| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
|
| |
|
|
| |
(Edited automatically)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1:
s/suser/suser_xxx/
2:
Add new function: suser(struct proc *), prototyped in <sys/proc.h>.
3:
s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/
The remaining suser_xxx() calls will be scrutinized and dealt with
later.
There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.
More changes to the suser() API will come along with the "jail" code.
|
| |
|
|
|
| |
apparently has a much better optimiser, requiring 'volatile' memory
to be declared as such).
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
<sys/queue.h>. This fixes my recent breakage of biosboot by unpolluting
<ufs/ufs/quota.h> in the !KERNEL case.
|
| |
|
|
|
|
| |
lives in ext2_vnops.c for ext2fs. Also remove cast from comparision.
Bruce pointed out that it was bogus since we'd force a signed
comparision when we really wanted an unsigned comparison.
|
| | |
|
| |
|
|
|
|
| |
Use TTYDEF_SPEED rather than 9600 a couple of places.
Reviewed by: bde, with a few grumbles.
|
| |
|
|
| |
was broken.
|
| |
|
|
| |
kernel compile
|
| |
|
|
|
|
|
| |
kernel compile.
This commit includes significant work to proper handle const arguments
for the DDB symbol routines.
|
| |
|
|
| |
kernel compile
|
| |
|
|
| |
LKM anyway. It does work as a preloaded KLD module though.
|
| | |
|
| |
|
|
|
| |
time initializing them. This almost finishes centralizing (in-core)
timestamp updates in ufs_itimes().
|
| |
|
|
|
|
| |
MNT_WAIT when we mean boolean `true' or check for that value not being
passed. There was no problem in practice because MNT_WAIT had the
magic value of 1.
|
| | |
|
| |
|
|
|
| |
Trivial change of macro name from DEBUG to AWE_DEBUG to avoid conflict
with kernel DEBUG option.
|
| |
|
|
| |
and local variables, goto labels, and functions declared but not defined.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
|
| | |
|
| |
|
|
| |
modeventhand_t.
|
| | |
|
| |
|
|
| |
rather than abusing the list next pointer with a magic number.
|
| |
|
|
|
| |
warnings to be the same as the ffs code. Previously, any error from
the UFS_UPDATE() call was lost (I think).
|
| |
|
|
|
| |
the more expensive vinvalbuf(), based on the FFS version of the same
routine. I don't have any ext2fs filesystems to test this on.
|
| |
|
|
|
|
|
| |
They checked for the magic major number for the "device" behind mfs
mount points. Use a more obvious check for this device.
Debugged by: Andrew Gallatin <gallatin@cs.duke.edu>
|
| |
|
|
| |
them.
|
| |
|
|
|
| |
when bdevsw[] became sparse. We still depend on magic to avoid having to
check that (v_rdev) device numbers in vnodes are not NODEV.
|
| |
|
|
|
| |
Print a message when it attaches to pmath_emulate if bootverbose so that
we can be sure it's online.
|
| |
|
|
|
|
| |
Supply the moduledata handle rather than the event dispatcher function.
This should explain the panic on boot problem that's been discussed in
-current at the moment. Both machines had GNU_MATH_EMULATE.
|
| |
|
|
|
|
|
|
| |
This is the bulk of the support for doing kld modules. Two linker_sets
were replaced by SYSINIT()'s. VFS's and exec handlers are self registered.
kld is now a superset of lkm. I have converted most of them, they will
follow as a seperate commit as samples.
This all still works as a static a.out kernel using LKM's.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
but when i_effnlink was added to support soft updates, there was only
room for 4 spares. The number of spares was not reduced, so the inode
size became 260 (on i386's), or 512 after rounding up by malloc().
Use one spare field in `struct dinode' instead of the 5th spare field
in the inode and reduced to 4 spares in the inode so that the size is
256 again.
Changed the types of the spares in the inode from int to u_int32_t
so that the inode size has more chance of being <= 256 under other
arches, and downdated ext2fs to match (it was broken to use ints
before rev.1.1).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
an ext2fs file system is mounted. The soft update changes added
a check for B_DELWRI buffers. This exposed the complete brokenness
of the previous quick fix for failing syncs (PR 3571, committed on
1997/08/04). Use a new buffer flag B_DIRTY and don't abuse B_DELWRI.
B_DIRTY buffers are still written too late, as broken in the previous
fix. This is fairly harmless, because B_DIRTY is only used for
bitmap buffers and fsck.ext2 can fix up the bitmaps perfectly.
Fixed a race in ULCK_BUF() (bremfree() was outside of the splbio()
section).
|
| |
|
|
|
|
| |
they are deleted, so inodes must be cleared when they are reused, but
we didn't clear the indirect blocks. This caused serious filesystem
corruption.
|
| |
|
|
|
|
|
|
|
| |
syncs weren't optimized properly (they probably still aren't, but are bug
for bug compatible with ffs). These fixes are mostly academic, since
ext2fs is too broken to mount read-write (it apparently doesn't clear
indirect blocks).
Obtained from: mostly from Lite2
|
| |
|
|
|
|
|
| |
Fixed vnode and memory leaks after an unlikely (?) error in
ext2_mountfs().
Fixed an unconditional memory leak in ext2_unmount().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes for bugs not shared with ffs:
- don't mount unclean filesystems rw unless forced to.
- accept EXT2_ERROR_FS (treat it like !EXT2_VALID_FS). We still don't set
this or honour the maximal mount count.
- don't attempt to print the name of the mount point when mounting an
unclean file system, since the name of the previous mount point is
unknown and the name of the current mount point is still "".
Fixes for bugs shared with ffs until recently:
- don't set the clean flag on unmount of an initially-unclean filesystem
that was (forcibly) mounted rw.
- set the clean flag on rw -> ro update of a mounted initially-clean
filesystem.
- fixed some style bugs (mostly long lines).
The fixes are slightly simpler than for ffs, because the relevant on-disk
state is not a simple boolean variable, and the superblock has a core-only
extension.
Obtained from: parts from ffs_vfsops.c, parts from NetBSD
|
| |
|
|
|
|
| |
the damage was limited by the default of 0 for vfs.usermount.
Obtained from: Lite2 via the -current ffs_vfsops.c
|
| |
|
|
|
|
|
|
|
| |
surprisingly few problems. Most fields were initialized to the
correct values by bzero(), but lk_prio was 0 instead of PINOD (=8),
the lk_wmsg was NULL instead of "ext2in", and lk_lockholder was 0
instead of -1.
Obtained from: Lite2 via the -current ffs_vfsops.c
|
| |
|
|
| |
(asm) string constants).
|
| |
|
|
|
|
|
|
|
| |
references to them.
The change a couple of days ago to ignore these numbers in statically
configured vfsconf structs was slightly premature because the cd9660,
cfs, devfs, ext2fs, nfs vfs's still used MOUNT_* instead of the number
in their vfsconf struct.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
for the Lite2 fix for always returning EIO in dead_read().
Cleaned up the cdevswitch initializers for all tty drivers.
Removed explicit calls to ttsetwater() from all (tty) drivers. ttsetwater()
is now called centrally for opens, not just for parameter changes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
clustering is obsolescent technology so hardly anyone noticed. On
a DORS 32160 SCSI drive with 4 tags, read clustering makes very
little difference even for huge sequential reads. However, on a
ZIP SCSI drive with 0 tags, the minimum overhead per block is about
40 msec, so very large clusters must be used to get anywhere near
the maximum transfer rate. Using clusters consisting of 1 8K block
reduces the transfer rate to about 250K/sec. Under msdosfs, missing
read clustering is normal and a cluster size of 1 512 byte block
reduces the transfer rate to about 25K/sec.
Broken in: rev.1.18
|
| |
|
|
| |
integers. Don't forget to cast to (void *) as well.
|
| |
|
|
| |
possibly different size).
|
