The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/sys/jail.h

Version: -  FREEBSD  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-2  -  FREEBSD-11-1  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-4  -  FREEBSD-10-3  -  FREEBSD-10-2  -  FREEBSD-10-1  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-3  -  FREEBSD-9-2  -  FREEBSD-9-1  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-4  -  FREEBSD-8-3  -  FREEBSD-8-2  -  FREEBSD-8-1  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-4  -  FREEBSD-7-3  -  FREEBSD-7-2  -  FREEBSD-7-1  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-4  -  FREEBSD-6-3  -  FREEBSD-6-2  -  FREEBSD-6-1  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-5  -  FREEBSD-5-4  -  FREEBSD-5-3  -  FREEBSD-5-2  -  FREEBSD-5-1  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  linux-2.6  -  linux-2.4.22  -  MK83  -  MK84  -  PLAN9  -  DFBSD  -  NETBSD  -  NETBSD5  -  NETBSD4  -  NETBSD3  -  NETBSD20  -  OPENBSD  -  xnu-517  -  xnu-792  -  xnu-792.6.70  -  xnu-1228  -  xnu-1456.1.26  -  xnu-1699.24.8  -  xnu-2050.18.24  -  OPENSOLARIS  -  minix-3-1-1 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * ----------------------------------------------------------------------------
    3  * "THE BEER-WARE LICENSE" (Revision 42):
    4  * <phk@FreeBSD.org> wrote this file.  As long as you retain this notice you
    5  * can do whatever you want with this stuff. If we meet some day, and you think
    6  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
    7  * ----------------------------------------------------------------------------
    8  *
    9  * $FreeBSD$
   10  *
   11  */
   12 
   13 #ifndef _SYS_JAIL_H_
   14 #define _SYS_JAIL_H_
   15 
   16 #ifdef _KERNEL
   17 struct jail_v0 {
   18         u_int32_t       version;
   19         char            *path;
   20         char            *hostname;
   21         u_int32_t       ip_number;
   22 };
   23 #endif
   24 
   25 struct jail {
   26         uint32_t        version;
   27         char            *path;
   28         char            *hostname;
   29         char            *jailname;
   30         uint32_t        ip4s;
   31         uint32_t        ip6s;
   32         struct in_addr  *ip4;
   33         struct in6_addr *ip6;
   34 };
   35 #define JAIL_API_VERSION 2
   36 
   37 /*
   38  * For all xprison structs, always keep the pr_version an int and
   39  * the first variable so userspace can easily distinguish them.
   40  */
   41 #ifndef _KERNEL
   42 struct xprison_v1 {
   43         int              pr_version;
   44         int              pr_id;
   45         char             pr_path[MAXPATHLEN];
   46         char             pr_host[MAXHOSTNAMELEN];
   47         u_int32_t        pr_ip;
   48 };
   49 #endif
   50 
   51 struct xprison {
   52         int              pr_version;
   53         int              pr_id;
   54         int              pr_state;
   55         cpusetid_t       pr_cpusetid;
   56         char             pr_path[MAXPATHLEN];
   57         char             pr_host[MAXHOSTNAMELEN];
   58         char             pr_name[MAXHOSTNAMELEN];
   59         uint32_t         pr_ip4s;
   60         uint32_t         pr_ip6s;
   61 #if 0
   62         /*
   63          * sizeof(xprison) will be malloced + size needed for all
   64          * IPv4 and IPv6 addesses. Offsets are based numbers of addresses.
   65          */
   66         struct in_addr   pr_ip4[];
   67         struct in6_addr  pr_ip6[];
   68 #endif
   69 };
   70 #define XPRISON_VERSION 3
   71 
   72 static const struct prison_state {
   73         int             pr_state;
   74         const char *    state_name;
   75 } prison_states[] = {
   76 #define PRISON_STATE_INVALID            0
   77         { PRISON_STATE_INVALID,         "INVALID" },
   78 #define PRISON_STATE_ALIVE              1
   79         { PRISON_STATE_ALIVE,           "ALIVE" },
   80 #define PRISON_STATE_DYING              2
   81         { PRISON_STATE_DYING,           "DYING" },
   82 };
   83 
   84 
   85 #ifndef _KERNEL
   86 
   87 int jail(struct jail *);
   88 int jail_attach(int);
   89 
   90 #else /* _KERNEL */
   91 
   92 #include <sys/queue.h>
   93 #include <sys/_lock.h>
   94 #include <sys/_mutex.h>
   95 #include <sys/_task.h>
   96 
   97 #define JAIL_MAX        999999
   98 
   99 #ifdef MALLOC_DECLARE
  100 MALLOC_DECLARE(M_PRISON);
  101 #endif
  102 #endif /* _KERNEL */
  103 
  104 struct cpuset;
  105 
  106 /*
  107  * This structure describes a prison.  It is pointed to by all struct
  108  * ucreds's of the inmates.  pr_ref keeps track of them and is used to
  109  * delete the struture when the last inmate is dead.
  110  *
  111  * Lock key:
  112  *   (a) allprison_lock
  113  *   (p) locked by pr_mtx
  114  *   (c) set only during creation before the structure is shared, no mutex
  115  *       required to read
  116  *   (d) set only during destruction of jail, no mutex needed
  117  */
  118 #if defined(_KERNEL) || defined(_WANT_PRISON)
  119 struct prison {
  120         LIST_ENTRY(prison) pr_list;                     /* (a) all prisons */
  121         int              pr_id;                         /* (c) prison id */
  122         int              pr_ref;                        /* (p) refcount */
  123         int              pr_state;                      /* (p) prison state */
  124         int              pr_nprocs;                     /* (p) process count */
  125         char             pr_path[MAXPATHLEN];           /* (c) chroot path */
  126         struct cpuset   *pr_cpuset;                     /* (p) cpuset */
  127         struct vnode    *pr_root;                       /* (c) vnode to rdir */
  128         char             pr_host[MAXHOSTNAMELEN];       /* (p) jail hostname */
  129         char             pr_name[MAXHOSTNAMELEN];       /* (c) admin jail name */
  130         void            *pr_linux;                      /* (p) linux abi */
  131         int              pr_securelevel;                /* (p) securelevel */
  132         struct task      pr_task;                       /* (d) destroy task */
  133         struct mtx       pr_mtx;
  134         void            **pr_slots;                     /* (p) additional data */
  135         int              pr_ip4s;                       /* (c) number of v4 IPs */
  136         struct in_addr  *pr_ip4;                        /* (c) v4 IPs of jail */
  137         int              pr_ip6s;                       /* (c) number of v6 IPs */
  138         struct in6_addr *pr_ip6;                        /* (c) v6 IPs of jail */
  139 };
  140 #endif /* _KERNEL || _WANT_PRISON */
  141 
  142 #ifdef _KERNEL
  143 /*
  144  * Sysctl-set variables that determine global jail policy
  145  *
  146  * XXX MIB entries will need to be protected by a mutex.
  147  */
  148 extern int      jail_set_hostname_allowed;
  149 extern int      jail_socket_unixiproute_only;
  150 extern int      jail_sysvipc_allowed;
  151 extern int      jail_getfsstat_jailrootonly;
  152 extern int      jail_allow_raw_sockets;
  153 extern int      jail_chflags_allowed;
  154 
  155 LIST_HEAD(prisonlist, prison);
  156 extern struct   prisonlist allprison;
  157 extern struct   sx allprison_lock;
  158 
  159 /*
  160  * Kernel support functions for jail().
  161  */
  162 struct ucred;
  163 struct mount;
  164 struct sockaddr;
  165 struct statfs;
  166 struct thread;
  167 int kern_jail(struct thread *, struct jail *);
  168 int jailed(struct ucred *cred);
  169 void getcredhostname(struct ucred *cred, char *, size_t);
  170 int prison_check(struct ucred *cred1, struct ucred *cred2);
  171 int prison_canseemount(struct ucred *cred, struct mount *mp);
  172 void prison_enforce_statfs(struct ucred *cred, struct mount *mp,
  173     struct statfs *sp);
  174 struct prison *prison_find(int prid);
  175 void prison_free(struct prison *pr);
  176 void prison_free_locked(struct prison *pr);
  177 void prison_hold(struct prison *pr);
  178 void prison_hold_locked(struct prison *pr);
  179 void prison_proc_hold(struct prison *);
  180 void prison_proc_free(struct prison *);
  181 int prison_get_ip4(struct ucred *cred, struct in_addr *ia);
  182 int prison_local_ip4(struct ucred *cred, struct in_addr *ia);
  183 int prison_remote_ip4(struct ucred *cred, struct in_addr *ia);
  184 int prison_check_ip4(struct ucred *cred, struct in_addr *ia);
  185 #ifdef INET6
  186 int prison_get_ip6(struct ucred *, struct in6_addr *);
  187 int prison_local_ip6(struct ucred *, struct in6_addr *, int);
  188 int prison_remote_ip6(struct ucred *, struct in6_addr *);
  189 int prison_check_ip6(struct ucred *, struct in6_addr *);
  190 #endif
  191 int prison_check_af(struct ucred *cred, int af);
  192 int prison_if(struct ucred *cred, struct sockaddr *sa);
  193 int prison_priv_check(struct ucred *cred, int priv);
  194 
  195 /*
  196  * Kernel jail services.
  197  */
  198 struct prison_service;
  199 typedef int (*prison_create_t)(struct prison_service *psrv, struct prison *pr);
  200 typedef int (*prison_destroy_t)(struct prison_service *psrv, struct prison *pr);
  201 
  202 struct prison_service *prison_service_register(const char *name,
  203     prison_create_t create, prison_destroy_t destroy);
  204 void prison_service_deregister(struct prison_service *psrv);
  205 
  206 void prison_service_data_set(struct prison_service *psrv, struct prison *pr,
  207     void *data);
  208 void *prison_service_data_get(struct prison_service *psrv, struct prison *pr);
  209 void *prison_service_data_del(struct prison_service *psrv, struct prison *pr);
  210 
  211 #endif /* _KERNEL */
  212 #endif /* !_SYS_JAIL_H_ */

Cache object: 27247f8bd857b65f3e5619f6ee1f739b


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.