Date: Wed, 27 May 2009 14:11:23 +0000 (UTC) From: Jamie Gritton <jamie@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src UPDATING src/lib/libc/sys jail.2 src/sys/compat/freebsd32 freebsd32_misc.c src/sys/compat/linux linux_mib.c src/sys/contrib/ipfilter/netinet ip_fil_freebsd.c ip_nat.c src/sys/fs/procfs procfs_status.c src/sys/kern ... Message-ID: <200905271415.n4REFw2R029782@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
jamie 2009-05-27 14:11:23 UTC
FreeBSD src repository
Modified files:
. UPDATING
lib/libc/sys jail.2
sys/compat/freebsd32 freebsd32_misc.c
sys/compat/linux linux_mib.c
sys/contrib/ipfilter/netinet ip_fil_freebsd.c ip_nat.c
sys/fs/procfs procfs_status.c
sys/kern init_main.c kern_cpuset.c kern_descrip.c
kern_exit.c kern_fork.c kern_jail.c
kern_linker.c kern_mib.c kern_proc.c
kern_prot.c sysv_msg.c sysv_sem.c
sysv_shm.c vfs_lookup.c vfs_mount.c
vfs_subr.c vfs_syscalls.c
sys/net rtsock.c
sys/netinet in_pcb.c udp_usrreq.c
sys/netinet6 in6.c in6_ifattach.c in6_pcb.c
sys/nfsserver nfs_srvsock.c
sys/security/mac_bsdextended mac_bsdextended.c
sys/sys cpuset.h jail.h param.h syscallsubr.h
systm.h
sys/ufs/ufs ufs_vnops.c
Log:
SVN rev 192895 on 2009-05-27 14:11:23Z by jamie
Add hierarchical jails. A jail may further virtualize its environment
by creating a child jail, which is visible to that jail and to any
parent jails. Child jails may be restricted more than their parents,
but never less. Jail names reflect this hierarchy, being MIB-style
dot-separated strings.
Every thread now points to a jail, the default being prison0, which
contains information about the physical system. Prison0's root
directory is the same as rootvnode; its hostname is the same as the
global hostname, and its securelevel replaces the global securelevel.
Note that the variable "securelevel" has actually gone away, which
should not cause any problems for code that properly uses
securelevel_gt() and securelevel_ge().
Some jail-related permissions that were kept in global variables and
set via sysctls are now per-jail settings. The sysctls still exist for
backward compatibility, used only by the now-deprecated jail(2) system
call.
Approved by: bz (mentor)
Revision Changes Path
1.605 +4 -0 src/UPDATING
1.34 +21 -5 src/lib/libc/sys/jail.2
1.90 +15 -149 src/sys/compat/freebsd32/freebsd32_misc.c
1.36 +92 -140 src/sys/compat/linux/linux_mib.c
1.18 +6 -0 src/sys/contrib/ipfilter/netinet/ip_fil_freebsd.c
1.47 +4 -0 src/sys/contrib/ipfilter/netinet/ip_nat.c
1.64 +5 -4 src/sys/fs/procfs/procfs_status.c
1.300 +3 -1 src/sys/kern/init_main.c
1.17 +14 -38 src/sys/kern/kern_cpuset.c
1.352 +30 -6 src/sys/kern/kern_descrip.c
1.322 +2 -3 src/sys/kern/kern_exit.c
1.301 +3 -4 src/sys/kern/kern_fork.c
1.102 +1656 -557 src/sys/kern/kern_jail.c
1.170 +3 -2 src/sys/kern/kern_linker.c
1.96 +29 -37 src/sys/kern/kern_mib.c
1.280 +2 -2 src/sys/kern/kern_proc.c
1.218 +8 -17 src/sys/kern/kern_prot.c
1.72 +5 -5 src/sys/kern/sysv_msg.c
1.95 +4 -4 src/sys/kern/sysv_sem.c
1.116 +6 -6 src/sys/kern/sysv_shm.c
1.124 +7 -0 src/sys/kern/vfs_lookup.c
1.306 +5 -0 src/sys/kern/vfs_mount.c
1.762 +5 -13 src/sys/kern/vfs_subr.c
1.477 +1 -7 src/sys/kern/vfs_syscalls.c
1.172 +4 -0 src/sys/net/rtsock.c
1.249 +9 -7 src/sys/netinet/in_pcb.c
1.255 +1 -1 src/sys/netinet/udp_usrreq.c
1.109 +2 -9 src/sys/netinet6/in6.c
1.63 +23 -2 src/sys/netinet6/in6_ifattach.c
1.112 +6 -4 src/sys/netinet6/in6_pcb.c
1.113 +3 -0 src/sys/nfsserver/nfs_srvsock.c
1.57 +2 -2 src/sys/security/mac_bsdextended/mac_bsdextended.c
1.9 +2 -2 src/sys/sys/cpuset.h
1.42 +97 -18 src/sys/sys/jail.h
1.411 +1 -1 src/sys/sys/param.h
1.55 +2 -0 src/sys/sys/syscallsubr.h
1.276 +0 -2 src/sys/sys/systm.h
1.313 +0 -1 src/sys/ufs/ufs/ufs_vnops.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905271415.n4REFw2R029782>