jail.h

Version: - FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10

    1 /*-
    2  * ----------------------------------------------------------------------------
    3  * "THE BEER-WARE LICENSE" (Revision 42):
    4  * <phk@FreeBSD.org> wrote this file.  As long as you retain this notice you
    5  * can do whatever you want with this stuff. If we meet some day, and you think
    6  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
    7  * ----------------------------------------------------------------------------
    8  *
    9  * $FreeBSD$
   10  *
   11  */
   12 
   13 #ifndef _SYS_JAIL_H_
   14 #define _SYS_JAIL_H_
   15 
   16 #ifdef _KERNEL
   17 #include <sys/osd.h>
   18 
   19 struct jail_v0 {
   20         u_int32_t       version;
   21         char            *path;
   22         char            *hostname;
   23         u_int32_t       ip_number;
   24 };
   25 #endif
   26 
   27 struct jail {
   28         uint32_t        version;
   29         char            *path;
   30         char            *hostname;
   31         char            *jailname;
   32         uint32_t        ip4s;
   33         uint32_t        ip6s;
   34         struct in_addr  *ip4;
   35         struct in6_addr *ip6;
   36 };
   37 #define JAIL_API_VERSION 2
   38 
   39 /*
   40  * For all xprison structs, always keep the pr_version an int and
   41  * the first variable so userspace can easily distinguish them.
   42  */
   43 #ifndef _KERNEL
   44 struct xprison_v1 {
   45         int              pr_version;
   46         int              pr_id;
   47         char             pr_path[MAXPATHLEN];
   48         char             pr_host[MAXHOSTNAMELEN];
   49         u_int32_t        pr_ip;
   50 };
   51 #endif
   52 
   53 struct xprison {
   54         int              pr_version;
   55         int              pr_id;
   56         int              pr_state;
   57         cpusetid_t       pr_cpusetid;
   58         char             pr_path[MAXPATHLEN];
   59         char             pr_host[MAXHOSTNAMELEN];
   60         char             pr_name[MAXHOSTNAMELEN];
   61         uint32_t         pr_ip4s;
   62         uint32_t         pr_ip6s;
   63 #if 0
   64         /*
   65          * sizeof(xprison) will be malloced + size needed for all
   66          * IPv4 and IPv6 addesses. Offsets are based numbers of addresses.
   67          */
   68         struct in_addr   pr_ip4[];
   69         struct in6_addr  pr_ip6[];
   70 #endif
   71 };
   72 #define XPRISON_VERSION 3
   73 
   74 static const struct prison_state {
   75         int             pr_state;
   76         const char *    state_name;
   77 } prison_states[] = {
   78 #define PRISON_STATE_INVALID            0
   79         { PRISON_STATE_INVALID,         "INVALID" },
   80 #define PRISON_STATE_ALIVE              1
   81         { PRISON_STATE_ALIVE,           "ALIVE" },
   82 #define PRISON_STATE_DYING              2
   83         { PRISON_STATE_DYING,           "DYING" },
   84 };
   85 
   86 
   87 #ifndef _KERNEL
   88 
   89 int jail(struct jail *);
   90 int jail_attach(int);
   91 
   92 #else /* _KERNEL */
   93 
   94 #include <sys/queue.h>
   95 #include <sys/_lock.h>
   96 #include <sys/_mutex.h>
   97 #include <sys/_task.h>
   98 
   99 #define JAIL_MAX        999999
  100 
  101 #ifdef MALLOC_DECLARE
  102 MALLOC_DECLARE(M_PRISON);
  103 #endif
  104 #endif /* _KERNEL */
  105 
  106 struct cpuset;
  107 
  108 /*
  109  * This structure describes a prison.  It is pointed to by all struct
  110  * ucreds's of the inmates.  pr_ref keeps track of them and is used to
  111  * delete the struture when the last inmate is dead.
  112  *
  113  * Lock key:
  114  *   (a) allprison_lock
  115  *   (p) locked by pr_mtx
  116  *   (c) set only during creation before the structure is shared, no mutex
  117  *       required to read
  118  *   (d) set only during destruction of jail, no mutex needed
  119  */
  120 #if defined(_KERNEL) || defined(_WANT_PRISON)
  121 struct prison {
  122         LIST_ENTRY(prison) pr_list;                     /* (a) all prisons */
  123         int              pr_id;                         /* (c) prison id */
  124         int              pr_ref;                        /* (p) refcount */
  125         int              pr_state;                      /* (p) prison state */
  126         int              pr_nprocs;                     /* (p) process count */
  127         char             pr_path[MAXPATHLEN];           /* (c) chroot path */
  128         struct cpuset   *pr_cpuset;                     /* (p) cpuset */
  129         struct vnode    *pr_root;                       /* (c) vnode to rdir */
  130         char             pr_host[MAXHOSTNAMELEN];       /* (p) jail hostname */
  131         char             pr_name[MAXHOSTNAMELEN];       /* (c) admin jail name */
  132         void            *pr_linux;                      /* (p) linux abi */
  133         int              pr_securelevel;                /* (p) securelevel */
  134         struct task      pr_task;                       /* (d) destroy task */
  135         struct mtx       pr_mtx;
  136         void            **pr_slots;                     /* (p) additional data */
  137         int              pr_ip4s;                       /* (c) number of v4 IPs */
  138         struct in_addr  *pr_ip4;                        /* (c) v4 IPs of jail */
  139         int              pr_ip6s;                       /* (c) number of v6 IPs */
  140         struct in6_addr *pr_ip6;                        /* (c) v6 IPs of jail */
  141         struct osd      pr_osd;
  142 };
  143 #endif /* _KERNEL || _WANT_PRISON */
  144 
  145 #ifdef _KERNEL
  146 /*
  147  * Flag bits set via options or internally
  148  */
  149 #define PR_PERSIST      0x00000001      /* Can exist without processes */
  150 #define PR_REMOVE       0x01000000      /* In process of being removed */
  151 
  152 /*
  153  * OSD methods
  154  */
  155 #define PR_METHOD_CREATE        0
  156 #define PR_METHOD_GET           1
  157 #define PR_METHOD_SET           2
  158 #define PR_METHOD_CHECK         3
  159 #define PR_METHOD_ATTACH        4
  160 #define PR_MAXMETHOD            5
  161 
  162 /*
  163  * Sysctl-set variables that determine global jail policy
  164  *
  165  * XXX MIB entries will need to be protected by a mutex.
  166  */
  167 extern int      jail_set_hostname_allowed;
  168 extern int      jail_socket_unixiproute_only;
  169 extern int      jail_sysvipc_allowed;
  170 extern int      jail_getfsstat_jailrootonly;
  171 extern int      jail_allow_raw_sockets;
  172 extern int      jail_chflags_allowed;
  173 
  174 LIST_HEAD(prisonlist, prison);
  175 extern struct   prisonlist allprison;
  176 extern struct   sx allprison_lock;
  177 
  178 /*
  179  * Kernel support functions for jail().
  180  */
  181 struct ucred;
  182 struct mount;
  183 struct sockaddr;
  184 struct statfs;
  185 struct thread;
  186 int kern_jail(struct thread *, struct jail *);
  187 int jailed(struct ucred *cred);
  188 void getcredhostname(struct ucred *cred, char *, size_t);
  189 int prison_check(struct ucred *cred1, struct ucred *cred2);
  190 int prison_canseemount(struct ucred *cred, struct mount *mp);
  191 void prison_enforce_statfs(struct ucred *cred, struct mount *mp,
  192     struct statfs *sp);
  193 struct prison *prison_find(int prid);
  194 void prison_free(struct prison *pr);
  195 void prison_free_locked(struct prison *pr);
  196 void prison_hold(struct prison *pr);
  197 void prison_hold_locked(struct prison *pr);
  198 void prison_proc_hold(struct prison *);
  199 void prison_proc_free(struct prison *);
  200 int prison_get_ip4(struct ucred *cred, struct in_addr *ia);
  201 int prison_local_ip4(struct ucred *cred, struct in_addr *ia);
  202 int prison_remote_ip4(struct ucred *cred, struct in_addr *ia);
  203 int prison_check_ip4(struct ucred *cred, struct in_addr *ia);
  204 int prison_saddrsel_ip4(struct ucred *, struct in_addr *);
  205 #ifdef INET6
  206 int prison_get_ip6(struct ucred *, struct in6_addr *);
  207 int prison_local_ip6(struct ucred *, struct in6_addr *, int);
  208 int prison_remote_ip6(struct ucred *, struct in6_addr *);
  209 int prison_check_ip6(struct ucred *, struct in6_addr *);
  210 int prison_saddrsel_ip6(struct ucred *, struct in6_addr *);
  211 #endif
  212 int prison_check_af(struct ucred *cred, int af);
  213 int prison_if(struct ucred *cred, struct sockaddr *sa);
  214 int prison_priv_check(struct ucred *cred, int priv);
  215 
  216 /*
  217  * Kernel jail services.
  218  */
  219 struct prison_service;
  220 typedef int (*prison_create_t)(struct prison_service *psrv, struct prison *pr);
  221 typedef int (*prison_destroy_t)(struct prison_service *psrv, struct prison *pr);
  222 
  223 struct prison_service *prison_service_register(const char *name,
  224     prison_create_t create, prison_destroy_t destroy);
  225 void prison_service_deregister(struct prison_service *psrv);
  226 
  227 void prison_service_data_set(struct prison_service *psrv, struct prison *pr,
  228     void *data);
  229 void *prison_service_data_get(struct prison_service *psrv, struct prison *pr);
  230 void *prison_service_data_del(struct prison_service *psrv, struct prison *pr);
  231 
  232 #endif /* _KERNEL */
  233 #endif /* !_SYS_JAIL_H_ */

Cache object: e9e25cd226929151d8a254ac906d2594

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.

FreeBSD/Linux Kernel Cross Reference sys/sys/jail.h

FreeBSD/Linux Kernel Cross Reference
sys/sys/jail.h