d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
123d2cb7e9
freebsd-dev/sys/kern/kern_mib.c

517 lines
17 KiB
C
Raw Normal View History

Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
/*-
* Copyright (c) 1982, 1986, 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Mike Karels at Berkeley Software Design, Inc.
*
* Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD
* project, to make these variables more userfriendly.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94
*/
Use __FBSDID().
2003-06-11 00:56:59 +00:00
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
Add 'compat_freebsd[4567]' features corresponding to the kernel options COMPAT_FREEBSD[4567]. MFC after: 1 week Requested by: kris
2008-01-17 22:46:32 +00:00
#include "opt_compat.h"
o General style improvemnts. Submitted by: bde
2001-11-08 15:31:19 +00:00
#include "opt_posix.h"
Handle !INCLUDE_CONFIG_FILE entirely in the kernel. This should make some developers happy, since it will let them to use old config(8) with newer kernels. Reviewed by: imp Approved by: imp
2007-05-16 16:08:04 +00:00
#include "opt_config.h"
o Introduce an 'options REGRESSION'-dependant sysctl namespaces, 'regression.*'. o Add 'regression.securelevel_nonmonotonic', conditional on 'options REGRESSION', which allows the securelevel to be lowered for the purposes of efficient regression testing of securelevel policy decisions. Regression tests for securelevels will be committed shortly. NOTE: 'options REGRESSION' should never be used on production machines, as it permits violation of system invariants so as to improve the ability to effectively test edge cases, and improve testing efficiency.
2001-10-07 03:51:22 +00:00
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
#include <sys/param.h>
#include <sys/kernel.h>
Improve INCLUDE_CONFIG_FILE support. This change will let us to have full configuration of a running kernel available in sysctl: sysctl -b kern.conftxt The same configuration is also contained within the kernel image. It can be obtained with: config -x <kernelfile> Current functionality lets you to quickly recover kernel configuration, by simply redirecting output from commands presented above and starting kernel build procedure. "include" statements are also honored, which means options and devices from included files are also included. Please note that comments from configuration files are not preserved by default. In order to preserve them, you can use -C flag for config(8). This will bring configuration file and included files literally; however, redirection to a file no longer works directly. This commit was followed by discussion, that took place on freebsd-current@. For more details, look here: http://lists.freebsd.org/pipermail/freebsd-current/2007-March/069994.html http://lists.freebsd.org/pipermail/freebsd-current/2007-May/071844.html Development of this patch took place in Perforce, hierarchy: //depot/user/wkoszek/wkoszek_kconftxt/ Support from: freebsd-current@ (links above) Reviewed by: imp@ Approved by: imp@
2007-05-12 19:38:18 +00:00
#include <sys/sbuf.h>
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
#include <sys/systm.h>
#include <sys/sysctl.h>
#include <sys/proc.h>
o Introduce pr_mtx into struct prison, providing protection for the mutable contents of struct prison (hostname, securelevel, refcount, pr_linux, ...) o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/ so as to enforce these protections, in particular, in kern_mib.c protection sysctl access to the hostname and securelevel, as well as kern_prot.c access to the securelevel for access control purposes. o Rewrite linux emulator abstractions for accessing per-jail linux mib entries (osname, osrelease, osversion) so that they don't return a pointer to the text in the struct linux_prison, rather, a copy to an array passed into the calls. Likewise, update linprocfs to use these primitives. o Update in_pcb.c to always use prison_getip() rather than directly accessing struct prison. Reviewed by: jhb
2001-12-03 16:12:27 +00:00
#include <sys/lock.h>
#include <sys/mutex.h>
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
#include <sys/jail.h>
Overhaul of the SMP code. Several portions of the SMP kernel support have been made machine independent and various other adjustments have been made to support Alpha SMP. - It splits the per-process portions of hardclock() and statclock() off into hardclock_process() and statclock_process() respectively. hardclock() and statclock() call the *_process() functions for the current process so that UP systems will run as before. For SMP systems, it is simply necessary to ensure that all other processors execute the *_process() functions when the main clock functions are triggered on one CPU by an interrupt. For the alpha 4100, clock interrupts are delievered in a staggered broadcast fashion, so we simply call hardclock/statclock on the boot CPU and call the *_process() functions on the secondaries. For x86, we call statclock and hardclock as usual and then call forward_hardclock/statclock in the MD code to send an IPI to cause the AP's to execute forwared_hardclock/statclock which then call the *_process() functions. - forward_signal() and forward_roundrobin() have been reworked to be MI and to involve less hackery. Now the cpu doing the forward sets any flags, etc. and sends a very simple IPI_AST to the other cpu(s). AST IPIs now just basically return so that they can execute ast() and don't bother with setting the astpending or needresched flags themselves. This also removes the loop in forward_signal() as sched_lock closes the race condition that the loop worked around. - need_resched(), resched_wanted() and clear_resched() have been changed to take a process to act on rather than assuming curproc so that they can be used to implement forward_roundrobin() as described above. - Various other SMP variables have been moved to a MI subr_smp.c and a new header sys/smp.h declares MI SMP variables and API's. The IPI API's from machine/ipl.h have moved to machine/smp.h which is included by sys/smp.h. - The globaldata_register() and globaldata_find() functions as well as the SLIST of globaldata structures has become MI and moved into subr_smp.c. Also, the globaldata list is only available if SMP support is compiled in. Reviewed by: jake, peter Looked over by: eivind
2001-04-27 19:28:25 +00:00
#include <sys/smp.h>
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor)
2009-05-27 14:11:23 +00:00
#include <sys/sx.h>
Update a sysctl to use _POSIX_VERSION from <sys/unistd.h>, instead of the kernel option _KPOSIX_VERSION.
2002-10-13 14:26:29 +00:00
#include <sys/unistd.h>
Move MACHINE_ARCH definition from <machine/param.h> to <machine/cpu.h>. Submitted by: Bruce Evans <bde@zeta.org.au>
1997-08-30 02:52:04 +00:00
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
SYSCTL_NODE(, 0, sysctl, CTLFLAG_RW, 0,
"Sysctl internal magic");
SYSCTL_NODE(, CTL_KERN, kern, CTLFLAG_RW, 0,
"High kernel, proc, limits &c");
SYSCTL_NODE(, CTL_VM, vm, CTLFLAG_RW, 0,
"Virtual memory");
Attach vfs_sysctl() one level lower so that only the levels below VFS_GENERIC aren't done in the FreeBSD way. The previous commit broke the nfs sysctls.
1997-03-04 18:31:56 +00:00
SYSCTL_NODE(, CTL_VFS, vfs, CTLFLAG_RW, 0,
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
"File system");
SYSCTL_NODE(, CTL_NET, net, CTLFLAG_RW, 0,
"Network, (see socket.h)");
SYSCTL_NODE(, CTL_DEBUG, debug, CTLFLAG_RW, 0,
"Debugging");
Add sysctl tree debug.sizeof to tell us how big things are. First two entries are struct proc and struct vnode.
1999-07-19 09:13:12 +00:00
SYSCTL_NODE(_debug, OID_AUTO, sizeof, CTLFLAG_RW, 0,
"Sizeof various things");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
SYSCTL_NODE(, CTL_HW, hw, CTLFLAG_RW, 0,
"hardware");
SYSCTL_NODE(, CTL_MACHDEP, machdep, CTLFLAG_RW, 0,
"machine dependent");
SYSCTL_NODE(, CTL_USER, user, CTLFLAG_RW, 0,
"user-level");
Finish _POSIX_PRIORITY_SCHEDULING. Needs P1003_1B and _KPOSIX_PRIORITY_SCHEDULING options to work. Changes: Change all "posix4" to "p1003_1b". Misnamed files are left as "posix4" until I'm told if I can simply delete them and add new ones; Add _POSIX_PRIORITY_SCHEDULING system calls for FreeBSD and Linux; Add man pages for _POSIX_PRIORITY_SCHEDULING system calls; Add options to LINT; Minor fixes to P1003_1B code during testing.
1998-03-28 11:51:01 +00:00
SYSCTL_NODE(, CTL_P1003_1B, p1003_1b, CTLFLAG_RW, 0,
"p1003_1b, (see p1003_1b.h)");
Reviewed by: msmith, bde long ago Fix for RTPRIO scheduler to eliminate invalid context switches. POSIX.4 headers and sysctl variables. Nothing should change unless POSIX4 is defined or _POSIX_VERSION is set to 199309.
1998-03-04 10:25:55 +00:00
Add sysctl variables for the Linuxulator. These reside under `compat.linux' as discussed on current. The following variables are defined (for now): osname (defaults to "Linux") Allow users to change the name of the OS as returned by uname(2), specially added for all those Linux Netscape users and statistics maniacs :-) We now have what we all wanted! osrelease (defaults to "2.2.5") Allow users to change the version of the OS as returned by uname(2). Since -current supports glibc2.1 now, change the default to 2.2.5 (was 2.0.36). oss_version (defaults to 198144 [0x030600]) This one will be used by the OSS_GETVERSION ioctl (PR 12917) which I can commit now that we have the MIB. The default version number is the lowest version possible with the current 'encoding'. A note about imprisoned processes (see jail(2)): These variables are copy-on-write (as suggested by phk). This means that imprisoned processes will use the system wide value unless it is written/set by the process. From that moment on, a copy local to the prison will be used. A note about the implementation: I choose to add a single pointer to struct prison, because I didn't like the idea of changing struct prison every time I come up with a new variable. As a side effect, the extra storage is only needed when a variable is set from within the prison. This also minimizes kernel bloat when the Linuxulator is not used; both compiled in or as a module. Reviewed by: bde (first version only) and phk
1999-08-27 19:47:41 +00:00
SYSCTL_NODE(, OID_AUTO, compat, CTLFLAG_RW, 0,
"Compatibility code");
- Attempt to help declutter kern. sysctl by moving security out from beneath it. Reviewed by: rwatson
2002-01-16 06:55:30 +00:00
SYSCTL_NODE(, OID_AUTO, security, CTLFLAG_RW, 0,
"Security");
o General style improvemnts. Submitted by: bde
2001-11-08 15:31:19 +00:00
#ifdef REGRESSION
SYSCTL_NODE(, OID_AUTO, regression, CTLFLAG_RW, 0,
"Regression test MIB");
#endif
Add sysctl variables for the Linuxulator. These reside under `compat.linux' as discussed on current. The following variables are defined (for now): osname (defaults to "Linux") Allow users to change the name of the OS as returned by uname(2), specially added for all those Linux Netscape users and statistics maniacs :-) We now have what we all wanted! osrelease (defaults to "2.2.5") Allow users to change the version of the OS as returned by uname(2). Since -current supports glibc2.1 now, change the default to 2.2.5 (was 2.0.36). oss_version (defaults to 198144 [0x030600]) This one will be used by the OSS_GETVERSION ioctl (PR 12917) which I can commit now that we have the MIB. The default version number is the lowest version possible with the current 'encoding'. A note about imprisoned processes (see jail(2)): These variables are copy-on-write (as suggested by phk). This means that imprisoned processes will use the system wide value unless it is written/set by the process. From that moment on, a copy local to the prison will be used. A note about the implementation: I choose to add a single pointer to struct prison, because I didn't like the idea of changing struct prison every time I come up with a new variable. As a side effect, the extra storage is only needed when a variable is set from within the prison. This also minimizes kernel bloat when the Linuxulator is not used; both compiled in or as a module. Reviewed by: bde (first version only) and phk
1999-08-27 19:47:41 +00:00
Mark most often used sysctl's as MPSAFE. After running a `make buildkernel', I noticed most of the Giant locks in sysctl are only caused by a very small amount of sysctl's: - sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like sysctl.oidfmt. - kern.ident, kern.osrelease, kern.version, etc. These are just constant strings. - kern.arandom, used by the stack protector. It is already protected by arc4_mtx. I also saw the following sysctl's show up. Not as often as the ones above, but still quite often: - security.jail.jailed. Also mark security.jail.list as MPSAFE. They don't need locking or already use allprison_lock. - kern.devname, used by devname(3), ttyname(3), etc. This seems to reduce Giant locking inside sysctl by ~75% in my primitive test setup.
2009-01-28 19:58:05 +00:00
SYSCTL_STRING(_kern, OID_AUTO, ident, CTLFLAG_RD|CTLFLAG_MPSAFE,
Attempt to fix Alpha build by renaming ident[] to kern_ident[].
2003-06-09 18:19:33 +00:00
kern_ident, 0, "Kernel identifier");
Expose kern.ident by way of OID_AUTO. Requested by: phk
2003-06-09 10:54:23 +00:00
Mark most often used sysctl's as MPSAFE. After running a `make buildkernel', I noticed most of the Giant locks in sysctl are only caused by a very small amount of sysctl's: - sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like sysctl.oidfmt. - kern.ident, kern.osrelease, kern.version, etc. These are just constant strings. - kern.arandom, used by the stack protector. It is already protected by arc4_mtx. I also saw the following sysctl's show up. Not as often as the ones above, but still quite often: - security.jail.jailed. Also mark security.jail.list as MPSAFE. They don't need locking or already use allprison_lock. - kern.devname, used by devname(3), ttyname(3), etc. This seems to reduce Giant locking inside sysctl by ~75% in my primitive test setup.
2009-01-28 19:58:05 +00:00
SYSCTL_STRING(_kern, KERN_OSRELEASE, osrelease, CTLFLAG_RD|CTLFLAG_MPSAFE,
Add/correct description for some sysctl variables where it was missing. The description field is unused in -stable, so the MFC there is equivalent to a comment. It can be done at any time, i am just setting a reminder in 45 days when hopefully we are past 4.5-release. MFC after: 45 days
2001-12-16 16:07:20 +00:00
osrelease, 0, "Operating system release");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_kern, KERN_OSREV, osrevision, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, BSD, "Operating system revision");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
Mark most often used sysctl's as MPSAFE. After running a `make buildkernel', I noticed most of the Giant locks in sysctl are only caused by a very small amount of sysctl's: - sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like sysctl.oidfmt. - kern.ident, kern.osrelease, kern.version, etc. These are just constant strings. - kern.arandom, used by the stack protector. It is already protected by arc4_mtx. I also saw the following sysctl's show up. Not as often as the ones above, but still quite often: - security.jail.jailed. Also mark security.jail.list as MPSAFE. They don't need locking or already use allprison_lock. - kern.devname, used by devname(3), ttyname(3), etc. This seems to reduce Giant locking inside sysctl by ~75% in my primitive test setup.
2009-01-28 19:58:05 +00:00
SYSCTL_STRING(_kern, KERN_VERSION, version, CTLFLAG_RD|CTLFLAG_MPSAFE,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
version, 0, "Kernel version");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
Mark most often used sysctl's as MPSAFE. After running a `make buildkernel', I noticed most of the Giant locks in sysctl are only caused by a very small amount of sysctl's: - sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like sysctl.oidfmt. - kern.ident, kern.osrelease, kern.version, etc. These are just constant strings. - kern.arandom, used by the stack protector. It is already protected by arc4_mtx. I also saw the following sysctl's show up. Not as often as the ones above, but still quite often: - security.jail.jailed. Also mark security.jail.list as MPSAFE. They don't need locking or already use allprison_lock. - kern.devname, used by devname(3), ttyname(3), etc. This seems to reduce Giant locking inside sysctl by ~75% in my primitive test setup.
2009-01-28 19:58:05 +00:00
SYSCTL_STRING(_kern, KERN_OSTYPE, ostype, CTLFLAG_RD|CTLFLAG_MPSAFE,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
ostype, 0, "Operating system type");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
Change description of kern.osreldate from "Operating system release date" to "Kernel release date" - userland version is in /usr/include/osreldate.h
2003-08-21 14:47:08 +00:00
/*
* NOTICE: The *userland* release date is available in
* /usr/include/osreldate.h
*/
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_kern, KERN_OSRELDATE, osreldate, CTLFLAG_RD,
Change description of kern.osreldate from "Operating system release date" to "Kernel release date" - userland version is in /usr/include/osreldate.h
2003-08-21 14:47:08 +00:00
&osreldate, 0, "Kernel release date");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
Change all SYSCTLS which are readonly and have a related TUNABLE from CTLFLAG_RD to CTLFLAG_RDTUN so that sysctl(8) can provide more useful error messages.
2003-10-21 18:28:36 +00:00
SYSCTL_INT(_kern, KERN_MAXPROC, maxproc, CTLFLAG_RDTUN,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
&maxproc, 0, "Maximum number of processes");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_kern, KERN_MAXPROCPERUID, maxprocperuid, CTLFLAG_RW,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
&maxprocperuid, 0, "Maximum processes allowed per userid");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
Change all SYSCTLS which are readonly and have a related TUNABLE from CTLFLAG_RD to CTLFLAG_RDTUN so that sysctl(8) can provide more useful error messages.
2003-10-21 18:28:36 +00:00
SYSCTL_INT(_kern, OID_AUTO, maxusers, CTLFLAG_RDTUN,
Move param.c out of the conf directory and make it fully dynamic. Tunables are now derived at boot time from maxusers. ie: change maxusers via a tunable and all the derivative settings change. You can change the other tunables individually as well. Even hz etc is tunable.
2001-07-26 23:04:03 +00:00
&maxusers, 0, "Hint for kernel tuning");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_kern, KERN_ARGMAX, argmax, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, ARG_MAX, "Maximum bytes of argument to execve(2)");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_kern, KERN_POSIX1, posix1version, CTLFLAG_RD,
Update a sysctl to use _POSIX_VERSION from <sys/unistd.h>, instead of the kernel option _KPOSIX_VERSION.
2002-10-13 14:26:29 +00:00
0, _POSIX_VERSION, "Version of POSIX attempting to comply to");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
Declare the kern.ngroups sysctl to be read-only, but tunable at boot for better error reporting. Submitted by: Matthew Fleming <matthew dot fleming at isilon dot com> MFC After: 1 month
2010-01-12 18:20:20 +00:00
SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RDTUN,
Replace the static NGROUPS=NGROUPS_MAX+1=1024 with a dynamic kern.ngroups+1. kern.ngroups can range from NGROUPS_MAX=1023 to INT_MAX-1. Given that the Windows group limit is 1024, this range should be sufficient for most applications. MFC after: 1 month
2010-01-12 07:49:34 +00:00
&ngroups_max, 0,
Correct the explination text for the kern.ngroups. It reflects the number of supplemental groups, not the total number of groups. MFC after: 3 days
2010-01-09 23:22:31 +00:00
"Maximum number of supplemental groups a user can belong to");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_kern, KERN_JOB_CONTROL, job_control, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 1, "Whether job control is available");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
#ifdef _POSIX_SAVED_IDS
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_kern, KERN_SAVED_IDS, saved_ids, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 1, "Whether saved set-group/user ID is available");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
#else
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_kern, KERN_SAVED_IDS, saved_ids, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Whether saved set-group/user ID is available");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
#endif
char kernelname[MAXPATHLEN] = "/kernel"; /* XXX bloat */
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_STRING(_kern, KERN_BOOTFILE, bootfile, CTLFLAG_RW,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
kernelname, sizeof kernelname, "Name of kernel file booted");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_hw, HW_NCPU, ncpu, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
&mp_ncpus, 0, "Number of active CPUs");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_hw, HW_BYTEORDER, byteorder, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, BYTE_ORDER, "System byte order");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_hw, HW_PAGESIZE, pagesize, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, PAGE_SIZE, "System memory page size");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
Add kern.arnd sysctl. SSP code uses it to initialize the stack guard magic value. Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
2007-05-19 04:53:14 +00:00
static int
sysctl_kern_arnd(SYSCTL_HANDLER_ARGS)
{
Make sysctl_kern_arnd return a random buffer instead of a random long, as it is expected by userland (stack protector guard setup for example). PR: 119129 Approved by: rwatson (mentor) MFC after: 1 month
2008-02-17 16:44:48 +00:00
char buf[256];
size_t len;
len = req->oldlen;
if (len > sizeof(buf))
len = sizeof(buf);
arc4rand(buf, len, 0);
return (SYSCTL_OUT(req, buf, len));
Add kern.arnd sysctl. SSP code uses it to initialize the stack guard magic value. Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
2007-05-19 04:53:14 +00:00
}
Mark most often used sysctl's as MPSAFE. After running a `make buildkernel', I noticed most of the Giant locks in sysctl are only caused by a very small amount of sysctl's: - sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like sysctl.oidfmt. - kern.ident, kern.osrelease, kern.version, etc. These are just constant strings. - kern.arandom, used by the stack protector. It is already protected by arc4_mtx. I also saw the following sysctl's show up. Not as often as the ones above, but still quite often: - security.jail.jailed. Also mark security.jail.list as MPSAFE. They don't need locking or already use allprison_lock. - kern.devname, used by devname(3), ttyname(3), etc. This seems to reduce Giant locking inside sysctl by ~75% in my primitive test setup.
2009-01-28 19:58:05 +00:00
SYSCTL_PROC(_kern, KERN_ARND, arandom,
CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
sysctl_kern_arnd, "", "arc4rand");
Add kern.arnd sysctl. SSP code uses it to initialize the stack guard magic value. Submitted by: Jeremie Le Hen <jeremie@le-hen.org>
2007-05-19 04:53:14 +00:00
Move the definitions of the hw.physmem, hw.usermem and hw.availpages sysctls to MI code; this reduces code duplication and makes all of them available on sparc64, and the latter two on powerpc. The semantics by the i386 and pc98 hw.availpages is slightly changed: previously, holes between ranges of available pages would be included, while they are excluded now. The new behaviour should be more correct and brings i386 in line with the other architectures. Move physmem to vm/vm_init.c, where this variable is used in MI code.
2002-11-07 23:57:17 +00:00
static int
sysctl_hw_physmem(SYSCTL_HANDLER_ARGS)
{
u_long val;
val = ctob(physmem);
return (sysctl_handle_long(oidp, &val, 0, req));
}
SYSCTL_PROC(_hw, HW_PHYSMEM, physmem, CTLTYPE_ULONG | CTLFLAG_RD,
0, 0, sysctl_hw_physmem, "LU", "");
static int
Add a sysctl that records the amount of physical memory in the machine. Submitted by: Nicko Dehaine <nicko@stbernard.com> MFC after: 1 day
2005-02-28 21:42:56 +00:00
sysctl_hw_realmem(SYSCTL_HANDLER_ARGS)
{
u_long val;
val = ctob(realmem);
return (sysctl_handle_long(oidp, &val, 0, req));
}
SYSCTL_PROC(_hw, HW_REALMEM, realmem, CTLTYPE_ULONG | CTLFLAG_RD,
0, 0, sysctl_hw_realmem, "LU", "");
static int
Move the definitions of the hw.physmem, hw.usermem and hw.availpages sysctls to MI code; this reduces code duplication and makes all of them available on sparc64, and the latter two on powerpc. The semantics by the i386 and pc98 hw.availpages is slightly changed: previously, holes between ranges of available pages would be included, while they are excluded now. The new behaviour should be more correct and brings i386 in line with the other architectures. Move physmem to vm/vm_init.c, where this variable is used in MI code.
2002-11-07 23:57:17 +00:00
sysctl_hw_usermem(SYSCTL_HANDLER_ARGS)
{
u_long val;
Revert VMCNT_* operations introduction. Probabilly, a general approach is not the better solution here, so we should solve the sched_lock protection problems separately. Requested by: alc Approved by: jeff (mentor)
2007-05-31 22:52:15 +00:00
val = ctob(physmem - cnt.v_wire_count);
Move the definitions of the hw.physmem, hw.usermem and hw.availpages sysctls to MI code; this reduces code duplication and makes all of them available on sparc64, and the latter two on powerpc. The semantics by the i386 and pc98 hw.availpages is slightly changed: previously, holes between ranges of available pages would be included, while they are excluded now. The new behaviour should be more correct and brings i386 in line with the other architectures. Move physmem to vm/vm_init.c, where this variable is used in MI code.
2002-11-07 23:57:17 +00:00
return (sysctl_handle_long(oidp, &val, 0, req));
}
SYSCTL_PROC(_hw, HW_USERMEM, usermem, CTLTYPE_ULONG | CTLFLAG_RD,
0, 0, sysctl_hw_usermem, "LU", "");
SYSCTL_ULONG(_hw, OID_AUTO, availpages, CTLFLAG_RD, &physmem, 0, "");
Add a new sysctl for reporting all of the supported page sizes. Reviewed by: jhb MFC after: 3 weeks
2009-09-18 17:04:57 +00:00
u_long pagesizes[MAXPAGESIZES] = { PAGE_SIZE };
static int
sysctl_hw_pagesizes(SYSCTL_HANDLER_ARGS)
{
int error;
#ifdef SCTL_MASK32
int i;
uint32_t pagesizes32[MAXPAGESIZES];
if (req->flags & SCTL_MASK32) {
/*
* Recreate the "pagesizes" array with 32-bit elements. Truncate
* any page size greater than UINT32_MAX to zero.
*/
for (i = 0; i < MAXPAGESIZES; i++)
pagesizes32[i] = (uint32_t)pagesizes[i];
error = SYSCTL_OUT(req, pagesizes32, sizeof(pagesizes32));
} else
#endif
error = SYSCTL_OUT(req, pagesizes, sizeof(pagesizes));
return (error);
}
SYSCTL_PROC(_hw, OID_AUTO, pagesizes, CTLTYPE_ULONG | CTLFLAG_RD,
NULL, 0, sysctl_hw_pagesizes, "LU", "Supported page sizes");
When compat32 binary asks for the value of hw.machine_arch, report the name of 32bit sibling architecture instead of the host one. Do the same for hw.machine on amd64. Add a safety belt debug.adaptive_machine_arch sysctl, to turn the substitution off. Reviewed by: jhb, nwhitehorn MFC after: 2 weeks
2010-07-22 09:13:49 +00:00
#ifdef SCTL_MASK32
int adaptive_machine_arch = 1;
SYSCTL_INT(_debug, OID_AUTO, adaptive_machine_arch, CTLFLAG_RW,
&adaptive_machine_arch, 1,
"Adapt reported machine architecture to the ABI of the binary");
#endif
static int
sysctl_hw_machine_arch(SYSCTL_HANDLER_ARGS)
{
int error;
static const char machine_arch[] = MACHINE_ARCH;
#ifdef SCTL_MASK32
static const char machine_arch32[] = MACHINE_ARCH32;
if ((req->flags & SCTL_MASK32) != 0 && adaptive_machine_arch)
error = SYSCTL_OUT(req, machine_arch32, sizeof(machine_arch32));
else
#endif
error = SYSCTL_OUT(req, machine_arch, sizeof(machine_arch));
return (error);
}
SYSCTL_PROC(_hw, HW_MACHINE_ARCH, machine_arch, CTLTYPE_STRING | CTLFLAG_RD,
NULL, 0, sysctl_hw_machine_arch, "A", "System architecture");
Added a sysctl arg, hw.machine_arch. The hw.machine_arch is "ibm-pc" on IBM-PC box and is "pc-98" on NEC PC-98 box. Userland program can distinguish architecture on which the program runs.
1997-08-29 09:03:40 +00:00
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
static int
Previous commit changing SYSCTL_HANDLER_ARGS violated KNF. Pointed out by: bde
2000-07-04 11:25:35 +00:00
sysctl_hostname(SYSCTL_HANDLER_ARGS)
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
{
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
struct prison *pr, *cpr;
size_t pr_offset;
char tmpname[MAXHOSTNAMELEN];
int descend, error, len;
/*
* This function can set: hostname domainname hostuuid.
* Keep that in mind when comments say "hostname".
*/
pr_offset = (size_t)arg1;
len = arg2;
KASSERT(len <= sizeof(tmpname),
("length %d too long for %s", len, __func__));
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Simple p_ucred -> td_ucred changes to start using the per-thread ucred reference.
2002-02-27 18:32:23 +00:00
pr = req->td->td_ucred->cr_prison;
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr)
return (EPERM);
/*
* Make a local copy of hostname to get/set so we don't have to hold
* the jail mutex during the sysctl copyin/copyout activities.
*/
mtx_lock(&pr->pr_mtx);
bcopy((char *)pr + pr_offset, tmpname, len);
mtx_unlock(&pr->pr_mtx);
error = sysctl_handle_string(oidp, tmpname, len, req);
if (req->newptr != NULL && error == 0) {
o Introduce pr_mtx into struct prison, providing protection for the mutable contents of struct prison (hostname, securelevel, refcount, pr_linux, ...) o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/ so as to enforce these protections, in particular, in kern_mib.c protection sysctl access to the hostname and securelevel, as well as kern_prot.c access to the securelevel for access control purposes. o Rewrite linux emulator abstractions for accessing per-jail linux mib entries (osname, osrelease, osversion) so that they don't return a pointer to the text in the struct linux_prison, rather, a copy to an array passed into the calls. Likewise, update linprocfs to use these primitives. o Update in_pcb.c to always use prison_getip() rather than directly accessing struct prison. Reviewed by: jhb
2001-12-03 16:12:27 +00:00
/*
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
* Copy the locally set hostname to all jails that share
* this host info.
o Introduce pr_mtx into struct prison, providing protection for the mutable contents of struct prison (hostname, securelevel, refcount, pr_linux, ...) o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/ so as to enforce these protections, in particular, in kern_mib.c protection sysctl access to the hostname and securelevel, as well as kern_prot.c access to the securelevel for access control purposes. o Rewrite linux emulator abstractions for accessing per-jail linux mib entries (osname, osrelease, osversion) so that they don't return a pointer to the text in the struct linux_prison, rather, a copy to an array passed into the calls. Likewise, update linprocfs to use these primitives. o Update in_pcb.c to always use prison_getip() rather than directly accessing struct prison. Reviewed by: jhb
2001-12-03 16:12:27 +00:00
*/
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
sx_slock(&allprison_lock);
while (!(pr->pr_flags & PR_HOST))
pr = pr->pr_parent;
o Introduce pr_mtx into struct prison, providing protection for the mutable contents of struct prison (hostname, securelevel, refcount, pr_linux, ...) o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/ so as to enforce these protections, in particular, in kern_mib.c protection sysctl access to the hostname and securelevel, as well as kern_prot.c access to the securelevel for access control purposes. o Rewrite linux emulator abstractions for accessing per-jail linux mib entries (osname, osrelease, osversion) so that they don't return a pointer to the text in the struct linux_prison, rather, a copy to an array passed into the calls. Likewise, update linprocfs to use these primitives. o Update in_pcb.c to always use prison_getip() rather than directly accessing struct prison. Reviewed by: jhb
2001-12-03 16:12:27 +00:00
mtx_lock(&pr->pr_mtx);
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
bcopy(tmpname, (char *)pr + pr_offset, len);
FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend)
if (cpr->pr_flags & PR_HOST)
descend = 0;
else
bcopy(tmpname, (char *)cpr + pr_offset, len);
o Introduce pr_mtx into struct prison, providing protection for the mutable contents of struct prison (hostname, securelevel, refcount, pr_linux, ...) o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/ so as to enforce these protections, in particular, in kern_mib.c protection sysctl access to the hostname and securelevel, as well as kern_prot.c access to the securelevel for access control purposes. o Rewrite linux emulator abstractions for accessing per-jail linux mib entries (osname, osrelease, osversion) so that they don't return a pointer to the text in the struct linux_prison, rather, a copy to an array passed into the calls. Likewise, update linprocfs to use these primitives. o Update in_pcb.c to always use prison_getip() rather than directly accessing struct prison. Reviewed by: jhb
2001-12-03 16:12:27 +00:00
mtx_unlock(&pr->pr_mtx);
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
sx_sunlock(&allprison_lock);
Introduce a new lock, hostname_mtx, and use it to synchronize access to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates. Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted. MFC after: 3 weeks
2008-07-05 13:10:10 +00:00
}
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
return (error);
}
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_PROC(_kern, KERN_HOSTNAME, hostname,
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
Rename the host-related prison fields to be the same as the host.* parameters they represent, and the variables they replaced, instead of abbreviated versions of them. Approved by: bz (mentor)
2009-06-13 15:39:12 +00:00
(void *)(offsetof(struct prison, pr_hostname)), MAXHOSTNAMELEN,
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
sysctl_hostname, "A", "Hostname");
SYSCTL_PROC(_kern, KERN_NISDOMAINNAME, domainname,
CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
Rename the host-related prison fields to be the same as the host.* parameters they represent, and the variables they replaced, instead of abbreviated versions of them. Approved by: bz (mentor)
2009-06-13 15:39:12 +00:00
(void *)(offsetof(struct prison, pr_domainname)), MAXHOSTNAMELEN,
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
sysctl_hostname, "A", "Name of the current YP/NIS domain");
SYSCTL_PROC(_kern, KERN_HOSTUUID, hostuuid,
CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
Rename the host-related prison fields to be the same as the host.* parameters they represent, and the variables they replaced, instead of abbreviated versions of them. Approved by: bz (mentor)
2009-06-13 15:39:12 +00:00
(void *)(offsetof(struct prison, pr_hostuuid)), HOSTUUIDLEN,
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
sysctl_hostname, "A", "Host UUID");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
o General style improvemnts. Submitted by: bde
2001-11-08 15:31:19 +00:00
static int regression_securelevel_nonmonotonic = 0;
o Introduce an 'options REGRESSION'-dependant sysctl namespaces, 'regression.*'. o Add 'regression.securelevel_nonmonotonic', conditional on 'options REGRESSION', which allows the securelevel to be lowered for the purposes of efficient regression testing of securelevel policy decisions. Regression tests for securelevels will be committed shortly. NOTE: 'options REGRESSION' should never be used on production machines, as it permits violation of system invariants so as to improve the ability to effectively test edge cases, and improve testing efficiency.
2001-10-07 03:51:22 +00:00
o Cache req->td->td_proc->p_ucred->cr_prison in pr to improve readability. o Conditionalize only the SYSCTL definitions for the regression tree, not the variables itself, decreasing the number of #ifdef REGRESSIONs scattered in kern_mib.c, and making the code more readable. Sponsored by: DARPA, NAI Labs
2001-11-28 21:22:05 +00:00
#ifdef REGRESSION
o Introduce an 'options REGRESSION'-dependant sysctl namespaces, 'regression.*'. o Add 'regression.securelevel_nonmonotonic', conditional on 'options REGRESSION', which allows the securelevel to be lowered for the purposes of efficient regression testing of securelevel policy decisions. Regression tests for securelevels will be committed shortly. NOTE: 'options REGRESSION' should never be used on production machines, as it permits violation of system invariants so as to improve the ability to effectively test edge cases, and improve testing efficiency.
2001-10-07 03:51:22 +00:00
SYSCTL_INT(_regression, OID_AUTO, securelevel_nonmonotonic, CTLFLAG_RW,
&regression_securelevel_nonmonotonic, 0, "securelevel may be lowered");
o General style improvemnts. Submitted by: bde
2001-11-08 15:31:19 +00:00
#endif
o Introduce an 'options REGRESSION'-dependant sysctl namespaces, 'regression.*'. o Add 'regression.securelevel_nonmonotonic', conditional on 'options REGRESSION', which allows the securelevel to be lowered for the purposes of efficient regression testing of securelevel policy decisions. Regression tests for securelevels will be committed shortly. NOTE: 'options REGRESSION' should never be used on production machines, as it permits violation of system invariants so as to improve the ability to effectively test edge cases, and improve testing efficiency.
2001-10-07 03:51:22 +00:00
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
static int
Previous commit changing SYSCTL_HANDLER_ARGS violated KNF. Pointed out by: bde
2000-07-04 11:25:35 +00:00
sysctl_kern_securelvl(SYSCTL_HANDLER_ARGS)
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
{
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor)
2009-05-27 14:11:23 +00:00
struct prison *pr, *cpr;
int descend, error, level;
o Remove double-indentation of sysctl_kern_securelvl. This change is consistent with the one other function in the file, and prevents long lines in up-coming changes. This nominally pulls kern_mib.c a little further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
Simple p_ucred -> td_ucred changes to start using the per-thread ucred reference.
2002-02-27 18:32:23 +00:00
pr = req->td->td_ucred->cr_prison;
o Cache the process's struct prison so as to create a more visually appealing code structure. In particular, s/req->p->p_ucred->cr_prison/pr/ Requested by: imp, jhb, jake, other hangers on
2001-11-06 20:09:33 +00:00
o Remove double-indentation of sysctl_kern_securelvl. This change is consistent with the one other function in the file, and prevents long lines in up-coming changes. This nominally pulls kern_mib.c a little further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
/*
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor)
2009-05-27 14:11:23 +00:00
* Reading the securelevel is easy, since the current jail's level
* is known to be at least as secure as any higher levels. Perform
* a lockless read since the securelevel is an integer.
o Remove double-indentation of sysctl_kern_securelvl. This change is consistent with the one other function in the file, and prevents long lines in up-coming changes. This nominally pulls kern_mib.c a little further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
*/
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor)
2009-05-27 14:11:23 +00:00
level = pr->pr_securelevel;
o Remove double-indentation of sysctl_kern_securelvl. This change is consistent with the one other function in the file, and prevents long lines in up-coming changes. This nominally pulls kern_mib.c a little further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
error = sysctl_handle_int(oidp, &level, 0, req);
if (error || !req->newptr)
return (error);
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor)
2009-05-27 14:11:23 +00:00
/* Permit update only if the new securelevel exceeds the old. */
sx_slock(&allprison_lock);
mtx_lock(&pr->pr_mtx);
if (!regression_securelevel_nonmonotonic &&
level < pr->pr_securelevel) {
mtx_unlock(&pr->pr_mtx);
sx_sunlock(&allprison_lock);
return (EPERM);
}
pr->pr_securelevel = level;
o Remove double-indentation of sysctl_kern_securelvl. This change is consistent with the one other function in the file, and prevents long lines in up-coming changes. This nominally pulls kern_mib.c a little further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
/*
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor)
2009-05-27 14:11:23 +00:00
* Set all child jails to be at least this level, but do not lower
* them (even if regression_securelevel_nonmonotonic).
o Remove double-indentation of sysctl_kern_securelvl. This change is consistent with the one other function in the file, and prevents long lines in up-coming changes. This nominally pulls kern_mib.c a little further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
*/
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor)
2009-05-27 14:11:23 +00:00
FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend) {
if (cpr->pr_securelevel < level)
cpr->pr_securelevel = level;
o Remove double-indentation of sysctl_kern_securelvl. This change is consistent with the one other function in the file, and prevents long lines in up-coming changes. This nominally pulls kern_mib.c a little further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
}
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings. Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge(). Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call. Approved by: bz (mentor)
2009-05-27 14:11:23 +00:00
mtx_unlock(&pr->pr_mtx);
sx_sunlock(&allprison_lock);
o Remove double-indentation of sysctl_kern_securelvl. This change is consistent with the one other function in the file, and prevents long lines in up-coming changes. This nominally pulls kern_mib.c a little further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
return (error);
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
}
o Modify kern.securelevel MIB entry to return a local securelevel, if one is present in the current jail, otherwise, to return the global securelevel. o If the securelevel is being updated, require that it be greater than the maximum of local and global, if a local securelevel exists, otherwise, just maximum of the global. If there is a local securelevel, update the local one instead of the global one. o Note: this does allow local securelevels to lag behind the global one as long as the local one is not updated following a global increase. Obtained from: TrustedBSD Project
2001-09-26 20:39:48 +00:00
SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel,
CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_PRISON, 0, 0, sysctl_kern_securelvl,
"I", "Current secure level");
Dammit. Trimmed an extra sysctl when I moved kern.suser_permitted from kern_mib.c to kern_prot.c. This commit should restore it, as well as fix the resulting build problems. Submitted by: asmodai
2000-06-07 18:54:41 +00:00
Handle !INCLUDE_CONFIG_FILE entirely in the kernel. This should make some developers happy, since it will let them to use old config(8) with newer kernels. Reviewed by: imp Approved by: imp
2007-05-16 16:08:04 +00:00
#ifdef INCLUDE_CONFIG_FILE
Improve INCLUDE_CONFIG_FILE support. This change will let us to have full configuration of a running kernel available in sysctl: sysctl -b kern.conftxt The same configuration is also contained within the kernel image. It can be obtained with: config -x <kernelfile> Current functionality lets you to quickly recover kernel configuration, by simply redirecting output from commands presented above and starting kernel build procedure. "include" statements are also honored, which means options and devices from included files are also included. Please note that comments from configuration files are not preserved by default. In order to preserve them, you can use -C flag for config(8). This will bring configuration file and included files literally; however, redirection to a file no longer works directly. This commit was followed by discussion, that took place on freebsd-current@. For more details, look here: http://lists.freebsd.org/pipermail/freebsd-current/2007-March/069994.html http://lists.freebsd.org/pipermail/freebsd-current/2007-May/071844.html Development of this patch took place in Perforce, hierarchy: //depot/user/wkoszek/wkoszek_kconftxt/ Support from: freebsd-current@ (links above) Reviewed by: imp@ Approved by: imp@
2007-05-12 19:38:18 +00:00
/* Actual kernel configuration options. */
extern char kernconfstring[];
static int
sysctl_kern_config(SYSCTL_HANDLER_ARGS)
{
Simplify the kernel configuration file return code. Reviewed by: wkoszek
2007-05-28 20:41:10 +00:00
return (sysctl_handle_string(oidp, kernconfstring,
strlen(kernconfstring), req));
Improve INCLUDE_CONFIG_FILE support. This change will let us to have full configuration of a running kernel available in sysctl: sysctl -b kern.conftxt The same configuration is also contained within the kernel image. It can be obtained with: config -x <kernelfile> Current functionality lets you to quickly recover kernel configuration, by simply redirecting output from commands presented above and starting kernel build procedure. "include" statements are also honored, which means options and devices from included files are also included. Please note that comments from configuration files are not preserved by default. In order to preserve them, you can use -C flag for config(8). This will bring configuration file and included files literally; however, redirection to a file no longer works directly. This commit was followed by discussion, that took place on freebsd-current@. For more details, look here: http://lists.freebsd.org/pipermail/freebsd-current/2007-March/069994.html http://lists.freebsd.org/pipermail/freebsd-current/2007-May/071844.html Development of this patch took place in Perforce, hierarchy: //depot/user/wkoszek/wkoszek_kconftxt/ Support from: freebsd-current@ (links above) Reviewed by: imp@ Approved by: imp@
2007-05-12 19:38:18 +00:00
}
Simplify the kernel configuration file return code. Reviewed by: wkoszek
2007-05-28 20:41:10 +00:00
Improve INCLUDE_CONFIG_FILE support. This change will let us to have full configuration of a running kernel available in sysctl: sysctl -b kern.conftxt The same configuration is also contained within the kernel image. It can be obtained with: config -x <kernelfile> Current functionality lets you to quickly recover kernel configuration, by simply redirecting output from commands presented above and starting kernel build procedure. "include" statements are also honored, which means options and devices from included files are also included. Please note that comments from configuration files are not preserved by default. In order to preserve them, you can use -C flag for config(8). This will bring configuration file and included files literally; however, redirection to a file no longer works directly. This commit was followed by discussion, that took place on freebsd-current@. For more details, look here: http://lists.freebsd.org/pipermail/freebsd-current/2007-March/069994.html http://lists.freebsd.org/pipermail/freebsd-current/2007-May/071844.html Development of this patch took place in Perforce, hierarchy: //depot/user/wkoszek/wkoszek_kconftxt/ Support from: freebsd-current@ (links above) Reviewed by: imp@ Approved by: imp@
2007-05-12 19:38:18 +00:00
SYSCTL_PROC(_kern, OID_AUTO, conftxt, CTLTYPE_STRING|CTLFLAG_RW,
0, 0, sysctl_kern_config, "", "Kernel configuration file");
Don't export a kern.conftxt sysctl, except when INCLUDE_CONF_FILE is defined. This restores the old behavior, and eliminates the dependency on the kernconf.tmpl when INCLUDE_CONFIG_FILE isn't included in the kernel config. There were many people in the terminal room that had almost, but not quite, up-to-date config files that this helps. I don't know if this is the result of skew among the cvsup servers, or some other more subtle problem. However, this fix should work for any config of recent vintage (I tested with the latest, and one before the recent changes, and eye-balled the intermediate versions). Reviewed by: the terminal room crew
2007-05-17 05:05:12 +00:00
#endif
Improve INCLUDE_CONFIG_FILE support. This change will let us to have full configuration of a running kernel available in sysctl: sysctl -b kern.conftxt The same configuration is also contained within the kernel image. It can be obtained with: config -x <kernelfile> Current functionality lets you to quickly recover kernel configuration, by simply redirecting output from commands presented above and starting kernel build procedure. "include" statements are also honored, which means options and devices from included files are also included. Please note that comments from configuration files are not preserved by default. In order to preserve them, you can use -C flag for config(8). This will bring configuration file and included files literally; however, redirection to a file no longer works directly. This commit was followed by discussion, that took place on freebsd-current@. For more details, look here: http://lists.freebsd.org/pipermail/freebsd-current/2007-March/069994.html http://lists.freebsd.org/pipermail/freebsd-current/2007-May/071844.html Development of this patch took place in Perforce, hierarchy: //depot/user/wkoszek/wkoszek_kconftxt/ Support from: freebsd-current@ (links above) Reviewed by: imp@ Approved by: imp@
2007-05-12 19:38:18 +00:00
Introduce a new lock, hostname_mtx, and use it to synchronize access to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates. Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted. MFC after: 3 weeks
2008-07-05 13:10:10 +00:00
static int
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
sysctl_hostid(SYSCTL_HANDLER_ARGS)
Introduce a new lock, hostname_mtx, and use it to synchronize access to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates. Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted. MFC after: 3 weeks
2008-07-05 13:10:10 +00:00
{
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
struct prison *pr, *cpr;
u_long tmpid;
int descend, error;
/*
* Like sysctl_hostname, except it operates on a u_long
* instead of a string, and is used only for hostid.
*/
pr = req->td->td_ucred->cr_prison;
if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr)
return (EPERM);
tmpid = pr->pr_hostid;
error = sysctl_handle_long(oidp, &tmpid, 0, req);
Introduce a new lock, hostname_mtx, and use it to synchronize access to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates. Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted. MFC after: 3 weeks
2008-07-05 13:10:10 +00:00
if (req->newptr != NULL && error == 0) {
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
sx_slock(&allprison_lock);
while (!(pr->pr_flags & PR_HOST))
pr = pr->pr_parent;
mtx_lock(&pr->pr_mtx);
pr->pr_hostid = tmpid;
FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend)
if (cpr->pr_flags & PR_HOST)
descend = 0;
else
cpr->pr_hostid = tmpid;
mtx_unlock(&pr->pr_mtx);
sx_sunlock(&allprison_lock);
Introduce a new lock, hostname_mtx, and use it to synchronize access to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates. Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted. MFC after: 3 weeks
2008-07-05 13:10:10 +00:00
}
return (error);
}
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
2009-05-29 21:27:12 +00:00
SYSCTL_PROC(_kern, KERN_HOSTID, hostid,
CTLTYPE_ULONG | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE,
NULL, 0, sysctl_hostid, "LU", "Host ID");
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
Actually declare the kern.features sysctl node. Pointy hat to: jhb
2007-12-31 22:03:57 +00:00
SYSCTL_NODE(_kern, OID_AUTO, features, CTLFLAG_RD, 0, "Kernel Features");
Add 'compat_freebsd[4567]' features corresponding to the kernel options COMPAT_FREEBSD[4567]. MFC after: 1 week Requested by: kris
2008-01-17 22:46:32 +00:00
#ifdef COMPAT_FREEBSD4
FEATURE(compat_freebsd4, "Compatible with FreeBSD 4");
#endif
#ifdef COMPAT_FREEBSD5
FEATURE(compat_freebsd5, "Compatible with FreeBSD 5");
#endif
#ifdef COMPAT_FREEBSD6
FEATURE(compat_freebsd6, "Compatible with FreeBSD 6");
#endif
#ifdef COMPAT_FREEBSD7
FEATURE(compat_freebsd7, "Compatible with FreeBSD 7");
#endif
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
/*
* This is really cheating. These actually live in the libc, something
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
* which I'm not quite sure is a good idea anyway, but in order for
Move the "mib" variables out to their own file.
1996-04-07 13:03:06 +00:00
* getnext and friends to actually work, we define dummies here.
*/
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_STRING(_user, USER_CS_PATH, cs_path, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
"", 0, "PATH that finds all the standard utilities");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_BC_BASE_MAX, bc_base_max, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Max ibase/obase values in bc(1)");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_BC_DIM_MAX, bc_dim_max, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Max array size in bc(1)");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_BC_SCALE_MAX, bc_scale_max, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Max scale value in bc(1)");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_BC_STRING_MAX, bc_string_max, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Max string length in bc(1)");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_COLL_WEIGHTS_MAX, coll_weights_max, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Maximum number of weights assigned to an LC_COLLATE locale entry");
Oops, read-only is spelled RD here.
1996-09-28 15:53:30 +00:00
SYSCTL_INT(_user, USER_EXPR_NEST_MAX, expr_nest_max, CTLFLAG_RD, 0, 0, "");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_LINE_MAX, line_max, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Max length (bytes) of a text-processing utility's input line");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_RE_DUP_MAX, re_dup_max, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Maximum number of repeats of a regexp permitted");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_POSIX2_VERSION, posix2_version, CTLFLAG_RD,
0, 0,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
"The version of POSIX 1003.2 with which the system attempts to comply");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_POSIX2_C_BIND, posix2_c_bind, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Whether C development supports the C bindings option");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_POSIX2_C_DEV, posix2_c_dev, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Whether system supports the C development utilities option");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_POSIX2_CHAR_TERM, posix2_char_term, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_POSIX2_FORT_DEV, posix2_fort_dev, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Whether system supports FORTRAN development utilities");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_POSIX2_FORT_RUN, posix2_fort_run, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Whether system supports FORTRAN runtime utilities");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_POSIX2_LOCALEDEF, posix2_localedef, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Whether system supports creation of locales");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_POSIX2_SW_DEV, posix2_sw_dev, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Whether system supports software development utilities");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_POSIX2_UPE, posix2_upe, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Whether system supports the user portability utilities");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_STREAM_MAX, stream_max, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Min Maximum number of streams a process may have open at one time");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_user, USER_TZNAME_MAX, tzname_max, CTLFLAG_RD,
Add sysctl descriptions to many SYSCTL_XXXs PR: kern/11197 Submitted by: Adrian Chadd <adrian@FreeBSD.org> Reviewed by: billf(spelling/style/minor nits) Looked at by: bde(style)
1999-05-03 23:57:32 +00:00
0, 0, "Min Maximum number of types supported for timezone names");
Add sysctl tree debug.sizeof to tell us how big things are. First two entries are struct proc and struct vnode.
1999-07-19 09:13:12 +00:00
#include <sys/vnode.h>
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_debug_sizeof, OID_AUTO, vnode, CTLFLAG_RD,
Add sysctl tree debug.sizeof to tell us how big things are. First two entries are struct proc and struct vnode.
1999-07-19 09:13:12 +00:00
0, sizeof(struct vnode), "sizeof(struct vnode)");
o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good grief.
2001-11-08 15:20:00 +00:00
SYSCTL_INT(_debug_sizeof, OID_AUTO, proc, CTLFLAG_RD,
Add sysctl tree debug.sizeof to tell us how big things are. First two entries are struct proc and struct vnode.
1999-07-19 09:13:12 +00:00
0, sizeof(struct proc), "sizeof(struct proc)");
add debug.sizeof.specinfo
1999-07-20 07:19:32 +00:00
Separate the struct bio related stuff out of <sys/buf.h> into <sys/bio.h>. <sys/bio.h> is now a prerequisite for <sys/buf.h> but it shall not be made a nested include according to bdes teachings on the subject of nested includes. Diskdrivers and similar stuff below specfs::strategy() should no longer need to include <sys/buf.> unless they need caching of data. Still a few bogus uses of struct buf to track down. Repocopy by: peter
2000-05-05 09:59:14 +00:00
#include <sys/bio.h>
Draw the outline of "struct bio". Struct bio is the future carrier of I/O requests for "struct buf".
2000-04-02 09:26:51 +00:00
#include <sys/buf.h>
SYSCTL_INT(_debug_sizeof, OID_AUTO, bio, CTLFLAG_RD,
0, sizeof(struct bio), "sizeof(struct bio)");
SYSCTL_INT(_debug_sizeof, OID_AUTO, buf, CTLFLAG_RD,
0, sizeof(struct buf), "sizeof(struct buf)");
Implement a unified run queue and adjust priority levels accordingly. - All processes go into the same array of queues, with different scheduling classes using different portions of the array. This allows user processes to have their priorities propogated up into interrupt thread range if need be. - I chose 64 run queues as an arbitrary number that is greater than 32. We used to have 4 separate arrays of 32 queues each, so this may not be optimal. The new run queue code was written with this in mind; changing the number of run queues only requires changing constants in runq.h and adjusting the priority levels. - The new run queue code takes the run queue as a parameter. This is intended to be used to create per-cpu run queues. Implement wrappers for compatibility with the old interface which pass in the global run queue structure. - Group the priority level, user priority, native priority (before propogation) and the scheduling class into a struct priority. - Change any hard coded priority levels that I found to use symbolic constants (TTIPRI and TTOPRI). - Remove the curpriority global variable and use that of curproc. This was used to detect when a process' priority had lowered and it should yield. We now effectively yield on every interrupt. - Activate propogate_priority(). It should now have the desired effect without needing to also propogate the scheduling class. - Temporarily comment out the call to vm_page_zero_idle() in the idle loop. It interfered with propogate_priority() because the idle process needed to do a non-blocking acquire of Giant and then other processes would try to propogate their priority onto it. The idle process should not do anything except idle. vm_page_zero_idle() will return in the form of an idle priority kernel thread which is woken up at apprioriate times by the vm system. - Update struct kinfo_proc to the new priority interface. Deliberately change its size by adjusting the spare fields. It remained the same size, but the layout has changed, so userland processes that use it would parse the data incorrectly. The size constraint should really be changed to an arbitrary version number. Also add a debug.sizeof sysctl node for struct kinfo_proc.
2001-02-12 00:20:08 +00:00
#include <sys/user.h>
SYSCTL_INT(_debug_sizeof, OID_AUTO, kinfo_proc, CTLFLAG_RD,
0, sizeof(struct kinfo_proc), "sizeof(struct kinfo_proc)");
Improve the way that an elf image activator for an alternate word size is included in the kernel. Include imgact_elf.c in conf/files, instead of both imgact_elf32.c and imgact_elf64.c, which will use the default word size for an architecture as defined in machine/elf.h. Architectures that wish to build an additional image activator for an alternate word size can include either imgact_elf32.c or imgact_elf64.c in files.${ARCH}, which allows it to be dependent on MD options instead of solely on architecture. Glanced at by: peter
2003-01-04 22:07:48 +00:00
- Provide backwards compatibility for kern.fallback_elf_brand. - Use the generic elf type macros in imgact_elf.h instead of ifdefing the entire contents of the header.
2003-01-05 03:48:14 +00:00
/* XXX compatibility, remove for 6.0 */
#include <sys/imgact.h>
#include <sys/imgact_elf.h>
SYSCTL_INT(_kern, OID_AUTO, fallback_elf_brand, CTLFLAG_RW,
&__elfN(fallback_brand), sizeof(__elfN(fallback_brand)),
"compatibility for kern.fallback_elf_brand");
Reference in New Issue Copy Permalink