From owner-cvs-src-old@FreeBSD.ORG Wed May 27 14:15:59 2009 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26E341065676 for ; Wed, 27 May 2009 14:15:59 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 0A0A48FC1F for ; Wed, 27 May 2009 14:15:59 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n4REFwXI029783 for ; Wed, 27 May 2009 14:15:58 GMT (envelope-from jamie@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n4REFw2R029782 for cvs-src-old@freebsd.org; Wed, 27 May 2009 14:15:58 GMT (envelope-from jamie@repoman.freebsd.org) Message-Id: <200905271415.n4REFw2R029782@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to jamie@repoman.freebsd.org using -f From: Jamie Gritton Date: Wed, 27 May 2009 14:11:23 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src UPDATING src/lib/libc/sys jail.2 src/sys/compat/freebsd32 freebsd32_misc.c src/sys/compat/linux linux_mib.c src/sys/contrib/ipfilter/netinet ip_fil_freebsd.c ip_nat.c src/sys/fs/procfs procfs_status.c src/sys/kern ... X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 14:15:59 -0000 jamie 2009-05-27 14:11:23 UTC FreeBSD src repository Modified files: . UPDATING lib/libc/sys jail.2 sys/compat/freebsd32 freebsd32_misc.c sys/compat/linux linux_mib.c sys/contrib/ipfilter/netinet ip_fil_freebsd.c ip_nat.c sys/fs/procfs procfs_status.c sys/kern init_main.c kern_cpuset.c kern_descrip.c kern_exit.c kern_fork.c kern_jail.c kern_linker.c kern_mib.c kern_proc.c kern_prot.c sysv_msg.c sysv_sem.c sysv_shm.c vfs_lookup.c vfs_mount.c vfs_subr.c vfs_syscalls.c sys/net rtsock.c sys/netinet in_pcb.c udp_usrreq.c sys/netinet6 in6.c in6_ifattach.c in6_pcb.c sys/nfsserver nfs_srvsock.c sys/security/mac_bsdextended mac_bsdextended.c sys/sys cpuset.h jail.h param.h syscallsubr.h systm.h sys/ufs/ufs ufs_vnops.c Log: SVN rev 192895 on 2009-05-27 14:11:23Z by jamie Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor) Revision Changes Path 1.605 +4 -0 src/UPDATING 1.34 +21 -5 src/lib/libc/sys/jail.2 1.90 +15 -149 src/sys/compat/freebsd32/freebsd32_misc.c 1.36 +92 -140 src/sys/compat/linux/linux_mib.c 1.18 +6 -0 src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c 1.47 +4 -0 src/sys/contrib/ipfilter/netinet/ip_nat.c 1.64 +5 -4 src/sys/fs/procfs/procfs_status.c 1.300 +3 -1 src/sys/kern/init_main.c 1.17 +14 -38 src/sys/kern/kern_cpuset.c 1.352 +30 -6 src/sys/kern/kern_descrip.c 1.322 +2 -3 src/sys/kern/kern_exit.c 1.301 +3 -4 src/sys/kern/kern_fork.c 1.102 +1656 -557 src/sys/kern/kern_jail.c 1.170 +3 -2 src/sys/kern/kern_linker.c 1.96 +29 -37 src/sys/kern/kern_mib.c 1.280 +2 -2 src/sys/kern/kern_proc.c 1.218 +8 -17 src/sys/kern/kern_prot.c 1.72 +5 -5 src/sys/kern/sysv_msg.c 1.95 +4 -4 src/sys/kern/sysv_sem.c 1.116 +6 -6 src/sys/kern/sysv_shm.c 1.124 +7 -0 src/sys/kern/vfs_lookup.c 1.306 +5 -0 src/sys/kern/vfs_mount.c 1.762 +5 -13 src/sys/kern/vfs_subr.c 1.477 +1 -7 src/sys/kern/vfs_syscalls.c 1.172 +4 -0 src/sys/net/rtsock.c 1.249 +9 -7 src/sys/netinet/in_pcb.c 1.255 +1 -1 src/sys/netinet/udp_usrreq.c 1.109 +2 -9 src/sys/netinet6/in6.c 1.63 +23 -2 src/sys/netinet6/in6_ifattach.c 1.112 +6 -4 src/sys/netinet6/in6_pcb.c 1.113 +3 -0 src/sys/nfsserver/nfs_srvsock.c 1.57 +2 -2 src/sys/security/mac_bsdextended/mac_bsdextended.c 1.9 +2 -2 src/sys/sys/cpuset.h 1.42 +97 -18 src/sys/sys/jail.h 1.411 +1 -1 src/sys/sys/param.h 1.55 +2 -0 src/sys/sys/syscallsubr.h 1.276 +0 -2 src/sys/sys/systm.h 1.313 +0 -1 src/sys/ufs/ufs/ufs_vnops.c