看板 DFBSD_submit 關於我們 聯絡資訊
發信人Joerg Sonnenberger <joerg@britannica.bec.de>,
看板DFBSD_submit
標 題per-jail varsym support
發信站(null) (Wed Jan 12 12:49:54 2005)
轉信站ptt!crater_reader.dragonflybsd.org!crater.dragonflybsd.org!127.0.0.1.M
--/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi all, attached patch teaches varsym the jail magic. This is necessary for our rcNG scripts, they use varsyms internally. Joerg --/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="varsym-jail.diff" Index: kern/kern_jail.c =================================================================== RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/kern/kern_jail.c,v retrieving revision 1.5 diff -u -r1.5 kern_jail.c --- kern/kern_jail.c 26 Jun 2003 02:17:45 -0000 1.5 +++ kern/kern_jail.c 12 Jan 2005 03:43:11 -0000 @@ -74,6 +74,7 @@ if (error) goto bail; pr->pr_ip = j.ip_number; + varsymset_init(&pr->pr_varsymset, NULL); ca.path = j.path; error = chroot(&ca); Index: kern/kern_prot.c =================================================================== RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/kern/kern_prot.c,v retrieving revision 1.18 diff -u -r1.18 kern_prot.c --- kern/kern_prot.c 9 May 2004 11:51:10 -0000 1.18 +++ kern/kern_prot.c 12 Jan 2005 03:44:35 -0000 @@ -930,6 +930,7 @@ if (cr->cr_prison && !--cr->cr_prison->pr_ref) { if (cr->cr_prison->pr_linux != NULL) FREE(cr->cr_prison->pr_linux, M_PRISON); + varsymset_clean(&cr->cr_prison->pr_varsymset); FREE(cr->cr_prison, M_PRISON); } cr->cr_prison = NULL; /* safety */ Index: kern/kern_varsym.c =================================================================== RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/kern/kern_varsym.c,v retrieving revision 1.5 diff -u -r1.5 kern_varsym.c --- kern/kern_varsym.c 16 Jul 2004 05:51:10 -0000 1.5 +++ kern/kern_varsym.c 12 Jan 2005 04:00:23 -0000 @@ -45,6 +45,7 @@ #include <sys/ucred.h> #include <sys/resourcevar.h> #include <sys/proc.h> +#include <sys/jail.h> #include <sys/queue.h> #include <sys/sysctl.h> #include <sys/malloc.h> @@ -144,9 +145,12 @@ } switch(uap->level) { case VARSYM_SYS: - if ((error = suser(curthread)) != 0) + if (curthread->td_proc != NULL && curthread->td_proc->p_ucred->cr_prison != NULL) + uap->level = VARSYM_PRISON; + case VARSYM_PRISON: + if (curthread->td_proc != NULL && + (error = suser_cred(curthread->td_proc->p_ucred, PRISON_ROOT)) != 0) break; - /* XXX implement per-jail sys */ /* fall through */ case VARSYM_USER: /* XXX check jail / implement per-jail user */ @@ -239,6 +243,10 @@ case VARSYM_SYS: vss = &varsymset_sys; break; + case VARSYM_PRISON: + if (p != NULL && p->p_ucred->cr_prison != NULL) + vss = &p->p_ucred->cr_prison->pr_varsymset; + break; } if (vss == NULL) { error = EINVAL; @@ -334,18 +342,22 @@ varsym_t varsymfind(int mask, const char *name, int namelen) { - struct proc *p; + struct proc *p = curproc; struct varsyment *ve = NULL; varsym_t sym; - if ((mask & (VARSYM_PROC_MASK|VARSYM_USER_MASK)) && (p = curproc) != NULL) { + if ((mask & (VARSYM_PROC_MASK|VARSYM_USER_MASK)) && p != NULL) { if (mask & VARSYM_PROC_MASK) ve = varsymlookup(&p->p_varsymset, name, namelen); if (ve == NULL && (mask & VARSYM_USER_MASK)) ve = varsymlookup(&p->p_ucred->cr_uidinfo->ui_varsymset, name, namelen); } - if (ve == NULL && (mask & VARSYM_SYS_MASK)) - ve = varsymlookup(&varsymset_sys, name, namelen); + if (ve == NULL && (mask & VARSYM_SYS_MASK)) { + if (p != NULL && p->p_ucred->cr_prison) + ve = varsymlookup(&p->p_ucred->cr_prison->pr_varsymset, name, namelen); + else + ve = varsymlookup(&varsymset_sys, name, namelen); + } if (ve) { sym = ve->ve_sym; ++sym->vs_refs; @@ -378,6 +390,10 @@ case VARSYM_SYS: vss = &varsymset_sys; break; + case VARSYM_PRISON: + if (p != NULL && p->p_ucred->cr_prison != NULL) + vss = &p->p_ucred->cr_prison->pr_varsymset; + break; } if (vss == NULL) { error = EINVAL; Index: sys/jail.h =================================================================== RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/sys/jail.h,v retrieving revision 1.3 diff -u -r1.3 jail.h --- sys/jail.h 20 Aug 2003 07:31:21 -0000 1.3 +++ sys/jail.h 12 Jan 2005 03:43:01 -0000 @@ -14,6 +14,8 @@ #ifndef _SYS_JAIL_H_ #define _SYS_JAIL_H_ +#include <sys/varsym.h> + struct jail { u_int32_t version; char *path; @@ -42,6 +44,7 @@ char pr_host[MAXHOSTNAMELEN]; u_int32_t pr_ip; void *pr_linux; + struct varsymset pr_varsymset; }; /* Index: sys/varsym.h =================================================================== RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/sys/varsym.h,v retrieving revision 1.2 diff -u -r1.2 varsym.h --- sys/varsym.h 9 Nov 2003 20:29:57 -0000 1.2 +++ sys/varsym.h 12 Jan 2005 03:49:09 -0000 @@ -40,6 +40,7 @@ #define VARSYM_PROC 1 #define VARSYM_USER 2 #define VARSYM_SYS 3 +#define VARSYM_PRISON 4 /* used internally */ #define VARSYM_PROC_MASK (1 << VARSYM_PROC) #define VARSYM_USER_MASK (1 << VARSYM_USER) --/04w6evG8XlLl3ft--