Commit Graph

65 Commits

Author SHA1 Message Date
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Dmitrij Tejblum
5cc4ab5323 Regenerate (padding for pread and pwrite). 1999-04-04 21:43:36 +00:00
Alan Cox
4160ccd978 Added pread and pwrite. These functions are defined by the X/Open
Threads Extension.  (Note: We use the same syscall numbers as NetBSD.)

Submitted by:	John Plevyak <jplevyak@inktomi.com>
1999-03-27 21:16:58 +00:00
Peter Wemm
de8a10f07a regenerate (+kldsym) 1998-11-11 12:57:05 +00:00
David Greenman
dd0b2081f4 Implemented zero-copy TCP/IP extensions via sendfile(2) - send a
file to a stream socket. sendfile(2) is similar to implementations in
HP-UX, Linux, and other systems, but the API is more extensive and
addresses many of the complaints that the Apache Group and others have
had with those other implementations. Thanks to Marc Slemko of the
Apache Group for helping me work out the best API for this.
Anyway, this has the "net" result of speeding up sends of files over
TCP/IP sockets by about 10X (that is to say, uses 1/10th of the CPU
cycles) when compared to a traditional read/write loop.
1998-11-05 14:28:26 +00:00
Doug Rabson
c49265d091 Regnerate. 1998-08-24 08:32:19 +00:00
Bruce Evans
414c93f3aa Updated generated files. 1998-06-08 11:08:35 +00:00
Peter Wemm
06b6493558 regen after signanosleep nuke 1998-05-14 11:29:06 +00:00
John Dyson
1f56217280 Fix the futimes/undelete/utrace conflict with other BSD's. Note that
the only common  usage of utrace (the possible problem with this
commit) is with malloc, so this should be a real problem.  Add
the various NetBSD syscalls that allow full emulation of their
development environment.
1998-05-11 03:55:28 +00:00
Peter Dufault
8a6472b723 Finish _POSIX_PRIORITY_SCHEDULING. Needs P1003_1B and
_KPOSIX_PRIORITY_SCHEDULING options to work.  Changes:

Change all "posix4" to "p1003_1b".  Misnamed files are left
as "posix4" until I'm told if I can simply delete them and add
new ones;

Add _POSIX_PRIORITY_SCHEDULING system calls for FreeBSD and Linux;

Add man pages for _POSIX_PRIORITY_SCHEDULING system calls;

Add options to LINT;

Minor fixes to P1003_1B code during testing.
1998-03-28 11:51:01 +00:00
Bruce Evans
a92ae47539 Updated generated files. 1998-02-03 17:52:21 +00:00
Poul-Henning Kamp
c5b193bfba Retire LFS.
If you want to play with it, you can find the final version of the
code in the repository the tag LFS_RETIREMENT.

If somebody makes LFS work again, adding it back is certainly
desireable, but as it is now nobody seems to care much about it,
and it has suffered considerable bitrot since its somewhat haphazard
integration.

R.I.P
1998-01-30 11:34:06 +00:00
Eivind Eklund
4027779c22 Regenerate after changing makesyscalls.sh. 1997-12-16 22:27:22 +00:00
Eivind Eklund
5591b823d1 Make COMPAT_43 and COMPAT_SUNOS new-style options. 1997-12-16 17:40:42 +00:00
Poul-Henning Kamp
e83f76772d Remade syscalls.master derived files. 1997-10-26 20:28:54 +00:00
Peter Wemm
921af254ca Regenerate _after_ the commit to syscalls.master 1997-09-15 02:03:45 +00:00
Poul-Henning Kamp
7822f1c624 Add a __getcwd() syscall. This is intentionally undocumented, but all
it does is to try to figure the pwd out from the vfs namecache, and
return a reversed string to it.  libc:getcwd() is responsible for
flipping it back.
1997-09-14 16:51:31 +00:00
Peter Wemm
818661c8f6 Regenerate (added poll etc) 1997-09-14 02:23:46 +00:00
Peter Wemm
217cb20cdc Regenerate 1997-08-19 05:57:04 +00:00
Bruce Evans
e747e4bcc1 Updated generated files (makesyscalls.sh changed). Only sysproto.h
really changed.
1997-06-29 17:47:32 +00:00
John Dyson
2c1011f7ef Modifications to existing files to support the initial AIO/LIO and
kernel based threading support.
1997-06-16 00:29:36 +00:00
Peter Wemm
83a6ec5e6a Regenerate 1997-06-01 08:56:12 +00:00
Peter Wemm
3a5322f2f0 regenerate 1997-05-08 14:08:49 +00:00
Doug Rabson
cea6c86c11 This is the kernel linker. To use it, you will first need to apply
the patches in freefall:/home/dfr/ld.diffs to your ld sources and set
BINFORMAT to aoutkld when linking the kernel.

Library changes and userland utilities will appear in a later commit.
1997-05-07 16:05:47 +00:00
Peter Wemm
7ec6369d7e Regenerate (added issetugid) 1997-03-31 14:55:05 +00:00
Peter Wemm
f77da2867a Regenerate 1997-03-31 12:17:45 +00:00
Peter Wemm
d050e1a8a0 Regenerate to include correct Id string 1997-02-22 12:52:35 +00:00
John Dyson
996c772f58 This is the kernel Lite/2 commit. There are some requisite userland
changes, so don't expect to be able to run the kernel as-is (very well)
without the appropriate Lite/2 userland changes.

The system boots and can mount UFS filesystems.

Untested: ext2fs, msdosfs, NFS
Known problems: Incorrect Berkeley ID strings in some files.
		Mount_std mounts will not work until the getfsent
		library routine is changed.

Reviewed by:	various people
Submitted by:	Jeffery Hsu <hsu@freebsd.org>
1997-02-10 02:22:35 +00:00
Bruce Evans
713aa001e2 Updated generated files. 1997-01-16 15:59:31 +00:00
Poul-Henning Kamp
e6c4b9ba32 Add the utrace(caddr_t addr,size_t len) syscall, that will store the
data pointed at in a ktrace file, if this process is being ktrace'ed.
I'm using this to profile malloc usage.
The advantage is that there is no context around this call, ie, no
open file or socket, so it will work in any process, and you can
decide if you want it to collect data or not.
1996-09-19 19:49:13 +00:00
Sujal Patel
c2bbab53f4 Reran makesyscalls.sh after changing select()'s first argument to 'int'. 1996-08-20 07:20:29 +00:00
Peter Wemm
d66a506616 Mega-commit for Linux emulator update.. This has been stress tested under
netscape-2.0 for Linux running all the Java stuff.  The scrollbars are now
working, at least on my machine. (whew! :-)

I'm uncomfortable with the size of this commit, but it's too
inter-dependant to easily seperate out.

The main changes:

COMPAT_LINUX is *GONE*.  Most of the code has been moved out of the i386
machine dependent section into the linux emulator itself.  The int 0x80
syscall code was almost identical to the lcall 7,0 code and a minor tweak
allows them to both be used with the same C code.  All kernels can now
just modload the lkm and it'll DTRT without having to rebuild the kernel
first.  Like IBCS2, you can statically compile it in with "options LINUX".

A pile of new syscalls implemented, including getdents(), llseek(),
readv(), writev(), msync(), personality().  The Linux-ELF libraries want
to use some of these.

linux_select() now obeys Linux semantics, ie: returns the time remaining
of the timeout value rather than leaving it the original value.

Quite a few bugs removed, including incorrect arguments being used in
syscalls..  eg:  mixups between passing the sigset as an int, vs passing
it as a pointer and doing a copyin(), missing return values, unhandled
cases, SIOC* ioctls, etc.

The build for the code has changed.  i386/conf/files now knows how
to build linux_genassym and generate linux_assym.h on the fly.

Supporting changes elsewhere in the kernel:

The user-mode signal trampoline has moved from the U area to immediately
below the top of the stack (below PS_STRINGS).  This allows the different
binary emulations to have their own signal trampoline code (which gets rid
of the hardwired syscall 103 (sigreturn on BSD, syslog on Linux)) and so
that the emulator can provide the exact "struct sigcontext *" argument to
the program's signal handlers.

The sigstack's "ss_flags" now uses SS_DISABLE and SS_ONSTACK flags, which
have the same values as the re-used SA_DISABLE and SA_ONSTACK which are
intended for sigaction only.  This enables the support of a SA_RESETHAND
flag to sigaction to implement the gross SYSV and Linux SA_ONESHOT signal
semantics where the signal handler is reset when it's triggered.

makesyscalls.sh no longer appends the struct sysentvec on the end of the
generated init_sysent.c code.  It's a lot saner to have it in a seperate
file rather than trying to update the structure inside the awk script. :-)

At exec time, the dozen bytes or so of signal trampoline code are copied
to the top of the user's stack, rather than obtaining the trampoline code
the old way by getting a clone of the parent's user area.  This allows
Linux and native binaries to freely exec each other without getting
trampolines mixed up.
1996-03-02 19:38:20 +00:00
Peter Wemm
bad4352830 reran makesyscalls.sh after "int len" -> "size_t len" changes. 1996-03-02 17:01:36 +00:00
Peter Wemm
e89de7b5c3 Run makesyscalls to regen the tables. 1996-02-23 18:31:34 +00:00
Bruce Evans
9f29a57754 Removed stale #includes of "opt_sysvipc.h". 1996-01-20 21:36:31 +00:00
Poul-Henning Kamp
99cb299316 Add an option NFS_NOSERVER which saves 100K in the install kernel (or
any other kernel that uses it).  Use with option NFS.
1996-01-13 23:27:58 +00:00
Peter Wemm
81090119af (gulp!) reran makesyscalls..
sysv_ipc.c: add stub functions that either simply return (for the hooks
in kern_fork/kern_exit) or log() a messgae and call enosys() (for the
syscalls).  sysv_ipc.c will become "standard" in conf/files and has
#ifs for all the permutations.
1996-01-08 04:30:48 +00:00
Garrett Wollman
50c73f3620 Convert SYSV IPC to new-style options. (I hope I got everything...)
The LKMs will need an extra file, to come later.
1996-01-04 20:29:06 +00:00
Garrett Wollman
db6a20e23e Converted two options over to the new scheme: USER_LDT and KTRACE. 1996-01-03 21:42:35 +00:00
Peter Wemm
295ab04920 Regenerated from syscalls.master... 1995-12-15 04:46:32 +00:00
Bruce Evans
c484c256a5 Updated machine-generated files. 1995-11-12 04:29:37 +00:00
Steven Wallace
4887ee51b2 Remake generated files to reflect makesyscalls.sh changes 1995-10-07 06:29:30 +00:00
Bruce Evans
c1b0bf4649 Update machine-generated files. 1995-09-19 13:56:09 +00:00
Andrey A. Chernov
e876c909da Make setreuid/setregid active syscalls 1995-04-23 12:22:06 +00:00
David Greenman
bc4c84cf7e Added a third "flags" argument to msync() ...as other systems have. 1995-03-25 16:52:24 +00:00
Bruce Evans
b5e8ce9f12 Add and move declarations to fix all of the warnings from `gcc -Wimplicit'
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
1995-03-16 18:17:34 +00:00
David Greenman
403ef252fa Removed obsolete vtrace() remnants. 1995-03-04 03:24:45 +00:00
Søren Schmidt
1e1e0b4463 First attempt to run linux binaries. This is only the changes needed to
the generic kernel. The actual emulator is a separate LKM. (not finished
yet, sorry).
Submitted by:	sos@freebsd.org & sef@kithrup.com
1995-02-14 19:23:22 +00:00
Garrett Wollman
23f6ed01aa Actually enable NTP kernel PLL. (Oops!)
Noticed by Pete Carah.
1994-12-14 17:57:47 +00:00
Andreas Schulz
94e6bbfc64 pick up the changes from a makesyscall.sh run. The multiple lkmnosys
declarations should now be gone.
1994-11-10 23:59:47 +00:00