From e8fb8c14b5967d573ac36aa8c3a6fc4ac98543fb Mon Sep 17 00:00:00 2001 From: rwatson Date: Thu, 10 Feb 2000 18:51:58 +0000 Subject: Fix sysctl namespace for jail: move the kern.jailcansethostname to kern.prison.set_hostname_allowed, off of the kern.prison node. Future jail twiddles should be placed in this namespace. --- sys/kern/kern_mib.c | 10 +++++----- sys/sys/jail.h | 5 +++++ sys/sys/sysctl.h | 4 +--- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/sys/kern/kern_mib.c b/sys/kern/kern_mib.c index c93cc6f..84ca34a 100644 --- a/sys/kern/kern_mib.c +++ b/sys/kern/kern_mib.c @@ -145,10 +145,10 @@ static char machine_arch[] = MACHINE_ARCH; SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD, machine_arch, 0, "System architecture"); -static int jailcansethostname=1; -SYSCTL_INT(_kern, KERN_JAILCANSETHOSTNAME, jailcansethostname, - CTLFLAG_RW, &jailcansethostname, 0, - "Jail can set its hostname"); +static int prison_set_hostname_allowed = 1; +SYSCTL_INT(_kern_prison, OID_AUTO, set_hostname_allowed, CTLFLAG_RW, + &prison_set_hostname_allowed, 0, + "Processes in prison can set their hostnames"); char hostname[MAXHOSTNAMELEN]; @@ -158,7 +158,7 @@ sysctl_hostname SYSCTL_HANDLER_ARGS int error; if (req->p->p_prison) { - if (!jailcansethostname) + if (!prison_set_hostname_allowed) return(EPERM); error = sysctl_handle_string(oidp, req->p->p_prison->pr_host, diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 7fa6dd0..e946c7a 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -43,5 +43,10 @@ struct prison { void *pr_linux; }; +/* + * Sysctl-set variables that determine global jail policy + */ +extern int prison_set_hostname_allowed; + #endif /* !_KERNEL */ #endif /* !_SYS_JAIL_H_ */ diff --git a/sys/sys/sysctl.h b/sys/sys/sysctl.h index 0e61c04..d5697a6 100644 --- a/sys/sys/sysctl.h +++ b/sys/sys/sysctl.h @@ -260,8 +260,7 @@ void sysctl_unregister_oid(struct sysctl_oid *oidp); #define KERN_PS_STRINGS 32 /* int: address of PS_STRINGS */ #define KERN_USRSTACK 33 /* int: address of USRSTACK */ #define KERN_LOGSIGEXIT 34 /* int: do we log sigexit procs? */ -#define KERN_JAILCANSETHOSTNAME 35 /* int: jailed p can set hostname */ -#define KERN_MAXID 36 /* number of valid kern ids */ +#define KERN_MAXID 35 /* number of valid kern ids */ #define CTL_KERN_NAMES { \ { 0, 0 }, \ @@ -299,7 +298,6 @@ void sysctl_unregister_oid(struct sysctl_oid *oidp); { "ps_strings", CTLTYPE_INT }, \ { "usrstack", CTLTYPE_INT }, \ { "logsigexit", CTLTYPE_INT }, \ - { "jailcansethostname", CTLTYPE_INT }, \ } /* -- cgit v1.1