From: Mark Johnston <markj@FreeBSD.org> Subject: git: 3cbb5a96bd81 - stable/14 - jail: Make prison_owns_vnet() operate on a prison instead of a ucred
| raw e-mail | index | archive | help
The branch stable/14 has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=3cbb5a96bd81b5b5d59f6a0a39a2a0f447357deb commit 3cbb5a96bd81b5b5d59f6a0a39a2a0f447357deb Author: Mark Johnston <markj@FreeBSD.org> AuthorDate: 2025-07-28 15:46:26 +0000 Commit: Mark Johnston <markj@FreeBSD.org> CommitDate: 2025-08-12 12:49:57 +0000 jail: Make prison_owns_vnet() operate on a prison instead of a ucred This will be useful in an upcoming change. No functional change intended. Reviewed by: jamie MFC after: 2 weeks Sponsored by: Stormshield Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D51524 (cherry picked from commit 748a4ea1caffca48c4949d5a7b964853c44fbdae) --- sys/kern/kern_jail.c | 17 +++++++---------- sys/kern/kern_sysctl.c | 2 +- sys/sys/jail.h | 2 +- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index b14b3218ebb7..0af1bcd775d0 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -3423,7 +3423,7 @@ prison_check_af(struct ucred *cred, int af) pr = cred->cr_prison; #ifdef VIMAGE /* Prisons with their own network stack are not limited. */ - if (prison_owns_vnet(cred)) + if (prison_owns_vnet(pr)) return (0); #endif @@ -3488,7 +3488,7 @@ prison_if(struct ucred *cred, const struct sockaddr *sa) KASSERT(sa != NULL, ("%s: sa is NULL", __func__)); #ifdef VIMAGE - if (prison_owns_vnet(cred)) + if (prison_owns_vnet(cred->cr_prison)) return (0); #endif @@ -3605,7 +3605,7 @@ jailed_without_vnet(struct ucred *cred) if (!jailed(cred)) return (false); #ifdef VIMAGE - if (prison_owns_vnet(cred)) + if (prison_owns_vnet(cred->cr_prison)) return (false); #endif @@ -3668,20 +3668,17 @@ getjailname(struct ucred *cred, char *name, size_t len) #ifdef VIMAGE /* - * Determine whether the prison represented by cred owns - * its vnet rather than having it inherited. - * - * Returns true in case the prison owns the vnet, false otherwise. + * Determine whether the prison owns its VNET. */ bool -prison_owns_vnet(struct ucred *cred) +prison_owns_vnet(struct prison *pr) { /* * vnets cannot be added/removed after jail creation, * so no need to lock here. */ - return ((cred->cr_prison->pr_flags & PR_VNET) != 0); + return ((pr->pr_flags & PR_VNET) != 0); } #endif @@ -4343,7 +4340,7 @@ sysctl_jail_vnet(SYSCTL_HANDLER_ARGS) #ifdef VIMAGE struct ucred *cred = req->td->td_ucred; - havevnet = jailed(cred) && prison_owns_vnet(cred); + havevnet = jailed(cred) && prison_owns_vnet(cred->cr_prison); #else havevnet = 0; #endif diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index 479792b4fff1..46674b9a3ed1 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -2268,7 +2268,7 @@ sysctl_root(SYSCTL_HANDLER_ARGS) priv = PRIV_SYSCTL_WRITEJAIL; #ifdef VIMAGE else if ((oid->oid_kind & CTLFLAG_VNET) && - prison_owns_vnet(req->td->td_ucred)) + prison_owns_vnet(req->td->td_ucred->cr_prison)) priv = PRIV_SYSCTL_WRITEJAIL; #endif else diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 7fbb71ee31f8..6701587f82cb 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -428,7 +428,7 @@ void prison0_init(void); bool prison_allow(struct ucred *, unsigned); int prison_check(struct ucred *cred1, struct ucred *cred2); bool prison_check_nfsd(struct ucred *cred); -bool prison_owns_vnet(struct ucred *); +bool prison_owns_vnet(struct prison *pr); int prison_canseemount(struct ucred *cred, struct mount *mp); void prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>