nfsclclient *newclp; struct nfscllockowner *lp, *nlp; struct nfsmount *nmp = VFSTONFS(vnode_mount(vp)); + struct prison *pr; + char uuid[HOSTUUIDLEN]; int igotlock = 0, error, trystalecnt, clidinusedelay, i; u_int16_t idlen; - idlen = strlen(hostuuid); + pr = cred->cr_prison; + mtx_lock(&pr->pr_mtx); + strlcpy(uuid, pr->pr_uuid, sizeof uuid); + mtx_unlock(&pr->pr_mtx); + idlen = strlen(uuid); if (idlen > 0) idlen += sizeof (u_int64_t); else @@ -699,7 +705,7 @@ nfscl_getcl(vnode_t vp, struct ucred *cred, NFSPROC_T *p, clp->nfsc_flags = NFSCLFLAGS_INITED; clp->nfsc_clientidrev = 1; clp->nfsc_cbident = nfscl_nextcbident(); - nfscl_fillclid(nmp->nm_clval, hostuuid, clp->nfsc_id, + nfscl_fillclid(nmp->nm_clval, uuid, clp->nfsc_id, clp->nfsc_idlen); LIST_INSERT_HEAD(&nfsclhead, clp, nfsc_list); nmp->nm_clp = clp; diff --git a/sys/fs/nfsclient/nfs_clvfsops.c b/sys/fs/nfsclient/nfs_clvfsops.c index 73fb4e3..01f41df 100644 --- a/sys/fs/nfsclient/nfs_clvfsops.c +++ b/sys/fs/nfsclient/nfs_clvfsops.c @@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$"); #include <sys/bio.h> #include <sys/buf.h> #include <sys/clock.h> +#include <sys/jail.h> #include <sys/lock.h> #include <sys/malloc.h> #include <sys/mbuf.h> @@ -368,12 +369,11 @@ int ncl_mountroot(struct mount *mp) { struct thread *td = curthread; - INIT_VPROCG(TD_TO_VPROCG(td)); struct nfsv3_diskless *nd = &newnfsv3_diskless; struct socket *so; struct vnode *vp; struct ifreq ir; - int error, i; + int error; u_long l; char buf[128]; char *cp; @@ -477,13 +477,9 @@ ncl_mountroot(struct mount *mp) * set hostname here and then let the "/etc/rc.xxx" files * mount the right /var based upon its preset value. */ - mtx_lock(&hostname_mtx); - bcopy(nd->my_hostnam, V_hostname, MAXHOSTNAMELEN); - V_hostname[MAXHOSTNAMELEN - 1] = '\0'; - for (i = 0; i < MAXHOSTNAMELEN; i++) - if (V_hostname[i] == '\0') - break; - mtx_unlock(&hostname_mtx); + mtx_lock(&prison0.pr_mtx); + strlcpy(prison0.pr_host, nd->my_hostnam, sizeof(prison0.pr_host)); + mtx_unlock(&prison0.pr_mtx); inittodr(ntohl(nd->root_time)); return (0); } diff --git a/sys/geom/vinum/geom_vinum_create.c b/sys/geom/vinum/geom_vinum_create.c index 3f8212c..0ea0ef3 100644 --- a/sys/geom/vinum/geom_vinum_create.c +++ b/sys/geom/vinum/geom_vinum_create.c @@ -31,10 +31,10 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/bio.h> #include <sys/conf.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/malloc.h> #include <sys/systm.h> -#include <sys/vimage.h> #include <geom/geom.h> #include <geom/vinum/geom_vinum_var.h> @@ -157,9 +157,7 @@ gv_create_drive(struct gv_softc *sc, struct gv_drive *d) hdr = g_malloc(sizeof(*hdr), M_WAITOK | M_ZERO); hdr->magic = GV_MAGIC; hdr->config_length = GV_CFG_LEN; - mtx_lock(&hostname_mtx); - bcopy(G_hostname, hdr->label.sysname, GV_HOSTNAME_LEN); - mtx_unlock(&hostname_mtx); + getcredhostname(NULL, hdr->label.sysname, GV_HOSTNAME_LEN); strlcpy(hdr->label.name, d->name, sizeof(hdr->label.name)); microtime(&hdr->label.date_of_birth); d->hdr = hdr; diff --git a/sys/geom/vinum/geom_vinum_drive.c b/sys/geom/vinum/geom_vinum_drive.c index 1e9dd0b..5ab68f3 100644 --- a/sys/geom/vinum/geom_vinum_drive.c +++ b/sys/geom/vinum/geom_vinum_drive.c @@ -30,7 +30,6 @@ __FBSDID("$FreeBSD$"); #include <sys/endian.h> #include <sys/malloc.h> #include <sys/systm.h> -#include <sys/vimage.h> #include <geom/geom.h> #include <geom/vinum/geom_vinum_var.h> diff --git a/sys/i386/i386/dump_machdep.c b/sys/i386/i386/dump_machdep.c index a1444f0..d0c6ba7 100644 --- a/sys/i386/i386/dump_machdep.c +++ b/sys/i386/i386/dump_machdep.c @@ -34,7 +34,6 @@ __FBSDID("$FreeBSD$"); #include <sys/sysctl.h> #include <sys/kernel.h> #include <sys/kerneldump.h> -#include <sys/vimage.h> #include <vm/vm.h> #include <vm/pmap.h> #include <machine/elf.h> diff --git a/sys/i386/i386/minidump_machdep.c b/sys/i386/i386/minidump_machdep.c index 46dec2a..af52306 100644 --- a/sys/i386/i386/minidump_machdep.c +++ b/sys/i386/i386/minidump_machdep.c @@ -34,7 +34,6 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/kerneldump.h> #include <sys/msgbuf.h> -#include <sys/vimage.h> #include <vm/vm.h> #include <vm/pmap.h> #include <machine/atomic.h> diff --git a/sys/i386/ibcs2/ibcs2_socksys.c b/sys/i386/ibcs2/ibcs2_socksys.c index 2dba77d..eb0559e 100644 --- a/sys/i386/ibcs2/ibcs2_socksys.c +++ b/sys/i386/ibcs2/ibcs2_socksys.c @@ -31,10 +31,7 @@ __FBSDID("$FreeBSD$"); #include <sys/sysproto.h> #include <sys/jail.h> #include <sys/kernel.h> -#include <sys/lock.h> -#include <sys/mutex.h> #include <sys/sysctl.h> -#include <sys/vimage.h> #include <i386/ibcs2/ibcs2_socksys.h> #include <i386/ibcs2/ibcs2_util.h> @@ -152,7 +149,7 @@ ibcs2_getipdomainname(td, uap) char hname[MAXHOSTNAMELEN], *dptr; int len; - /* Get the domain name */ + /* Get the domain name. */ getcredhostname(td->td_ucred, hname, sizeof(hname)); dptr = index(hname, '.'); @@ -174,20 +171,17 @@ ibcs2_setipdomainname(td, uap) struct thread *td; struct setipdomainname_args *uap; { - INIT_VPROCG(TD_TO_VPROCG(td)); char hname[MAXHOSTNAMELEN], *ptr; int error, sctl[2], hlen; + /* Get the domain name */ + getcredhostname(td->td_ucred, hname, sizeof(hname)); + /* W/out a hostname a domain-name is nonsense */ - mtx_lock(&hostname_mtx); - if ( strlen(V_hostname) == 0 ) { - mtx_unlock(&hostname_mtx); + if ( strlen(hname) == 0 ) return EINVAL; - } /* Get the host's unqualified name (strip off the domain) */ - snprintf(hname, sizeof(hname), "%s", V_hostname); - mtx_unlock(&hostname_mtx); ptr = index(hname, '.'); if ( ptr != NULL ) { ptr++; diff --git a/sys/ia64/ia64/dump_machdep.c b/sys/ia64/ia64/dump_machdep.c index db73271..06744e1 100644 --- a/sys/ia64/ia64/dump_machdep.c +++ b/sys/ia64/ia64/dump_machdep.c @@ -33,7 +33,6 @@ __FBSDID("$FreeBSD$"); #include <sys/cons.h> #include <sys/kernel.h> #include <sys/kerneldump.h> -#include <sys/vimage.h> #include <vm/vm.h> #include <vm/pmap.h> #include <machine/efi.h> diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index b12a478..b6a6d56 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -29,6 +29,7 @@ #include <sys/cdefs.h> __FBSDID("$FreeBSD$"); +#include "opt_compat.h" #include "opt_ddb.h" #include "opt_inet.h" #include "opt_inet6.h" @@ -50,6 +51,7 @@ __FBSDID("$FreeBSD$"); #include <sys/lock.h> #include <sys/mutex.h> #include <sys/sx.h> +#include <sys/sysent.h> #include <sys/namei.h> #include <sys/mount.h> #include <sys/queue.h> @@ -79,7 +81,9 @@ struct prison prison0 = { .pr_uref = 1, .pr_path = "/", .pr_securelevel = -1, + .pr_uuid = "00000000-0000-0000-0000-000000000000", .pr_children = LIST_HEAD_INITIALIZER(&prison0.pr_children), + .pr_flags = PR_HOST, .pr_allow = PR_ALLOW_ALL, }; MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF); @@ -116,8 +120,9 @@ static int prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6); */ static char *pr_flag_names[] = { [0] = "persist", + "host", #ifdef INET - [2] = "ip4", + "ip4", #endif #ifdef INET6 [3] = "ip6", @@ -126,8 +131,9 @@ static char *pr_flag_names[] = { static char *pr_flag_nonames[] = { [0] = "nopersist", + "nohost", #ifdef INET - [2] = "noip4", + "noip4", #endif #ifdef INET6 [3] = "noip6", @@ -453,13 +459,14 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) struct vfsoptlist *opts; struct prison *pr, *deadpr, *mypr, *ppr, *tpr; struct vnode *root; - char *errmsg, *host, *name, *p, *path; + char *domain, *errmsg, *host, *name, *p, *path, *uuid; #if defined(INET) || defined(INET6) void *op; #endif + unsigned long hid; size_t namelen, onamelen; int created, cuflags, descend, enforce, error, errmsg_len, errmsg_pos; - int gotenforce, gotslevel, fi, jid, len; + int gotenforce, gothid, gotslevel, fi, jid, len; int slevel, vfslocked; #if defined(INET) || defined(INET6) int ii, ij; @@ -578,6 +585,8 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) else if (error != 0) goto done_free; else { + ch_flags |= PR_HOST; + pr_flags |= PR_HOST; if (len == 0 || host[len - 1] != '\0') { error = EINVAL; goto done_free; @@ -588,6 +597,61 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) } } + error = vfs_getopt(opts, "host.domainname", (void **)&domain, &len); + if (error == ENOENT) + domain = NULL; + else if (error != 0) + goto done_free; + else { + ch_flags |= PR_HOST; + pr_flags |= PR_HOST; + if (len == 0 || domain[len - 1] != '\0') { + error = EINVAL; + goto done_free; + } + if (len > MAXHOSTNAMELEN) { + error = ENAMETOOLONG; + goto done_free; + } + } + + error = vfs_getopt(opts, "host.hostuuid", (void **)&uuid, &len); + if (error == ENOENT) + uuid = NULL; + else if (error != 0) + goto done_free; + else { + ch_flags |= PR_HOST; + pr_flags |= PR_HOST; + if (len == 0 || uuid[len - 1] != '\0') { + error = EINVAL; + goto done_free; + } + if (len > HOSTUUIDLEN) { + error = ENAMETOOLONG; + goto done_free; + } + } + +#ifdef COMPAT_IA32 + if (td->td_proc->p_sysent->sv_flags & SV_IA32) { + uint32_t hid32; + + error = vfs_copyopt(opts, "host.hostid", &hid32, sizeof(hid32)); + hid = hid32; + } else +#endif + error = vfs_copyopt(opts, "host.hostid", &hid, sizeof(hid)); + if (error == ENOENT) + gothid = 0; + else if (error != 0) + goto done_free; + else { + gothid = 1; + ch_flags |= PR_HOST; + pr_flags |= PR_HOST; + } + /* This might be the second time around for this option. */ #ifdef INET error = vfs_getopt(opts, "ip4.addr", &op, &ip4s); @@ -1000,6 +1064,16 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) /* Set some default values, and inherit some from the parent. */ if (name == NULL) name = ""; + if (host != NULL || domain != NULL || uuid != NULL || gothid) { + if (host == NULL) + host = ppr->pr_host; + if (domain == NULL) + domain = ppr->pr_domain; + if (uuid == NULL) + uuid = ppr->pr_uuid; + if (!gothid) + hid = ppr->pr_hostid; + } if (path == NULL) { path = "/"; root = mypr->pr_root; @@ -1436,8 +1510,50 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags) strlcpy(pr->pr_path, path, sizeof(pr->pr_path)); pr->pr_root = root; } - if (host != NULL) - strlcpy(pr->pr_host, host, sizeof(pr->pr_host)); + if (PR_HOST & ch_flags & ~pr_flags) { + if (pr->pr_flags & PR_HOST) { + /* + * Copy the parent's host info. As with pr_ip4 above, + * the lack of a lock on the parent is not a problem; + * it is always set with allprison_lock at least + * shared, and is held exclusively here. + */ + strlcpy(pr->pr_host, pr->pr_parent->pr_host, + sizeof(pr->pr_host)); + strlcpy(pr->pr_domain, pr->pr_parent->pr_domain, + sizeof(pr->pr_domain)); + strlcpy(pr->pr_uuid, pr->pr_parent->pr_uuid, + sizeof(pr->pr_uuid)); + pr->pr_hostid = pr->pr_parent->pr_hostid; + } + } else if (host != NULL || domain != NULL || uuid != NULL || gothid) { + /* Set this prison, and any descendants without PR_HOST. */ + if (host != NULL) + strlcpy(pr->pr_host, host, sizeof(pr->pr_host)); + if (domain != NULL) + strlcpy(pr->pr_domain, domain, sizeof(pr->pr_domain)); + if (uuid != NULL) + strlcpy(pr->pr_uuid, uuid, sizeof(pr->pr_uuid)); + if (gothid) + pr->pr_hostid = hid; + FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) { + if (tpr->pr_flags & PR_HOST) + descend = 0; + else { + if (host != NULL) + strlcpy(tpr->pr_host, pr->pr_host, + sizeof(tpr->pr_host)); + if (domain != NULL) + strlcpy(tpr->pr_domain, pr->pr_domain, + sizeof(tpr->pr_domain)); + if (uuid != NULL) + strlcpy(tpr->pr_uuid, pr->pr_uuid, + sizeof(tpr->pr_uuid)); + if (gothid) + tpr->pr_hostid = hid; + } + } + } if ((tallow = ch_allow & ~pr_allow)) { /* Clear allow bits in all children. */ FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) @@ -1753,6 +1869,23 @@ kern_jail_get(struct thread *td, struct uio *optuio, int flags) error = vfs_setopts(opts, "host.hostname", pr->pr_host); if (error != 0 && error != ENOENT) goto done_deref; + error = vfs_setopts(opts, "host.domainname", pr->pr_domain); + if (error != 0 && error != ENOENT) + goto done_deref; + error = vfs_setopts(opts, "host.hostuuid", pr->pr_uuid); + if (error != 0 && error != ENOENT) + goto done_deref; +#ifdef COMPAT_IA32 + if (td->td_proc->p_sysent->sv_flags & SV_IA32) { + uint32_t hid32 = pr->pr_hostid; + + error = vfs_setopt(opts, "host.hostid", &hid32, sizeof(hid32)); + } else +#endif + error = vfs_setopt(opts, "host.hostid", &pr->pr_hostid, + sizeof(pr->pr_hostid)); + if (error != 0 && error != ENOENT) + goto done_deref; error = vfs_setopt(opts, "enforce_statfs", &pr->pr_enforce_statfs, sizeof(pr->pr_enforce_statfs)); if (error != 0 && error != ENOENT) @@ -3072,17 +3205,12 @@ jailed(struct ucred *cred) void getcredhostname(struct ucred *cred, char *buf, size_t size) { - INIT_VPROCG(cred->cr_vimage->v_procg); + struct prison *pr; - if (jailed(cred)) { - mtx_lock(&cred->cr_prison->pr_mtx); - strlcpy(buf, cred->cr_prison->pr_host, size); - mtx_unlock(&cred->cr_prison->pr_mtx); - } else { - mtx_lock(&hostname_mtx); - strlcpy(buf, V_hostname, size); - mtx_unlock(&hostname_mtx); - } + pr = (cred != NULL) ? cred->cr_prison : &prison0; + mtx_lock(&pr->pr_mtx); + strlcpy(buf, pr->pr_host, size); + mtx_unlock(&pr->pr_mtx); } /* @@ -3683,8 +3811,16 @@ SYSCTL_JAIL_PARAM(, dying, CTLTYPE_INT | CTLFLAG_RD, "B", "Jail is in the process of shutting down"); SYSCTL_JAIL_PARAM_NODE(host, "Jail host info"); +SYSCTL_JAIL_PARAM(, nohost, CTLTYPE_INT | CTLFLAG_RW, + "BN", "Jail w/ no host info"); SYSCTL_JAIL_PARAM_STRING(_host, hostname, CTLFLAG_RW, MAXHOSTNAMELEN, "Jail hostname"); +SYSCTL_JAIL_PARAM_STRING(_host, domainname, CTLFLAG_RW, MAXHOSTNAMELEN, + "Jail NIS domainname"); +SYSCTL_JAIL_PARAM_STRING(_host, hostuuid, CTLFLAG_RW, HOSTUUIDLEN, + "Jail host UUID"); +SYSCTL_JAIL_PARAM(_host, hostid, CTLTYPE_ULONG | CTLFLAG_RW, + "LU", "Jail host ID"); SYSCTL_JAIL_PARAM_NODE(cpuset, "Jail cpuset"); SYSCTL_JAIL_PARAM(_cpuset, id, CTLTYPE_INT | CTLFLAG_RD, "I", "Jail cpuset ID"); @@ -3762,6 +3898,9 @@ db_show_prison(struct prison *pr) db_printf("\n"); db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs); db_printf(" host.hostname = %s\n", pr->pr_host); + db_printf(" host.domainname = %s\n", pr->pr_domain); + db_printf(" host.hostuuid = %s\n", pr->pr_uuid); + db_printf(" host.hostid = %lu\n", pr->pr_hostid); #ifdef INET db_printf(" ip4s = %d\n", pr->pr_ip4s); for (ii = 0; ii < pr->pr_ip4s; ii++) diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index 38116d5..823df6b 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -54,7 +54,6 @@ __FBSDID("$FreeBSD$"); #include <sys/smp.h> #include <sys/sx.h> #include <sys/unistd.h> -#include <sys/vimage.h> SYSCTL_NODE(, 0, sysctl, CTLFLAG_RW, 0, "Sysctl internal magic"); @@ -209,71 +208,69 @@ static char machine_arch[] = MACHINE_ARCH; SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD, machine_arch, 0, "System architecture"); -#ifdef VIMAGE_GLOBALS -char hostname[MAXHOSTNAMELEN]; -#endif - -/* - * This mutex is used to protect the hostname and domainname variables, and - * perhaps in the future should also protect hostid, hostuid, and others. - */ -struct mtx hostname_mtx; -MTX_SYSINIT(hostname_mtx, &hostname_mtx, "hostname", MTX_DEF); - static int sysctl_hostname(SYSCTL_HANDLER_ARGS) { - INIT_VPROCG(TD_TO_VPROCG(req->td)); - struct prison *pr; - char tmphostname[MAXHOSTNAMELEN]; - int error; + struct prison *pr, *cpr; + size_t pr_offset; + char tmpname[MAXHOSTNAMELEN]; + int descend, error, len; + + /* + * This function can set: hostname domainname hostuuid. + * Keep that in mind when comments say "hostname". + */ + pr_offset = (size_t)arg1; + len = arg2; + KASSERT(len <= sizeof(tmpname), + ("length %d too long for %s", len, __func__)); pr = req->td->td_ucred->cr_prison; - if (pr != &prison0) { - if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr) - return (EPERM); + if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr) + return (EPERM); + /* + * Make a local copy of hostname to get/set so we don't have to hold + * the jail mutex during the sysctl copyin/copyout activities. + */ + mtx_lock(&pr->pr_mtx); + bcopy((char *)pr + pr_offset, tmpname, len); + mtx_unlock(&pr->pr_mtx); + + error = sysctl_handle_string(oidp, tmpname, len, req); + + if (req->newptr != NULL && error == 0) { /* - * Process is in jail, so make a local copy of jail - * hostname to get/set so we don't have to hold the jail - * mutex during the sysctl copyin/copyout activities. + * Copy the locally set hostname to all jails that share + * this host info. */ + sx_slock(&allprison_lock); + while (!(pr->pr_flags & PR_HOST)) + pr = pr->pr_parent; mtx_lock(&pr->pr_mtx); - bcopy(pr->pr_host, tmphostname, MAXHOSTNAMELEN); + bcopy(tmpname, (char *)pr + pr_offset, len); + FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend) + if (cpr->pr_flags & PR_HOST) + descend = 0; + else + bcopy(tmpname, (char *)cpr + pr_offset, len); mtx_unlock(&pr->pr_mtx); - - error = sysctl_handle_string(oidp, tmphostname, - sizeof pr->pr_host, req); - - if (req->newptr != NULL && error == 0) { - /* - * Copy the locally set hostname to the jail, if - * appropriate. - */ - mtx_lock(&pr->pr_mtx); - bcopy(tmphostname, pr->pr_host, MAXHOSTNAMELEN); - mtx_unlock(&pr->pr_mtx); - } - } else { - mtx_lock(&hostname_mtx); - bcopy(V_hostname, tmphostname, MAXHOSTNAMELEN); - mtx_unlock(&hostname_mtx); - error = sysctl_handle_string(oidp, tmphostname, - sizeof tmphostname, req); - if (req->newptr != NULL && error == 0) { - mtx_lock(&prison0.pr_mtx); - mtx_lock(&hostname_mtx); - bcopy(tmphostname, prison0.pr_host, MAXHOSTNAMELEN); - bcopy(tmphostname, V_hostname, MAXHOSTNAMELEN); - mtx_unlock(&hostname_mtx); - mtx_unlock(&prison0.pr_mtx); - } + sx_sunlock(&allprison_lock); } return (error); } SYSCTL_PROC(_kern, KERN_HOSTNAME, hostname, - CTLTYPE_STRING|CTLFLAG_RW|CTLFLAG_PRISON|CTLFLAG_MPSAFE, - 0, 0, sysctl_hostname, "A", "Hostname"); + CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE, + (void *)(offsetof(struct prison, pr_host)), MAXHOSTNAMELEN, + sysctl_hostname, "A", "Hostname"); +SYSCTL_PROC(_kern, KERN_NISDOMAINNAME, domainname, + CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE, + (void *)(offsetof(struct prison, pr_domain)), MAXHOSTNAMELEN, + sysctl_hostname, "A", "Name of the current YP/NIS domain"); +SYSCTL_PROC(_kern, KERN_HOSTUUID, hostuuid, + CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE, + (void *)(offsetof(struct prison, pr_uuid)), HOSTUUIDLEN, + sysctl_hostname, "A", "Host UUID"); static int regression_securelevel_nonmonotonic = 0; @@ -341,38 +338,43 @@ SYSCTL_PROC(_kern, OID_AUTO, conftxt, CTLTYPE_STRING|CTLFLAG_RW, 0, 0, sysctl_kern_config, "", "Kernel configuration file"); #endif -#ifdef VIMAGE_GLOBALS -char domainname[MAXHOSTNAMELEN]; /* Protected by hostname_mtx. */ -#endif - static int -sysctl_domainname(SYSCTL_HANDLER_ARGS) +sysctl_hostid(SYSCTL_HANDLER_ARGS) { - INIT_VPROCG(TD_TO_VPROCG(req->td)); - char tmpdomainname[MAXHOSTNAMELEN]; - int error; - - mtx_lock(&hostname_mtx); - bcopy(V_domainname, tmpdomainname, MAXHOSTNAMELEN); - mtx_unlock(&hostname_mtx); - error = sysctl_handle_string(oidp, tmpdomainname, - sizeof tmpdomainname, req); + struct prison *pr, *cpr; + u_long tmpid; + int descend, error; + + /* + * Like sysctl_hostname, except it operates on a u_long + * instead of a string, and is used only for hostid. + */ + pr = req->td->td_ucred->cr_prison; + if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr) + return (EPERM); + tmpid = pr->pr_hostid; + error = sysctl_handle_long(oidp, &tmpid, 0, req); + if (req->newptr != NULL && error == 0) { - mtx_lock(&hostname_mtx); - bcopy(tmpdomainname, V_domainname, MAXHOSTNAMELEN); - mtx_unlock(&hostname_mtx); + sx_slock(&allprison_lock); + while (!(pr->pr_flags & PR_HOST)) + pr = pr->pr_parent; + mtx_lock(&pr->pr_mtx); + pr->pr_hostid = tmpid; + FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend) + if (cpr->pr_flags & PR_HOST) + descend = 0; + else + cpr->pr_hostid = tmpid; + mtx_unlock(&pr->pr_mtx); + sx_sunlock(&allprison_lock); } return (error); } -SYSCTL_PROC(_kern, KERN_NISDOMAINNAME, domainname, CTLTYPE_STRING|CTLFLAG_RW, - 0, 0, sysctl_domainname, "A", "Name of the current YP/NIS domain"); - -u_long hostid; -SYSCTL_ULONG(_kern, KERN_HOSTID, hostid, CTLFLAG_RW, &hostid, 0, "Host ID"); -char hostuuid[64] = "00000000-0000-0000-0000-000000000000"; -SYSCTL_STRING(_kern, KERN_HOSTUUID, hostuuid, CTLFLAG_RW, hostuuid, - sizeof(hostuuid), "Host UUID"); +SYSCTL_PROC(_kern, KERN_HOSTID, hostid, + CTLTYPE_ULONG | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE, + NULL, 0, sysctl_hostid, "LU", "Host ID"); SYSCTL_NODE(_kern, OID_AUTO, features, CTLFLAG_RD, 0, "Kernel Features"); diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c index 7702ad8..3fc2e72 100644 --- a/sys/kern/kern_shutdown.c +++ b/sys/kern/kern_shutdown.c @@ -51,6 +51,7 @@ __FBSDID("$FreeBSD$"); #include <sys/conf.h> #include <sys/cons.h> #include <sys/eventhandler.h> +#include <sys/jail.h> #include <sys/kdb.h> #include <sys/kernel.h> #include <sys/kerneldump.h> @@ -65,7 +66,6 @@ __FBSDID("$FreeBSD$"); #include <sys/smp.h> /* smp_active */ #include <sys/sysctl.h> #include <sys/sysproto.h> -#include <sys/vimage.h> #include <ddb/ddb.h> @@ -693,7 +693,7 @@ mkdumpheader(struct kerneldumpheader *kdh, char *magic, uint32_t archver, kdh->dumplength = htod64(dumplen); kdh->dumptime = htod64(time_second); kdh->blocksize = htod32(blksz); - strncpy(kdh->hostname, G_hostname, sizeof(kdh->hostname)); + strncpy(kdh->hostname, prison0.pr_host, sizeof(kdh->hostname)); strncpy(kdh->versionstring, version, sizeof(kdh->versionstring)); if (panicstr != NULL) strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); diff --git a/sys/kern/kern_xxx.c b/sys/kern/kern_xxx.c index e60d05e..095e3ff 100644 --- a/sys/kern/kern_xxx.c +++ b/sys/kern/kern_xxx.c @@ -45,7 +45,6 @@ __FBSDID("$FreeBSD$"); #include <sys/socket.h> #include <sys/sysctl.h> #include <sys/utsname.h> -#include <sys/vimage.h> #include <vm/vm_param.h> @@ -103,9 +102,13 @@ ogethostid(td, uap) struct thread *td; struct ogethostid_args *uap; { + size_t len = sizeof(long); + int name[2]; - *(long *)(td->td_retval) = hostid; - return (0); + name[0] = CTL_KERN; + name[1] = KERN_HOSTID; + return (kernel_sysctl(td, name, 2, (long *)td->td_retval, &len, + NULL, 0, NULL, 0)); } #endif /* COMPAT_43 */ @@ -121,15 +124,12 @@ osethostid(td, uap) struct thread *td; struct osethostid_args *uap; { - int error; + int name[2]; - error = priv_check(td, PRIV_SETHOSTID); - if (error) - return (error); - mtx_lock(&Giant); - hostid = uap->hostid; - mtx_unlock(&Giant); - return (0); + name[0] = CTL_KERN; + name[1] = KERN_HOSTID; + return (kernel_sysctl(td, name, 2, NULL, NULL, &uap->hostid, + sizeof(uap->hostid), NULL, 0)); } int diff --git a/sys/kgssapi/gsstest.c b/sys/kgssapi/gsstest.c index c54fb5d..324ebbf 100644 --- a/sys/kgssapi/gsstest.c +++ b/sys/kgssapi/gsstest.c @@ -38,7 +38,6 @@ __FBSDID("$FreeBSD$"); #include <sys/socketvar.h> #include <sys/sysent.h> #include <sys/sysproto.h> -#include <sys/vimage.h> #include <kgssapi/gssapi.h> #include <kgssapi/gssapi_impl.h> @@ -200,7 +199,7 @@ gss_OID GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X = &gss_krb5_set_allowable_enctypes_x_d * use them to exchange signed and sealed messages. */ static int -gsstest_1(void) +gsstest_1(struct thread *td) { OM_uint32 maj_stat, min_stat; OM_uint32 smaj_stat, smin_stat; @@ -228,7 +227,8 @@ gsstest_1(void) { static char sbuf[512]; - snprintf(sbuf, sizeof(sbuf), "nfs@%s", V_hostname); + memcpy(sbuf, "nfs@", 4); + getcredhostname(td->td_ucred, sbuf + 4, sizeof(sbuf) - 4); name_desc.value = sbuf; } @@ -410,7 +410,7 @@ out: * wrapped reply to userland. */ static int -gsstest_2(int step, const gss_buffer_t input_token, +gsstest_2(struct thread *td, int step, const gss_buffer_t input_token, OM_uint32 *maj_stat_res, OM_uint32 *min_stat_res, gss_buffer_t output_token) { OM_uint32 maj_stat, min_stat; @@ -431,7 +431,9 @@ gsstest_2(int step, const gss_buffer_t input_token, case 1: if (server_context == GSS_C_NO_CONTEXT) { static char sbuf[512]; - snprintf(sbuf, sizeof(sbuf), "nfs@%s", V_hostname); + memcpy(sbuf, "nfs@", 4); + getcredhostname(td->td_ucred, sbuf + 4, + sizeof(sbuf) - 4); name_desc.value = sbuf; name_desc.length = strlen((const char *) name_desc.value); @@ -789,7 +791,7 @@ again: * RPCSEC_GSS client */ static int -gsstest_3(void) +gsstest_3(struct thread *td) { struct sockaddr_in sin; char service[128]; @@ -812,7 +814,8 @@ gsstest_3(void) return(1); } - snprintf(service, sizeof(service), "host@%s", V_hostname); + memcpy(service, "host@", 5); + getcredhostname(td->td_ucred, service + 5, sizeof(service) - 5); auth = rpc_gss_seccreate(client, curthread->td_ucred, service, "kerberosv5", rpc_gss_svc_privacy, @@ -875,14 +878,15 @@ static bool_t server_new_context(struct svc_req *req, gss_cred_id_t deleg, static void server_program_1(struct svc_req *rqstp, register SVCXPRT *transp); static int -gsstest_4(void) +gsstest_4(struct thread *td) { SVCPOOL *pool; char principal[128 + 5]; const char **mechs; static rpc_gss_callback_t cb; - snprintf(principal, sizeof(principal), "host@%s", V_hostname); + memcpy(principal, "host@", 5); + getcredhostname(td->td_ucred, principal + 5, sizeof(principal) - 5); mechs = rpc_gss_get_mechanisms(); while (*mechs) { @@ -1054,7 +1058,7 @@ gsstest(struct thread *td, struct gsstest_args *uap) switch (uap->a_op) { case 1: - return (gsstest_1()); + return (gsstest_1(td)); case 2: { struct gsstest_2_args args; @@ -1076,7 +1080,7 @@ gsstest(struct thread *td, struct gsstest_args *uap) } output_token.length = 0; output_token.value = NULL; - gsstest_2(args.step, &input_token, + gsstest_2(td, args.step, &input_token, &res.maj_stat, &res.min_stat, &output_token); gss_release_buffer(&junk, &input_token); if (output_token.length > args.output_token.length) { @@ -1096,9 +1100,9 @@ gsstest(struct thread *td, struct gsstest_args *uap) break; } case 3: - return (gsstest_3()); + return (gsstest_3(td)); case 4: - return (gsstest_4()); + return (gsstest_4(td)); } return (EINVAL); diff --git a/sys/netinet6/icmp6.c b/sys/netinet6/icmp6.c index f49a407..e9ef879 100644 --- a/sys/netinet6/icmp6.c +++ b/sys/netinet6/icmp6.c @@ -70,6 +70,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/domain.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/lock.h> #include <sys/malloc.h> @@ -401,7 +402,6 @@ int icmp6_input(struct mbuf **mp, int *offp, int proto) { INIT_VNET_INET6(curvnet); - INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ struct mbuf *m = *mp, *n; struct ifnet *ifp; struct ip6_hdr *ip6, *nip6; @@ -663,7 +663,6 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) else goto badlen; -#define hostnamelen strlen(V_hostname) if (mode == FQDN) { #ifndef PULLDOWN_TEST IP6_EXTHDR_CHECK(m, off, sizeof(struct icmp6_nodeinfo), @@ -675,8 +674,9 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) /* XXX meaningless if n == NULL */ noff = sizeof(struct ip6_hdr); } else { + struct prison *pr; u_char *p; - int maxlen, maxhlen; + int maxlen, maxhlen, hlen; /* * XXX: this combination of flags is pointless, @@ -718,9 +718,11 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) n->m_pkthdr.rcvif = NULL; n->m_len = 0; maxhlen = M_TRAILINGSPACE(n) - maxlen; - mtx_lock(&hostname_mtx); - if (maxhlen > hostnamelen) - maxhlen = hostnamelen; + pr = curthread->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + hlen = strlen(pr->pr_host); + if (maxhlen > hlen) + maxhlen = hlen; /* * Copy IPv6 and ICMPv6 only. */ @@ -730,15 +732,14 @@ icmp6_input(struct mbuf **mp, int *offp, int proto) bcopy(icmp6, nicmp6, sizeof(struct icmp6_hdr)); p = (u_char *)(nicmp6 + 1); bzero(p, 4); - bcopy(V_hostname, p + 4, maxhlen); /* meaningless TTL */ - mtx_unlock(&hostname_mtx); + bcopy(pr->pr_host, p + 4, maxhlen); /* meaningless TTL */ + mtx_unlock(&pr->pr_mtx); noff = sizeof(struct ip6_hdr); n->m_pkthdr.len = n->m_len = sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + 4 + maxhlen; nicmp6->icmp6_type = ICMP6_WRUREPLY; nicmp6->icmp6_code = 0; } -#undef hostnamelen if (n) { ICMP6STAT_INC(icp6s_reflect); ICMP6STAT_INC(icp6s_outhist[ICMP6_WRUREPLY]); @@ -1177,14 +1178,13 @@ icmp6_mtudisc_update(struct ip6ctlparam *ip6cp, int validated) * - joins NI group address at in6_ifattach() time only, does not cope * with hostname changes by sethostname(3) */ -#define hostnamelen strlen(V_hostname) static struct mbuf * ni6_input(struct mbuf *m, int off) { INIT_VNET_INET6(curvnet); - INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ struct icmp6_nodeinfo *ni6, *nni6; struct mbuf *n = NULL; + struct prison *pr; u_int16_t qtype; int subjlen; int replylen = sizeof(struct ip6_hdr) + sizeof(struct icmp6_nodeinfo); @@ -1333,9 +1333,10 @@ ni6_input(struct mbuf *m, int off) * wildcard match, if gethostname(3) side has * truncated hostname. */ - mtx_lock(&hostname_mtx); - n = ni6_nametodns(V_hostname, hostnamelen, 0); - mtx_unlock(&hostname_mtx); + pr = curthread->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + n = ni6_nametodns(pr->pr_host, strlen(pr->pr_host), 0); + mtx_unlock(&pr->pr_mtx); if (!n || n->m_next || n->m_len == 0) goto bad; IP6_EXTHDR_GET(subj, char *, m, @@ -1457,11 +1458,13 @@ ni6_input(struct mbuf *m, int off) nni6->ni_flags = 0; /* XXX: meaningless TTL */ fqdn->ni_fqdn_ttl = 0; /* ditto. */ /* - * XXX do we really have FQDN in variable "hostname"? + * XXX do we really have FQDN in hostname? */ - mtx_lock(&hostname_mtx); - n->m_next = ni6_nametodns(V_hostname, hostnamelen, oldfqdn); - mtx_unlock(&hostname_mtx); + pr = curthread->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + n->m_next = + ni6_nametodns(pr->pr_host, strlen(pr->pr_host), oldfqdn); + mtx_unlock(&pr->pr_mtx); if (n->m_next == NULL) goto bad; /* XXX we assume that n->m_next is not a chain */ @@ -1497,7 +1500,6 @@ ni6_input(struct mbuf *m, int off) m_freem(n); return (NULL); } -#undef hostnamelen /* * make a mbuf with DNS-encoded string. no compression support. diff --git a/sys/netinet6/in6_ifattach.c b/sys/netinet6/in6_ifattach.c index c1f828b..1137ad7 100644 --- a/sys/netinet6/in6_ifattach.c +++ b/sys/netinet6/in6_ifattach.c @@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$"); #include <sys/malloc.h> #include <sys/socket.h> #include <sys/sockio.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/syslog.h> #include <sys/md5.h> @@ -104,24 +105,27 @@ static void in6_purgemaddrs(struct ifnet *); static int get_rand_ifid(struct ifnet *ifp, struct in6_addr *in6) { - INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ MD5_CTX ctxt; + struct prison *pr; u_int8_t digest[16]; int hostnamelen; - mtx_lock(&hostname_mtx); - hostnamelen = strlen(V_hostname); + pr = curthread->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + hostnamelen = strlen(pr->pr_host); #if 0 /* we need at least several letters as seed for ifid */ - if (hostnamelen < 3) + if (hostnamelen < 3) { + mtx_unlock(&pr->pr_mtx); return -1; + } #endif /* generate 8 bytes of pseudo-random value. */ bzero(&ctxt, sizeof(ctxt)); MD5Init(&ctxt); - MD5Update(&ctxt, V_hostname, hostnamelen); - mtx_unlock(&hostname_mtx); + MD5Update(&ctxt, pr->pr_host, hostnamelen); + mtx_unlock(&pr->pr_mtx); MD5Final(digest, &ctxt); /* assumes sizeof(digest) > sizeof(ifid) */ @@ -620,11 +624,10 @@ int in6_nigroup(struct ifnet *ifp, const char *name, int namelen, struct in6_addr *in6) { - INIT_VPROCG(TD_TO_VPROCG(curthread)); /* XXX V_hostname needs this */ + struct prison *pr; const char *p; u_char *q; MD5_CTX ctxt; - int use_hostname; u_int8_t digest[16]; char l; char n[64]; /* a single label must not exceed 63 chars */ @@ -634,15 +637,15 @@ in6_nigroup(struct ifnet *ifp, const char *name, int namelen, * we try to do the hostname lookup ourselves. */ if (!name && namelen == -1) { - use_hostname = 1; - mtx_lock(&hostname_mtx); - name = V_hostname; + pr = curthread->td_ucred->cr_prison; + mtx_lock(&pr->pr_mtx); + name = pr->pr_host; namelen = strlen(name); } else - use_hostname = 0; + pr = NULL; if (!name || !namelen) { - if (use_hostname) - mtx_unlock(&hostname_mtx); + if (pr != NULL) + mtx_unlock(&pr->pr_mtx); return -1; } @@ -650,14 +653,14 @@ in6_nigroup(struct ifnet *ifp, const char *name, int namelen, while (p && *p && *p != '.' && p - name < namelen) p++; if (p == name || p - name > sizeof(n) - 1) { - if (use_hostname) - mtx_unlock(&hostname_mtx); + if (pr != NULL) + mtx_unlock(&pr->pr_mtx); return -1; /* label too long */ } l = p - name; strncpy(n, name, l); - if (use_hostname) - mtx_unlock(&hostname_mtx); + if (pr != NULL) + mtx_unlock(&pr->pr_mtx); n[(int)l] = '\0'; for (q = n; *q; q++) { if ('A' <= *q && *q <= 'Z') diff --git a/sys/nfsclient/bootp_subr.c b/sys/nfsclient/bootp_subr.c index b51b38d..d3151c9 100644 --- a/sys/nfsclient/bootp_subr.c +++ b/sys/nfsclient/bootp_subr.c @@ -48,6 +48,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/systm.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/sockio.h> #include <sys/malloc.h> @@ -1558,10 +1559,10 @@ bootpc_decode_reply(struct nfsv3_diskless *nd, struct bootpc_ifcontext *ifctx, printf("hostname %s (ignored) ", p); } else { strcpy(nd->my_hostnam, p); - mtx_lock(&hostname_mtx); - strcpy(G_hostname, p); - printf("hostname %s ", G_hostname); - mtx_unlock(&hostname_mtx); + mtx_lock(&prison0.pr_mtx); + strcpy(prison0.pr_host, p); + mtx_unlock(&prison0.pr_mtx); + printf("hostname %s ", p); gctx->sethostname = ifctx; } } diff --git a/sys/nfsclient/nfs_vfsops.c b/sys/nfsclient/nfs_vfsops.c index 7d48023..5bc5cfd 100644 --- a/sys/nfsclient/nfs_vfsops.c +++ b/sys/nfsclient/nfs_vfsops.c @@ -44,6 +44,7 @@ __FBSDID("$FreeBSD$"); #include <sys/kernel.h> #include <sys/bio.h> #include <sys/buf.h> +#include <sys/jail.h> #include <sys/lock.h> #include <sys/malloc.h> #include <sys/mbuf.h> @@ -56,7 +57,6 @@ __FBSDID("$FreeBSD$"); #include <sys/sysctl.h> #include <sys/vnode.h> #include <sys/signalvar.h> -#include <sys/vimage.h> #include <vm/vm.h> #include <vm/vm_extern.h> @@ -415,12 +415,11 @@ int nfs_mountroot(struct mount *mp) { struct thread *td = curthread; - INIT_VPROCG(TD_TO_VPROCG(td)); struct nfsv3_diskless *nd = &nfsv3_diskless; struct socket *so; struct vnode *vp; struct ifreq ir; - int error, i; + int error; u_long l; char buf[128]; char *cp; @@ -524,13 +523,9 @@ nfs_mountroot(struct mount *mp) * set hostname here and then let the "/etc/rc.xxx" files * mount the right /var based upon its preset value. */ - mtx_lock(&hostname_mtx); - bcopy(nd->my_hostnam, V_hostname, MAXHOSTNAMELEN); - V_hostname[MAXHOSTNAMELEN - 1] = '\0'; - for (i = 0; i < MAXHOSTNAMELEN; i++) - if (V_hostname[i] == '\0') - break; - mtx_unlock(&hostname_mtx); + mtx_lock(&prison0.pr_mtx); + strlcpy(prison0.pr_host, nd->my_hostnam, sizeof (prison0.pr_host)); + mtx_unlock(&prison0.pr_mtx); inittodr(ntohl(nd->root_time)); return (0); } diff --git a/sys/nfsserver/nfs_srvkrpc.c b/sys/nfsserver/nfs_srvkrpc.c index 030d02a..2b3b48a 100644 --- a/sys/nfsserver/nfs_srvkrpc.c +++ b/sys/nfsserver/nfs_srvkrpc.c @@ -61,7 +61,6 @@ __FBSDID("$FreeBSD$"); #include <sys/fcntl.h> #include <sys/lockf.h> #include <sys/eventhandler.h> -#include <sys/vimage.h> #include <netinet/in.h> #include <netinet/tcp.h> @@ -489,7 +488,9 @@ nfssvc_nfsd(struct thread *td, struct nfsd_nfsd_args *args) if (error) return (error); } else { - snprintf(principal, sizeof(principal), "nfs@%s", V_hostname); + memcpy(principal, "nfs@", 4); + getcredhostname(td->td_ucred, principal + 4, + sizeof(principal) - 4); } #endif diff --git a/sys/nlm/nlm_advlock.c b/sys/nlm/nlm_advlock.c index 761ed73..0be799d 100644 --- a/sys/nlm/nlm_advlock.c +++ b/sys/nlm/nlm_advlock.c @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/fcntl.h> +#include <sys/jail.h> #include <sys/kernel.h> #include <sys/limits.h> #include <sys/lock.h> @@ -42,7 +43,6 @@ __FBSDID("$FreeBSD$"); #include <sys/syslog.h> #include <sys/systm.h> #include <sys/unistd.h> -#include <sys/vimage.h> #include <sys/vnode.h> #include <nfs/nfsproto.h> @@ -231,9 +231,7 @@ nlm_advlock_internal(struct vnode *vp, void *id, int op, struct flock *fl, sa = nmp->nm_nam; memcpy(&ss, sa, sa->sa_len); sa = (struct sockaddr *) &ss; - mtx_lock(&hostname_mtx); strcpy(servername, nmp->nm_hostname); - mtx_unlock(&hostname_mtx); fhlen = np->n_fhsize; memcpy(&fh.fh_bytes, np->n_fhp, fhlen); timo.tv_sec = nmp->nm_timeo / NFS_HZ; @@ -1222,13 +1220,13 @@ nlm_init_lock(struct flock *fl, int flags, int svid, return (EOVERFLOW); } - mtx_lock(&hostname_mtx); - snprintf(oh_space, 32, "%d@%s", svid, G_hostname); - mtx_unlock(&hostname_mtx); + snprintf(oh_space, 32, "%d@", svid); + oh_len = strlen(oh_space); + getcredhostname(NULL, oh_space + oh_len, 32 - oh_len); oh_len = strlen(oh_space); memset(lock, 0, sizeof(*lock)); - lock->caller_name = G_hostname; + lock->caller_name = prison0.pr_host; lock->fh.n_len = fhlen; lock->fh.n_bytes = fh; lock->oh.n_len = oh_len; diff --git a/sys/rpc/authunix_prot.c b/sys/rpc/authunix_prot.c index eb75e2d..fc03dff 100644 --- a/sys/rpc/authunix_prot.c +++ b/sys/rpc/authunix_prot.c @@ -44,12 +44,10 @@ __FBSDID("$FreeBSD$"); */ #include <sys/param.h> +#include <sys/jail.h> #include <sys/kernel.h> -#include <sys/lock.h> -#include <sys/mutex.h> #include <sys/systm.h> #include <sys/ucred.h> -#include <sys/vimage.h> #include <rpc/types.h> #include <rpc/xdr.h> @@ -69,14 +67,14 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred) uint32_t namelen; uint32_t ngroups, i; uint32_t junk; - INIT_VPROCG(TD_TO_VPROCG(&thread0)); /* XXX revisit - fixme! */ + char hostbuf[MAXHOSTNAMELEN]; - mtx_lock(&hostname_mtx); if (xdrs->x_op == XDR_ENCODE) { /* * Restrict name length to 255 according to RFC 1057. */ - namelen = strlen(V_hostname); + getcredhostname(NULL, hostbuf, sizeof(hostbuf)); + namelen = strlen(hostbuf); if (namelen > 255) namelen = 255; } else { @@ -92,12 +90,11 @@ xdr_authunix_parms(XDR *xdrs, uint32_t *time, struct xucred *cred) * Ignore the hostname on decode. */ if (xdrs->x_op == XDR_ENCODE) { - if (!xdr_opaque(xdrs, V_hostname, namelen)) + if (!xdr_opaque(xdrs, hostbuf, namelen)) return (FALSE); } else { xdr_setpos(xdrs, xdr_getpos(xdrs) + RNDUP(namelen)); } - mtx_unlock(&hostname_mtx); if (!xdr_uint32_t(xdrs, &cred->cr_uid)) return (FALSE); diff --git a/sys/sparc64/sparc64/dump_machdep.c b/sys/sparc64/sparc64/dump_machdep.c index 5a90175a..b76d14b 100644 --- a/sys/sparc64/sparc64/dump_machdep.c +++ b/sys/sparc64/sparc64/dump_machdep.c @@ -33,7 +33,6 @@ #include <sys/cons.h> #include <sys/kernel.h> #include <sys/kerneldump.h> -#include <sys/vimage.h> #include <vm/vm.h> #include <vm/vm_param.h> diff --git a/sys/sun4v/sun4v/dump_machdep.c b/sys/sun4v/sun4v/dump_machdep.c index 3a5d134..c0f7978 100644 --- a/sys/sun4v/sun4v/dump_machdep.c +++ b/sys/sun4v/sun4v/dump_machdep.c @@ -33,7 +33,6 @@ #include <sys/cons.h> #include <sys/kernel.h> #include <sys/kerneldump.h> -#include <sys/vimage.h> #include <vm/vm.h> #include <vm/vm_param.h> diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 0ee5f94..815701c 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -129,6 +129,8 @@ MALLOC_DECLARE(M_PRISON); #include <sys/osd.h> +#define HOSTUUIDLEN 64 + /* * This structure describes a prison. It is pointed to by all struct * ucreds's of the inmates. pr_ref keeps track of them and is used to @@ -166,12 +168,16 @@ struct prison { int pr_prisoncount; /* (a) number of child jails */ unsigned pr_allow; /* (p) PR_ALLOW_* flags */ int pr_enforce_statfs; /* (p) statfs permission */ + char pr_domain[MAXHOSTNAMELEN]; /* (p) jail domainname */ + char pr_uuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ + unsigned long pr_hostid; /* (p) jail hostid */ }; #endif /* _KERNEL || _WANT_PRISON */ #ifdef _KERNEL /* Flag bits set via options */ #define PR_PERSIST 0x00000001 /* Can exist without processes */ +#define PR_HOST 0x00000002 /* Virtualize hostname et al */ #define PR_IP4_USER 0x00000004 /* Virtualize IPv4 addresses */ #define PR_IP6_USER 0x00000008 /* Virtualize IPv6 addresses */ diff --git a/sys/sys/kernel.h b/sys/sys/kernel.h index 997e20d..478b0d8 100644 --- a/sys/sys/kernel.h +++ b/sys/sys/kernel.h @@ -55,13 +55,6 @@ /* Global variables for the kernel. */ /* 1.1 */ -extern struct mtx hostname_mtx; -extern unsigned long hostid; -extern char hostuuid[64]; -#ifdef VIMAGE_GLOBALS -extern char hostname[MAXHOSTNAMELEN]; -extern char domainname[MAXHOSTNAMELEN]; -#endif extern char kernelname[MAXPATHLEN]; extern int tick; /* usec per tick (1000000 / hz) */ diff --git a/sys/sys/priv.h b/sys/sys/priv.h index ac6075b..3f1eb83 100644 --- a/sys/sys/priv.h +++ b/sys/sys/priv.h @@ -78,7 +78,7 @@ #define PRIV_NTP_ADJTIME 16 /* Set NTP time adjustment. */ #define PRIV_CLOCK_SETTIME 17 /* Can call clock_settime. */ #define PRIV_SETTIMEOFDAY 18 /* Can call settimeofday. */ -#define PRIV_SETHOSTID 19 /* Can call sethostid. */ +#define _PRIV_SETHOSTID 19 /* Removed. */ #define _PRIV_SETDOMAINNAME 20 /* Removed. */ /* diff --git a/sys/sys/vimage.h b/sys/sys/vimage.h index ddbe7f0..6540448 100644 --- a/sys/sys/vimage.h +++ b/sys/sys/vimage.h @@ -187,8 +187,6 @@ struct vprocg { LIST_ENTRY(vprocg) vprocg_le; u_int vprocg_id; /* ID num */ u_int nprocs; - char _hostname[MAXHOSTNAMELEN]; - char _domainname[MAXHOSTNAMELEN]; }; #ifdef VIMAGE @@ -324,15 +322,6 @@ extern struct vprocg_list_head vprocg_head; /* XXX those defines bellow should probably go into vprocg.h and vcpu.h */ #define VPROCG(sym) VSYM(vprocg, sym) -#ifdef VIMAGE -#define G_hostname TD_TO_VPROCG(&thread0)->_hostname -#else -#define G_hostname VPROCG(hostname) -#endif - -#define V_hostname VPROCG(hostname) -#define V_domainname VPROCG(domainname) - /* * Size-guards for the vimage structures. * If you need to update the values you MUST increment __FreeBSD_version. diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index e631207..a37a122 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -34,7 +34,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 27, 2009 +.Dd May 29, 2009 .Dt JAIL 8 .Os .Sh NAME @@ -263,7 +263,14 @@ A list of IPv6 addresses assigned to the prison, the counterpart to above. .It Va host.hostname Hostname of the prison. -If not specified, a jail will use the system hostname. +Other similar parameters are +.Va host.domainname , +.Va host.hostuuid +and +.Va host.hostid . +Setting the boolean parameter +.Va nohost +will retain the system values of these settings. .It Va securelevel The value of the jail's .Va kern.securelevel @@ -737,13 +744,16 @@ The variable determines how may address per address family a prison may have. The default is 255. .Pp -There are currently two MIB variables that have per-jail settings. +Some MIB variables have per-jail settings. Changes to these variables by a jailed process do not effect the host environment, only the jail environment. -The variables are -.Va kern.securelevel +These variables are +.Va kern.securelevel , +.Va kern.hostname , +.Va kern.domainname , +.Va kern.hostid , and -.Va kern.hostname . +.Va kern.hostuuid . .Ss "Hierarchical Jails" By setting a jail's .Va allow.jails |
