From owner-svn-src-head@freebsd.org  Fri Jul  6 18:50:23 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 683071044CDC;
 Fri,  6 Jul 2018 18:50:23 +0000 (UTC)
 (envelope-from jamie@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1AD1090A62;
 Fri,  6 Jul 2018 18:50:23 +0000 (UTC)
 (envelope-from jamie@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EBE3E4A04;
 Fri,  6 Jul 2018 18:50:22 +0000 (UTC)
 (envelope-from jamie@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w66IoMPM049467;
 Fri, 6 Jul 2018 18:50:22 GMT (envelope-from jamie@FreeBSD.org)
Received: (from jamie@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w66IoMaQ049466;
 Fri, 6 Jul 2018 18:50:22 GMT (envelope-from jamie@FreeBSD.org)
Message-Id: <201807061850.w66IoMaQ049466@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: jamie set sender to
 jamie@FreeBSD.org using -f
From: Jamie Gritton <jamie@FreeBSD.org>
Date: Fri, 6 Jul 2018 18:50:22 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r336038 - in head/sys: kern sys
X-SVN-Group: head
X-SVN-Commit-Author: jamie
X-SVN-Commit-Paths: in head/sys: kern sys
X-SVN-Commit-Revision: 336038
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jul 2018 18:50:23 -0000

Author: jamie
Date: Fri Jul  6 18:50:22 2018
New Revision: 336038
URL: https://svnweb.freebsd.org/changeset/base/336038

Log:
  Change prison_add_vfs() to the more generic prison_add_allow(), which
  can add any dynamic allow.* or allow.*.* parameter.  Also keep
  prison_add_vfs() as a wrapper.
  
  Differential Revision:	D16146

Modified:
  head/sys/kern/kern_jail.c
  head/sys/sys/jail.h

Modified: head/sys/kern/kern_jail.c
==============================================================================
--- head/sys/kern/kern_jail.c	Fri Jul  6 17:39:48 2018	(r336037)
+++ head/sys/kern/kern_jail.c	Fri Jul  6 18:50:22 2018	(r336038)
@@ -3760,37 +3760,43 @@ SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLA
     "B", "Jail may mount/unmount jail-friendly file systems in general");
 
 /*
- * The VFS system will register jail-aware filesystems here.  They each get
- * a parameter allow.mount.xxxfs and a flag to check when a jailed user
- * attempts to mount.
+ * Add a dynamic parameter allow.<name>, or allow.<prefix>.<name>.  Return
+ * its associated bit in the pr_allow bitmask, or zero if the parameter was
+ * not created.
  */
-void
-prison_add_vfs(struct vfsconf *vfsp)
+unsigned
+prison_add_allow(const char *prefix, const char *name, const char *prefix_descr,
+    const char *descr)
 {
-	char *allow_name, *allow_noname, *mount_allowed;
 	struct bool_flags *bf;
+	struct sysctl_oid *parent;
+	char *allow_name, *allow_noname, *allowed;
 #ifndef NO_SYSCTL_DESCR
-	char *descr;
+	char *descr_deprecated;
 #endif
 	unsigned allow_flag;
 
-	if (asprintf(&allow_name, M_PRISON, "allow.mount.%s", vfsp->vfc_name) <
-	    0 || asprintf(&allow_noname, M_PRISON, "allow.mount.no%s",
-	    vfsp->vfc_name) < 0) {
+	if (prefix
+	    ? asprintf(&allow_name, M_PRISON, "allow.%s.%s", prefix, name)
+		< 0 ||
+	      asprintf(&allow_noname, M_PRISON, "allow.%s.no%s", prefix, name)
+		< 0
+	    : asprintf(&allow_name, M_PRISON, "allow.%s", name) < 0 ||
+	      asprintf(&allow_noname, M_PRISON, "allow.no%s", name) < 0) {
 		free(allow_name, M_PRISON);
-		return;
+		return 0;
 	}
 
 	/*
-	 * See if this parameter has already beed added, i.e. if the filesystem
-	 * was previously loaded/unloaded.
+	 * See if this parameter has already beed added, i.e. a module was
+	 * previously loaded/unloaded.
 	 */
 	mtx_lock(&prison0.pr_mtx);
 	for (bf = pr_flag_allow;
 	     bf < pr_flag_allow + nitems(pr_flag_allow) && bf->flag != 0;
 	     bf++) {
 		if (strcmp(bf->name, allow_name) == 0) {
-			vfsp->vfc_prison_flag = bf->flag;
+			allow_flag = bf->flag;
 			goto no_add;
 		}
 	}
@@ -3798,7 +3804,7 @@ prison_add_vfs(struct vfsconf *vfsp)
 	/*
 	 * Find a free bit in prison0's pr_allow, failing if there are none
 	 * (which shouldn't happen as long as we keep track of how many
-	 * filesystems are jail-aware).
+	 * potential dynamic flags exist).
 	 */
 	for (allow_flag = 1;; allow_flag <<= 1) {
 		if (allow_flag == 0)
@@ -3815,52 +3821,73 @@ prison_add_vfs(struct vfsconf *vfsp)
 	for (bf = pr_flag_allow; bf->flag != 0; bf++)
 		if (bf == pr_flag_allow + nitems(pr_flag_allow)) {
 			/* This should never happen, but is not fatal. */
+			allow_flag = 0;
 			goto no_add;
 		}
 	prison0.pr_allow |= allow_flag;
 	bf->name = allow_name;
 	bf->noname = allow_noname;
 	bf->flag = allow_flag;
-	vfsp->vfc_prison_flag = allow_flag;
 	mtx_unlock(&prison0.pr_mtx);
 
 	/*
 	 * Create sysctls for the paramter, and the back-compat global
 	 * permission.
 	 */
-#ifndef NO_SYSCTL_DESCR
-	(void)asprintf(&descr, M_TEMP, "Jail may mount the %s file system",
-	    vfsp->vfc_name);
-#endif
-	(void)SYSCTL_ADD_PROC(NULL,
-	    SYSCTL_CHILDREN(&sysctl___security_jail_param_allow_mount),
-	    OID_AUTO, vfsp->vfc_name, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
+	parent = prefix
+	    ? SYSCTL_ADD_NODE(NULL,
+		  SYSCTL_CHILDREN(&sysctl___security_jail_param_allow),
+		  OID_AUTO, prefix, 0, 0, prefix_descr)
+	    : &sysctl___security_jail_param_allow;
+	(void)SYSCTL_ADD_PROC(NULL, SYSCTL_CHILDREN(parent), OID_AUTO,
+	    name, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
 	    NULL, 0, sysctl_jail_param, "B", descr);
+	if ((prefix
+	     ? asprintf(&allowed, M_TEMP, "%s_%s_allowed", prefix, name)
+	     : asprintf(&allowed, M_TEMP, "%s_allowed", name)) >= 0) {
 #ifndef NO_SYSCTL_DESCR
-	free(descr, M_TEMP);
+		(void)asprintf(&descr_deprecated, M_TEMP, "%s (deprecated)",
+		    descr);
 #endif
-	if (asprintf(&mount_allowed, M_TEMP, "mount_%s_allowed",
-		vfsp->vfc_name) >= 0) {
-#ifndef NO_SYSCTL_DESCR
-		(void)asprintf(&descr, M_TEMP,
-		  "Processes in jail can mount the %s file system (deprecated)",
-		  vfsp->vfc_name);
-#endif
 		(void)SYSCTL_ADD_PROC(NULL,
-		    SYSCTL_CHILDREN(&sysctl___security_jail), OID_AUTO,
-		    mount_allowed, CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE,
-		    NULL, allow_flag, sysctl_jail_default_allow, "I", descr);
+		    SYSCTL_CHILDREN(&sysctl___security_jail), OID_AUTO, allowed,
+		    CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_MPSAFE, NULL, allow_flag,
+		    sysctl_jail_default_allow, "I", descr_deprecated);
 #ifndef NO_SYSCTL_DESCR
-		free(descr, M_TEMP);
+		free(descr_deprecated, M_TEMP);
 #endif
-		free(mount_allowed, M_TEMP);
+		free(allowed, M_TEMP);
 	}
-	return;
+	return allow_flag;
 
  no_add:
 	mtx_unlock(&prison0.pr_mtx);
 	free(allow_name, M_PRISON);
 	free(allow_noname, M_PRISON);
+	return allow_flag;
+}
+
+/*
+ * The VFS system will register jail-aware filesystems here.  They each get
+ * a parameter allow.mount.xxxfs and a flag to check when a jailed user
+ * attempts to mount.
+ */
+void
+prison_add_vfs(struct vfsconf *vfsp)
+{
+#ifdef NO_SYSCTL_DESCR
+
+	vfsp->vfc_prison_flag = prison_add_allow("mount", vfsp->vfc_name,
+	    NULL, NULL);
+#else
+	char *descr;
+
+	(void)asprintf(&descr, M_TEMP, "Jail may mount the %s file system",
+	    vfsp->vfc_name);
+	vfsp->vfc_prison_flag = prison_add_allow("mount", vfsp->vfc_name,
+	    NULL, descr);
+	free(descr, M_TEMP);
+#endif
 }
 
 #ifdef RACCT

Modified: head/sys/sys/jail.h
==============================================================================
--- head/sys/sys/jail.h	Fri Jul  6 17:39:48 2018	(r336037)
+++ head/sys/sys/jail.h	Fri Jul  6 18:50:22 2018	(r336038)
@@ -409,6 +409,8 @@ int prison_if(struct ucred *cred, struct sockaddr *sa)
 char *prison_name(struct prison *, struct prison *);
 int prison_priv_check(struct ucred *cred, int priv);
 int sysctl_jail_param(SYSCTL_HANDLER_ARGS);
+unsigned prison_add_allow(const char *prefix, const char *name,
+    const char *prefix_descr, const char *descr);
 void prison_add_vfs(struct vfsconf *vfsp);
 void prison_racct_foreach(void (*callback)(struct racct *racct,
     void *arg2, void *arg3), void (*pre)(void), void (*post)(void),