summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_jail.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/kern/kern_jail.c')
-rw-r--r--sys/kern/kern_jail.c23
1 files changed, 23 insertions, 0 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c
index 282a4d8..8f18583 100644
--- a/sys/kern/kern_jail.c
+++ b/sys/kern/kern_jail.c
@@ -88,7 +88,11 @@ struct prison prison0 = {
.pr_childmax = JAIL_MAX,
.pr_hostuuid = DEFAULT_HOSTUUID,
.pr_children = LIST_HEAD_INITIALIZER(&prison0.pr_children),
+#ifdef VIMAGE
+ .pr_flags = PR_HOST|PR_VNET,
+#else
.pr_flags = PR_HOST,
+#endif
.pr_allow = PR_ALLOW_ALL,
};
MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
@@ -3308,6 +3312,25 @@ getcredhostid(struct ucred *cred, unsigned long *hostid)
mtx_unlock(&cred->cr_prison->pr_mtx);
}
+#ifdef VIMAGE
+/*
+ * Determine whether the prison represented by cred owns
+ * its vnet rather than having it inherited.
+ *
+ * Returns 1 in case the prison owns the vnet, 0 otherwise.
+ */
+int
+prison_owns_vnet(struct ucred *cred)
+{
+
+ /*
+ * vnets cannot be added/removed after jail creation,
+ * so no need to lock here.
+ */
+ return (cred->cr_prison->pr_flags & PR_VNET ? 1 : 0);
+}
+#endif
+
/*
* Determine whether the subject represented by cred can "see"
* status of a mount point.
OpenPOWER on IntegriCloud