DragonFly submit List (threaded) for 2005-01
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

per-jail varsym support

From:	Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx>
Date:	Wed, 12 Jan 2005 05:32:11 +0100
Mail-followup-to:	submit@crater.dragonflybsd.org

Hi all,
attached patch teaches varsym the jail magic. This is necessary for our
rcNG scripts, they use varsyms internally.

Joerg

Index: kern/kern_jail.c
===================================================================
RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/kern/kern_jail.c,v
retrieving revision 1.5
diff -u -r1.5 kern_jail.c
--- kern/kern_jail.c	26 Jun 2003 02:17:45 -0000	1.5
+++ kern/kern_jail.c	12 Jan 2005 03:43:11 -0000
@@ -74,6 +74,7 @@
 	if (error) 
 		goto bail;
 	pr->pr_ip = j.ip_number;
+	varsymset_init(&pr->pr_varsymset, NULL);
 
 	ca.path = j.path;
 	error = chroot(&ca);
Index: kern/kern_prot.c
===================================================================
RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/kern/kern_prot.c,v
retrieving revision 1.18
diff -u -r1.18 kern_prot.c
--- kern/kern_prot.c	9 May 2004 11:51:10 -0000	1.18
+++ kern/kern_prot.c	12 Jan 2005 03:44:35 -0000
@@ -930,6 +930,7 @@
 		if (cr->cr_prison && !--cr->cr_prison->pr_ref) {
 			if (cr->cr_prison->pr_linux != NULL)
 				FREE(cr->cr_prison->pr_linux, M_PRISON);
+			varsymset_clean(&cr->cr_prison->pr_varsymset);
 			FREE(cr->cr_prison, M_PRISON);
 		}
 		cr->cr_prison = NULL;	/* safety */
Index: kern/kern_varsym.c
===================================================================
RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/kern/kern_varsym.c,v
retrieving revision 1.5
diff -u -r1.5 kern_varsym.c
--- kern/kern_varsym.c	16 Jul 2004 05:51:10 -0000	1.5
+++ kern/kern_varsym.c	12 Jan 2005 04:00:23 -0000
@@ -45,6 +45,7 @@
 #include <sys/ucred.h>
 #include <sys/resourcevar.h>
 #include <sys/proc.h>
+#include <sys/jail.h>
 #include <sys/queue.h>
 #include <sys/sysctl.h>
 #include <sys/malloc.h>
@@ -144,9 +145,12 @@
     }
     switch(uap->level) {
     case VARSYM_SYS:
-	if ((error = suser(curthread)) != 0)
+	if (curthread->td_proc != NULL && curthread->td_proc->p_ucred->cr_prison != NULL)
+	    uap->level = VARSYM_PRISON;
+    case VARSYM_PRISON:
+	if (curthread->td_proc != NULL &&
+	    (error = suser_cred(curthread->td_proc->p_ucred, PRISON_ROOT)) != 0)
 	    break;
-	/* XXX implement per-jail sys */
 	/* fall through */
     case VARSYM_USER:
 	/* XXX check jail / implement per-jail user */
@@ -239,6 +243,10 @@
 	case VARSYM_SYS:
 		vss = &varsymset_sys;
 		break;
+	case VARSYM_PRISON:
+		if (p != NULL && p->p_ucred->cr_prison != NULL)
+			vss = &p->p_ucred->cr_prison->pr_varsymset;
+		break;
 	}
 	if (vss == NULL) {
 		error = EINVAL;
@@ -334,18 +342,22 @@
 varsym_t
 varsymfind(int mask, const char *name, int namelen)
 {
-    struct proc *p;
+    struct proc *p = curproc;
     struct varsyment *ve = NULL;
     varsym_t sym;
 
-    if ((mask & (VARSYM_PROC_MASK|VARSYM_USER_MASK)) && (p = curproc) != NULL) {
+    if ((mask & (VARSYM_PROC_MASK|VARSYM_USER_MASK)) && p != NULL) {
 	if (mask & VARSYM_PROC_MASK)
 	    ve = varsymlookup(&p->p_varsymset, name, namelen);
 	if (ve == NULL && (mask & VARSYM_USER_MASK))
 	    ve = varsymlookup(&p->p_ucred->cr_uidinfo->ui_varsymset, name, namelen);
     }
-    if (ve == NULL && (mask & VARSYM_SYS_MASK))
-	ve = varsymlookup(&varsymset_sys, name, namelen);
+    if (ve == NULL && (mask & VARSYM_SYS_MASK)) {
+	if (p != NULL && p->p_ucred->cr_prison) 
+	    ve = varsymlookup(&p->p_ucred->cr_prison->pr_varsymset, name, namelen);
+	else
+	    ve = varsymlookup(&varsymset_sys, name, namelen);
+    }
     if (ve) {
 	sym = ve->ve_sym;
 	++sym->vs_refs;
@@ -378,6 +390,10 @@
     case VARSYM_SYS:
 	vss = &varsymset_sys;
 	break;
+    case VARSYM_PRISON:
+	if (p != NULL && p->p_ucred->cr_prison != NULL)
+	    vss = &p->p_ucred->cr_prison->pr_varsymset;
+	break;
     }
     if (vss == NULL) {
 	error = EINVAL;
Index: sys/jail.h
===================================================================
RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/sys/jail.h,v
retrieving revision 1.3
diff -u -r1.3 jail.h
--- sys/jail.h	20 Aug 2003 07:31:21 -0000	1.3
+++ sys/jail.h	12 Jan 2005 03:43:01 -0000
@@ -14,6 +14,8 @@
 #ifndef _SYS_JAIL_H_
 #define _SYS_JAIL_H_
 
+#include <sys/varsym.h>
+
 struct jail {
 	u_int32_t	version;
 	char		*path;
@@ -42,6 +44,7 @@
 	char 		pr_host[MAXHOSTNAMELEN];
 	u_int32_t	pr_ip;
 	void		*pr_linux;
+	struct varsymset pr_varsymset;
 };
 
 /*
Index: sys/varsym.h
===================================================================
RCS file: /home/joerg/wd/repository/dragonflybsd/src/sys/sys/varsym.h,v
retrieving revision 1.2
diff -u -r1.2 varsym.h
--- sys/varsym.h	9 Nov 2003 20:29:57 -0000	1.2
+++ sys/varsym.h	12 Jan 2005 03:49:09 -0000
@@ -40,6 +40,7 @@
 #define VARSYM_PROC	1
 #define VARSYM_USER	2
 #define VARSYM_SYS	3
+#define VARSYM_PRISON	4	/* used internally */
 
 #define VARSYM_PROC_MASK	(1 << VARSYM_PROC)
 #define VARSYM_USER_MASK	(1 << VARSYM_USER)

Follow-Ups:
- Re: per-jail varsym support
  - From: Matthew Dillon

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]