d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix the test prohibiting jails from sharing IP addresses.

Browse Source 
It's not supposed to be legal for two jails to contain the same IP address,
unless both jails contain only that one address.  This is the behavior
documented in jail(8), and is there to prevent confusion when multiple
jails are listening on IADDR_ANY.

VIMAGE jails (now the default for GENERIC kernels) test this correctly,
but non-VIMAGE jails have been performing an incomplete test when nested
jails are used.

Approved by:	re@ (kib@)
MFC after:	5 days
This commit is contained in:
Jamie Gritton 2018-10-06 02:10:32 +00:00
parent 877a050958
commit 08b4333399
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=339211
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/kern/kern_jail.c
View File

@ -1393,11 +1393,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
* there is a duplicate on a jail with more than one
* IP stop checking and return error.
*/
tppr = ppr;
#ifdef VIMAGE
for (; tppr != &prison0; tppr = tppr->pr_parent)
for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
if (tppr->pr_flags & PR_VNET)
break;
#else
tppr = &prison0;
#endif
FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
if (tpr == pr ||
@ -1460,11 +1461,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
}
}
/* Check for conflicting IP addresses. */
tppr = ppr;
#ifdef VIMAGE
for (; tppr != &prison0; tppr = tppr->pr_parent)
for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
if (tppr->pr_flags & PR_VNET)
break;
#else
tppr = &prison0;
#endif
FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
if (tpr == pr ||