Date: Sat, 9 Sep 2006 10:01:45 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 105881 for review Message-ID: <200609091001.k89A1jfo024240@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=105881 Change 105881 by rwatson@rwatson_sesame on 2006/09/09 10:01:13 Complete privilege mapping for Jail. Affected files ... .. //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#3 edit Differences ... ==== //depot/projects/trustedbsd/priv/sys/kern/kern_jail.c#3 (text+ko) ==== @@ -535,82 +535,189 @@ return (0); switch (priv) { + /* case PRIV_ROOT: */ + /* case PRIV_ACCT: */ + /* case PRIV_MAXFILES: */ + /* case PRIV_MAXPROC: */ + case PRIV_KTRACE: + /* case PRIV_SETDUMPER: */ + /* case PRIV_NFSD: */ + /* case PRIV_REBOOT: */ + /* case PRIV_SWAPON: */ + /* case PRIV_SWAPOFF: */ + /* case PRIV_MSGBUF: */ + /* case PRIV_WITNESS: */ + /* case PRIV_IO: */ + /* case PRIV_KEYBOARD: */ + /* case PRIV_DRIVER: */ + /* case PRIV_ADJTIME: */ + /* case PRIV_NTP_ADJTIME: */ + /* case PRIV_CLOCK_SETTIME: */ + /* case PRIV_SETTIMEOFDAY: */ + /* case PRIV_SETHOSTID: */ + /* case PRIV_SETDOMAINNAME: */ + /* case PRIV_AUDIT_CONTROL: */ + /* case PRIV_AUDIT_FAILSTOP: */ + case PRIV_AUDIT_GETAUDIT: + case PRIV_AUDIT_SETAUDIT: + case PRIV_AUDIT_SUBMIT: case PRIV_CRED_SETUID: case PRIV_CRED_SETEUID: case PRIV_CRED_SETGID: case PRIV_CRED_SETEGID: + case PRIV_CRED_SETGROUPS: case PRIV_CRED_SETREUID: case PRIV_CRED_SETREGID: case PRIV_CRED_SETRESUID: case PRIV_CRED_SETRESGID: - case PRIV_CRED_SETGROUPS: - /* - * Grant most process credential privileges, as root within a - * jail can set up credentials as it sees fit. The ability - * to modify jail settings, and in particular to attach to a - * jail, is not granted. - */ - return (0); - - case PRIV_SIGNAL_SUGID: - case PRIV_SIGNAL_DIFFCRED: + case PRIV_SEEOTHERGIDS: + case PRIV_SEEOTHERUIDS: + case PRIV_DEBUG_DIFFCRED: + case PRIV_DEBUG_SUGID: + case PRIV_DEBUG_UNPRIV: + /* case PRIV_FIRMWARE_LOAD: */ + /* case PRIV_JAIL_ATTACH: */ + /* case PRIV_KENV_SET: */ + /* case PRIV_KENV_UNSET: */ + /* case PRIV_KLD_LOAD: */ + /* case PRIV_KLD_UNLOAD: */ + /* case PRIV_MAC_PARTITION: */ + case PRIV_PROC_LIMIT: case PRIV_PROC_SETLOGIN: - /* - * Inter-process privileges are generally granted, since a - * separate jail name space check will be performed to scope - * these calls to the current jail. - */ - return (0); - - case PRIV_SCHED_SETPRIORITY: case PRIV_PROC_SETRLIMIT: - /* - * Root in jail can modify resource limits and scheduler - * properties as it sees fit. - */ - return (0); - case PRIV_IPC_READ: - case PRIV_IPC_EXEC: - case PRIV_IPC_WRITE: - case PRIV_IPC_ADMIN: - case PRIV_IPC_MSGSIZE: - /* - * Grant System V IPC privileges -- we enable access to the - * services using a single setting, and assume that if System - * V IPC is available in the jail, privilege will be granted - * to root in the jail. - */ - return (0); - - case PRIV_MQ_ADMIN: - /* - * POSIX message queue administrative privilege is granted: - * if the jail can name the resource, then root in the jail - * can manage it. - */ - return (0); - + /* XXXRW: Not yet. */ + /* case PRIV_IPC_READ: */ + /* case PRIV_IPC_WRITE: */ + /* case PRIV_IPC_EXEC: */ + /* case PRIV_IPC_ADMIN: */ + /* case PRIV_IPC_MSGSIZE: */ + /* case PRIV_MQ_ADMIN: */ + /* case PRIV_PMC_MANAGE: */ + /* case PRIV_PMC_SYSTEM: */ + case PRIV_SCHED_DIFFCRED: + /* case PRIV_SCHED_SETPRIORITY: */ + /* case PRIV_SCHED_RTPRIO: */ + /* case PRIV_SCHED_SETPOLICY: */ + /* case PRIV_SCHED_SET: */ + /* case PRIV_SCHED_SETPARAM: */ + /* case PRIV_SEM_WRITE: */ + case PRIV_SIGNAL_DIFFCRED: + case PRIV_SIGNAL_SUGID: + /* case PRIV_SYSCTL_DEBUG: */ + /* case PRIV_SYSCTL_WRITE: */ + case PRIV_SYSCTL_WRITEJAIL: + /* case PRIV_TTY_CONSOLE: */ + /* case PRIV_TTY_DRAINWAIT: */ + /* case PRIV_TTY_DTRWAIT: */ + /* case PRIV_TTY_EXCLUSIVE: */ + /* case PRIV_TTY_PRISON: */ + /* case PRIV_TTY_STI: */ + /* case PRIV_TTY_SETA: */ + /* case PRIV_UFS_EXTATTRCTL: */ + case PRIV_UFS_GETQUOTA: + case PRIV_UFS_QUOTAOFF: /* XXXRW: Slightly surprising. */ + case PRIV_UFS_QUOTAON: /* XXXRW: Slightly surprising. */ + case PRIV_UFS_SETQUOTA: + case PRIV_UFS_SETUSE: /* XXXRW: Slightly surprising. */ + /* case PRIV_UFS_EXCEEDQUOTA: */ case PRIV_VFS_READ: case PRIV_VFS_WRITE: + case PRIV_VFS_ADMIN: case PRIV_VFS_EXEC: - case PRIV_VFS_ADMIN: case PRIV_VFS_LOOKUP: - /* - * In general, grant file permission exemption in VFS, but - * not the right to manipulate the name space (mounting, - * chroot, etc). - */ + case PRIV_VFS_BLOCKRESERVE: /* XXXRW: Slightly surprising. */ + case PRIV_VFS_CHFLAGS_DEV: + case PRIV_VFS_CHOWN: + case PRIV_VFS_CHROOT: + case PRIV_VFS_CLEARSUGID: + /* case PRIV_VFS_EXTATTR_SYSTEM: */ + case PRIV_VFS_FCHROOT: + /* case PRIV_VFS_FHOPEN: */ + /* case PRIV_VFS_FHSTAT: */ + /* case PRIV_VFS_FHSTATFS: */ + /* case PRIV_VFS_GENERATION: */ + /* case PRIV_VFS_GETFH: */ + case PRIV_VFS_LINK: + /* case PRIV_VFS_MKNOD_DEV: */ + /* case PRIV_VFS_MOUNT: */ + /* case PRIV_VFS_MOUNT_OWNER: */ + /* case PRIV_VFS_MOUNT_EXPORTED: */ + /* case PRIV_VFS_MOUNT_PERM: */ + /* case PRIV_VFS_MOUNT_SUIDDIR: */ + case PRIV_VFS_SETGID: + case PRIV_VFS_STICKYFILE: return (0); - case PRIV_VFS_CHFLAGS_DEV: - case PRIV_VFS_REVOKE: - /* - * Grant rights relating to managing visible device nodes and - * ttys. - */ + case PRIV_VFS_SYSFLAGS: + if (jail_chflags_allowed) + return (0); + else + return (EPERM); + /* case PRIV_VFS_UNMOUNT: */ + /* case PRIV_VM_MADV_PROTECT: */ + /* case PRIV_VM_MLOCK: */ + /* case PRIV_VM_MUNLOCK: */ + /* case PRIV_DEVFS_RULE: */ + /* case PRIV_DEVFS_SYMLINK: */ + /* case PRIV_RANDOM_RESEED: */ + /* case PRIV_NET_BRIDGE: */ + /* case PRIV_NET_GRE: */ + /* case PRIV_NET_PPP: */ + /* case PRIV_NET_SLIP: */ + /* case PRIV_NET_BPF: */ + /* case PRIV_NET_RAW: */ + /* case PRIV_NET_ROUTE: */ + /* case PRIV_NET_TAP: */ + /* case PRIV_NET_SETIFMTU: */ + /* case PRIV_NET_SETIFFLAGS: */ + /* case PRIV_NET_SETIFCAP: */ + /* case PRIV_NET_SETIFNAME: */ + /* case PRIV_NET_SETIFMETRIC: */ + /* case PRIV_NET_SETIFPHYS: */ + /* case PRIV_NET_SETIFMAC: */ + /* case PRIV_NET_ADDMULTI: */ + /* case PRIV_NET_DELMULTI: */ + /* case PRIV_NET_HWIOCTL: */ + /* case PRIV_NET_SETLLADDR: */ + /* case PRIV_NET_ADDIFGROUP: */ + /* case PRIV_NET_DELIFGROUP: */ + /* case PRIV_NET_IFCREATE: */ + /* case PRIV_NET_IFDESTROY: */ + /* case PRIV_NET80211_GETKEY: */ + /* case PRIV_NET80211_MANAGE: */ + /* case PRIV_NETATALK_RESERVEDPORT: */ + /* case PRIV_NETATM_CFG: */ + /* case PRIV_NETATM_ADD: */ + /* case PRIV_NETATM_DEL: */ + /* case PRIV_NETATM_SET: */ + /* case PRIV_NETGRAPH_CONTROL: */ + /* case PRIV_NETGRAPH_TTY: */ + case PRIV_NETINET_RESERVEDPORT: return (0); + /* case PRIV_NETINET_IPFW: */ + /* case PRIV_NETINET_DIVERT: */ + /* case PRIV_NETINET_PF: */ + /* case PRIV_NETINET_DUMMYNET: */ + /* case PRIV_NETINET_CARP: */ + /* case PRIV_NETINET_MROUTE: */ + case PRIV_NETINET_RAW: + if (jail_allow_raw_sockets) + return (0); + else + return (EPERM); + case PRIV_NETINET_GETCRED: + /* case PRIV_NETINET_ADDRCTRL6: */ + /* case PRIV_NETINET_ND6: */ + /* case PRIV_NETINET_SCOPE6: */ + /* case PRIV_NETINET_ALIFETIME6: */ + /* case PRIV_NETINET_IPSEC: */ + /* case PRIV_NETIPX_RESERVEDPORT: */ + /* case PRIV_NETIPX_RAW: */ + /* case PRIV_NETNCP: */ + /* case PRIV_NETSMB: */ + /* case PRIV_VM86_INTCALL: */ default: /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609091001.k89A1jfo024240>