From owner-cvs-all Tue Feb 20 22:40:13 2001 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 0D9F837B401; Tue, 20 Feb 2001 22:39:58 -0800 (PST) (envelope-from rwatson@FreeBSD.org) Received: (from rwatson@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f1L6dvw85339; Tue, 20 Feb 2001 22:39:57 -0800 (PST) (envelope-from rwatson) Message-Id: <200102210639.f1L6dvw85339@freefall.freebsd.org> From: Robert Watson Date: Tue, 20 Feb 2001 22:39:57 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/compat/linprocfs linprocfs_misc.c src/sys/compat/linux linux_mib.c src/sys/compat/svr4 svr4_misc.c src/sys/kern init_main.c kern_exit.c kern_fork.c kern_jail.c kern_ktrace.c kern_mib.c kern_proc.c kern_prot.c sysv_msg.c sysv_sem.c ... X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG rwatson 2001/02/20 22:39:57 PST Modified files: sys/compat/linprocfs linprocfs_misc.c sys/compat/linux linux_mib.c sys/compat/svr4 svr4_misc.c sys/kern init_main.c kern_exit.c kern_fork.c kern_jail.c kern_ktrace.c kern_mib.c kern_proc.c kern_prot.c sysv_msg.c sysv_sem.c sysv_shm.c tty_pty.c uipc_socket.c uipc_usrreq.c vfs_syscalls.c sys/miscfs/procfs procfs_status.c sys/net if.c if.h rtsock.c sys/netinet in.h in_pcb.c tcp_usrreq.c udp_usrreq.c sys/sys capability.h jail.h proc.h systm.h ucred.h Log: o Move per-process jail pointer (p->pr_prison) to inside of the subject credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use. Notes: o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure. Reviewed by: freebsd-arch Obtained from: TrustedBSD Project Revision Changes Path 1.20 +2 -2 src/sys/compat/linprocfs/linprocfs_misc.c 1.10 +7 -6 src/sys/compat/linux/linux_mib.c 1.25 +1 -10 src/sys/compat/svr4/svr4_misc.c 1.157 +2 -4 src/sys/kern/init_main.c 1.118 +1 -10 src/sys/kern/kern_exit.c 1.100 +1 -6 src/sys/kern/kern_fork.c 1.10 +68 -19 src/sys/kern/kern_jail.c 1.49 +4 -2 src/sys/kern/kern_ktrace.c 1.39 +4 -4 src/sys/kern/kern_mib.c 1.87 +5 -1 src/sys/kern/kern_proc.c 1.75 +30 -19 src/sys/kern/kern_prot.c 1.30 +6 -6 src/sys/kern/sysv_msg.c 1.32 +5 -5 src/sys/kern/sysv_sem.c 1.53 +7 -7 src/sys/kern/sysv_shm.c 1.84 +3 -3 src/sys/kern/tty_pty.c 1.90 +2 -2 src/sys/kern/uipc_socket.c 1.63 +3 -2 src/sys/kern/uipc_usrreq.c 1.178 +3 -2 src/sys/kern/vfs_syscalls.c 1.27 +3 -3 src/sys/miscfs/procfs/procfs_status.c 1.103 +4 -2 src/sys/net/if.c 1.61 +1 -3 src/sys/net/if.h 1.51 +4 -2 src/sys/net/rtsock.c 1.53 +1 -4 src/sys/netinet/in.h 1.77 +11 -10 src/sys/netinet/in_pcb.c 1.54 +5 -2 src/sys/netinet/tcp_usrreq.c 1.85 +6 -3 src/sys/netinet/udp_usrreq.c 1.5 +2 -2 src/sys/sys/capability.h 1.11 +18 -2 src/sys/sys/jail.h 1.152 +2 -3 src/sys/sys/proc.h 1.135 +3 -4 src/sys/sys/systm.h 1.21 +2 -1 src/sys/sys/ucred.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message