Commit Graph

239 Commits

Author SHA1 Message Date
Peter Wemm
e96c1fdc3f Minor tweaks to make sure (new) prerequisites for <sys/buf.h> (mostly
splbio()/splx()) are #included in time.
1999-06-27 11:44:22 +00:00
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Poul-Henning Kamp
f711d546d2 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
Poul-Henning Kamp
6a5d592ae8 Purging lint from the Bruce filter. 1999-03-30 09:00:45 +00:00
Poul-Henning Kamp
7f4173cc09 Fix some nasty hangs if garbage were passed.
Noticed by:	Emmanuel DELOGET <pixel@DotCom.FR>
Remembered by:	msmith
1999-03-23 14:23:15 +00:00
Doug Rabson
ce02431ffa * Change sysctl from using linker_set to construct its tree using SLISTs.
This makes it possible to change the sysctl tree at runtime.

* Change KLD to find and register any sysctl nodes contained in the loaded
  file and to unregister them when the file is unloaded.

Reviewed by: Archie Cobbs <archie@whistle.com>,
	Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
1999-02-16 10:49:55 +00:00
Poul-Henning Kamp
86415b71f9 Back out last change to sysctl.
It was nay'ed before committing on the grounds that this is not
the way to do it, and has been decided as such several times in
the past.

There is not point in loading gobs of ascii into the kernel when
the only use of that ascii is presentation to the user.

Next thing we'd be adding all section 4 man pages to the loaded
kernel as well.

The argument about KLD's is bogus, klds can store a file in
/usr/share/doc/sysctl/dev/foo/thisvar.txt with a description and
sysctl or other facilities can pick it up there.

Proper documentation will take several K worth of text for many
sysctl variables, we don't want that in the kernel under any
circumstances.

I will welcome any well thought out attempt at improving the
situation wrt. sysctl documentation, but this wasn't it.
1999-01-10 07:45:33 +00:00
Dag-Erling Smørgrav
302a110207 Add kernel support for sysctl descriptions. The NO_SYSCTL_DESCRIPTIONS option
disables them if they're not wanted; in that case, sysctl_sysctl_descr will
always return an empty string.

Apporved by:	jkh
1999-01-10 05:33:43 +00:00
Doug Rabson
486bddb033 Fix some 64bit truncation problems which crept into SYSCTL_LONG() with the
last cleanup.  Since the oid_arg2 field of struct sysctl_oid is not wide
enough to hold a long, the SYSCTL_LONG() macro has been modified to only
support exporting long variables by pointer instead of by value.

Reviewed by: bde
1998-12-27 18:03:29 +00:00
Don Lewis
2b648ac0a1 Add a generic flag, CTLFLAG_SECURE, which can be used to mark a sysctl
variable unwriteable when securelevel > 0.
Reviewed by: jdp, eivind
1998-12-13 07:19:13 +00:00
Archie Cobbs
2127f26023 Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.

These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.

Reviewed by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	Mike Spengler <mks@networkcs.com>
1998-12-04 22:54:57 +00:00
Peter Wemm
aa855a598d *gulp*. Jordan specifically OK'ed this..
This is the bulk of the support for doing kld modules.  Two linker_sets
were replaced by SYSINIT()'s.  VFS's and exec handlers are self registered.
kld is now a superset of lkm.  I have converted most of them, they will
follow as a seperate commit as samples.
This all still works as a static a.out kernel using LKM's.
1998-10-16 03:55:01 +00:00
Bruce Evans
e99ea9ec2b Ignore the statically configured vfs type numbers and assign vfs
type numbers in vfs attach order (modulo incomplete reuse of old
numbers after vfs LKMs are unloaded).  This requires reinitializing
the sysctl tree (or at least the vfs subtree) for vfs's that support
sysctls (currently only nfs).  sysctl_order() already handled
reinitialization reasonably except it checked for annulled self
references in the wrong place.

Fixed sysctls for vfs LKMs.
1998-09-05 17:13:28 +00:00
Bruce Evans
134e06fe71 Fixed bogotification of pseudocode for syscall args by rev.1.53 of
syscalls.master.
1998-09-05 14:30:11 +00:00
Doug Rabson
069e9bc1b4 Change various syscalls to use size_t arguments instead of u_int.
Add some overflow checks to read/write (from bde).

Change all modifications to vm_page::flags, vm_page::busy, vm_object::flags
and vm_object::paging_in_progress to use operations which are not
interruptable.

Reviewed by: Bruce Evans <bde@zeta.org.au>
1998-08-24 08:39:39 +00:00
Eivind Eklund
5591b823d1 Make COMPAT_43 and COMPAT_SUNOS new-style options. 1997-12-16 17:40:42 +00:00
Poul-Henning Kamp
cb226aaa62 Move the "retval" (3rd) parameter from all syscall functions and put
it in struct proc instead.

This fixes a boatload of compiler warning, and removes a lot of cruft
from the sources.

I have not removed the /*ARGSUSED*/, they will require some looking at.

libkvm, ps and other userland struct proc frobbing programs will need
recompiled.
1997-11-06 19:29:57 +00:00
Poul-Henning Kamp
a1c995b626 Last major round (Unless Bruce thinks of somthing :-) of malloc changes.
Distribute all but the most fundamental malloc types.  This time I also
remembered the trick to making things static:  Put "static" in front of
them.

A couple of finer points by:	bde
1997-10-12 20:26:33 +00:00
Poul-Henning Kamp
55166637cd Distribute and statizice a lot of the malloc M_* types.
Substantial input from:	bde
1997-10-11 18:31:40 +00:00
Bruce Evans
4e7506495b Include <sys/buf.h> instead of <sys/vnode.h>. kern_sysctl.c no
longer has anything to do with vnodes and never had anything to do
with buffers, but it needs the definitions of B_READ and B_WRITE
for use with the bogus useracc() interface and was getting them
bogusly due to excessive cleanups in rev.1.49.
1997-04-09 15:23:09 +00:00
Peter Wemm
6875d25465 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Bruce Evans
1fbf1f7140 Fixed garbage being returned for constant int values, e.g., for
KERN_SAVED_IDS.

Should be in 2.2.

Reviewed by:	phk
Found by:	NIST-PCTS
1996-12-15 14:38:46 +00:00
Bruce Evans
3f6a052a89 Fixed bogus casts (const on the wrong *' in **') in a qsort-comparision
function.
1996-09-03 22:26:31 +00:00
Bruce Evans
09a8dfa260 Don't depend in the kernel on the gcc feature of doing arithmetic on
pointers of type `void *'.  Warn about this in future.
1996-08-31 14:48:13 +00:00
Nate Williams
1c346c7092 Implemented 'kern_sysctl', which differs from 'userland_sysctl' in that
it assumes all of the data exists in the kernel.  Also, fix
sysctl_new-kernel (unused until now) which had reversed operands to
bcopy().

Reviewed by:	phk

Poul writes:
... actually the lock/sleep/wakeup cruft shouldn't be needed in the
kernel version I think, but just leave it there for now.
1996-06-10 16:23:42 +00:00
Poul-Henning Kamp
7a69d9230f If handler function returns EAGAIN, restart operation. 1996-06-06 17:17:54 +00:00
Poul-Henning Kamp
61220614a8 Fix a longstanding bug and a buglet of no significance.
Now net.ipx works.

Noticed by:	John Hay -- John.Hay@csir.co.za
1996-04-13 13:28:54 +00:00
Poul-Henning Kamp
45ec3b3838 Move the "mib" variables out to their own file. 1996-04-07 13:03:06 +00:00
Jeffrey Hsu
04d41bbeb7 From Lite2: rename fs to vfs.
Reviewed by:	davidg & bde
1996-03-11 02:18:23 +00:00
Peter Wemm
a1d2540fa0 Fix the reversed source and dest args to bcopy() in the kernel space
sysctl handler (ouch!)

Add a "const" qualifier to the source of the copyin() and copyout()
functions - the other const warning in kern_sysctl.c was silenced when
copyout was declared as having a const source.. (which it is)
1996-01-01 17:05:07 +00:00
Poul-Henning Kamp
3ac9f819ae Add an obscure feature, needed for debugging. 1995-12-17 21:11:22 +00:00
Poul-Henning Kamp
87b6de2b76 A Major staticize sweep. Generates a couple of warnings that I'll deal
with later.
A number of unused vars removed.
A number of unused procs removed or #ifdefed.
1995-12-14 08:32:45 +00:00
David Greenman
efeaf95a41 Untangled the vm.h include file spaghetti. 1995-12-07 12:48:31 +00:00
Poul-Henning Kamp
65d0bc1387 A couple of minor tweaks to the sysctl stuff. 1995-12-06 13:27:39 +00:00
Bruce Evans
4cb03b1b55 Include <vm/vm.h> or <vm/vm_page.h> explicitly to avoid breaking when
vnode_if.h doesn't include vm stuff.
1995-12-05 21:51:45 +00:00
Poul-Henning Kamp
946bb7a268 A major sweep over the sysctl stuff.
Move a lot of variables home to their own code (In good time before xmas :-)

Introduce the string descrition of format.

Add a couple more functions to poke into these marvels, while I try to
decide what the correct interface should look like.

Next is adding vars on the fly, and sysctl looking at them too.

Removed a tine bit of defunct and #ifdefed notused code in swapgeneric.
1995-12-04 16:48:58 +00:00
Poul-Henning Kamp
4b2af45f4b Mega commit for sysctl.
Convert the remaining sysctl stuff to the new way of doing things.
the devconf stuff is the reason for the large number of files.
Cleaned up some compiler warnings while I were there.
1995-11-20 12:42:39 +00:00
Poul-Henning Kamp
5204129576 All net.* sysctl converted now. 1995-11-16 19:00:27 +00:00
Poul-Henning Kamp
43f242265a Do what is generally belived to be the right thing, though it may not be :-) 1995-11-14 20:43:29 +00:00
Poul-Henning Kamp
d457bade76 Final part of this bunch of sysctl commits: cleanup. 1995-11-14 09:42:22 +00:00
Poul-Henning Kamp
af8364b0ad Get rid of the last debug sysctl variables of the old style. 1995-11-14 09:40:06 +00:00
Poul-Henning Kamp
9565c0e60d Get rid of hostnamelen variable. 1995-11-14 09:37:22 +00:00
Poul-Henning Kamp
a9ad941c7a Move all the VM sysctl stuff home where it belongs. 1995-11-14 09:29:34 +00:00
Poul-Henning Kamp
16cd04a3b8 A couple of nitpicks. 1995-11-14 09:26:17 +00:00
Poul-Henning Kamp
f7152c81a0 Convert dumpdev & securelevel. 1995-11-14 09:22:15 +00:00
Poul-Henning Kamp
549a075acc KERN_MAXFILESPERPROC, KERN_MAXFILES went to another file. 1995-11-14 09:17:32 +00:00
Poul-Henning Kamp
27aef04699 Get rid of domainnamelen. 1995-11-14 09:10:54 +00:00
Poul-Henning Kamp
a52752a457 Move KERN_NTP to a more suitable file. 1995-11-14 09:07:14 +00:00
Poul-Henning Kamp
45a4ad1146 Move the process-table stuff to a more suitable file.
Remove filetable stuff from kern_sysctl.c
1995-11-14 09:05:40 +00:00
Poul-Henning Kamp
deae269ab1 Try to make my new scheme work more along the lines of the manual.
There are still some gray areas here and there.
1995-11-13 13:54:09 +00:00
Poul-Henning Kamp
ae0eb976c5 The entire sysctl callback to read/write version. I havn't tested this as
much as I'd like to, but the malloc stunt I tried for an interim for
sure does worse.
Now we can read and write from any kind of address-space, not only
user and kernel, using callbacks.
This may be over-generalization for now, but it's actually simpler.
1995-11-12 19:52:09 +00:00
Bruce Evans
d2d3e8751c Included <sys/sysproto.h> to get central declarations for syscall args
structs and prototypes for syscalls.

Ifdefed duplicated decentralized declarations of args structs.  It's
convenient to have this visible but they are hard to maintain.  Some
are already different from the central declarations.  4.4lite2 puts
them in comments in the function headers but I wanted to avoid the
large changes for that.
1995-11-12 06:43:28 +00:00
Bruce Evans
3c8e79dd2b Fixed type of sysctl_order_cmp().
KNFized sysctl_order_cmp().
Staticized definition of kern_sysctl() to match its declaration.
1995-11-11 00:09:21 +00:00
Poul-Henning Kamp
69feb38841 Fix a minor buglet. 1995-11-10 16:22:41 +00:00
Poul-Henning Kamp
6ff1bbebdf convert more sysctl variables. 1995-11-10 09:58:53 +00:00
Poul-Henning Kamp
b8da239623 Make the old compat functions use the sysctl front door, rather than
crashing through the walls.
This should save Peters blood pressure and netscapes uname call.
1995-11-09 20:22:12 +00:00
Poul-Henning Kamp
787d58f201 Fix some of the sysctl broke, and add a lot more to it. 1995-11-08 08:48:36 +00:00
Poul-Henning Kamp
2e21099372 On working the new sysctl vars a bit I realized that I needed more generality.
This is here now.  We can now access (the new) sysctl variables from the
kernel too and using functions to handle access is more sane now.
I will now attack sysctl variables in the rest of the kernel and get them
all converted to newspeak.
1995-11-06 16:18:52 +00:00
Poul-Henning Kamp
3a34a5c3b8 Sorry, the last commit screwed up for me, this is the right one (I hope!)
Please refer to the previous commit message about sysctl variables.
1995-10-28 13:07:28 +00:00
Poul-Henning Kamp
b396cd832c Rewamp the way we make sysctl variables to be easier to cope with.
The goal is to make them "user-friendly" :-)

In the end this will allow a SNMP style "getnext" function, sysctl editing
in the boot-editor and/or debugger, LKMs can define sysctl vars when
they get loaded, and remove them when unloaded and other interesting
uses for dynamic sysctl variables.
1995-10-28 12:59:25 +00:00
Mike Pritchard
e145373611 Fix the sysctl string routines to return as much of the
string as possible and return ENOMEM if the entire string cannot
be returned.  This brings the routines in line with how the man
page says they work, and how the calling routines are expecting
them to work.  This allows the dummy uname() routine in libc to
obtain the version string, since the kernel version string is
longer than that normally returned by the uname() routine.
This is 3/4 of the fix for PR# 462.

Reviewed by: Bruce Evans
1995-07-31 10:07:31 +00:00
David Greenman
1c8fc26cb0 Fixed panic in fill_eproc() caused by inadequate checking for NULL pointers. 1995-07-28 18:04:47 +00:00
Peter Wemm
6ece4a516d This implements enough of the BSDI extensions to the net-2 ogetkerninfo()
syscall to allow applications linked against their libc's uname() to
work.  Netscape 1.1N being a prime example, which prints:
"uname() failed. cant tell what system we're running on".
This change is a little ugly, but that's mainly because of the "interesting"
semantics of the BSDI extension.
Since ogetkerninfo() is only enabled by COMPAT_43, Netscape will only
be affected on kernels with that option (eg: "GENERIC")
Reviewed by:	davidg
1995-07-09 02:49:30 +00:00
Rodney W. Grimes
9b2e535452 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
Garrett Wollman
5bb4f73817 The death of `options NODUMP'. Now the dump area can be dynamically
configured (and unconfigured) on the fly.  A sysctl(3) MIB variable is
provided to inspect and modify the dump device setting.
1995-05-12 19:17:31 +00:00
Bruce Evans
b5e8ce9f12 Add and move declarations to fix all of the warnings from `gcc -Wimplicit'
(except in netccitt, netiso and netns) and most of the warnings from
`gcc -Wnested-externs'.  Fix all the bugs found.  There were no serious
ones.
1995-03-16 18:17:34 +00:00
Guido van Rooij
e6373c9ec0 Implement maxprocperuid and maxfilesperproc. They are tunable
via sysctl(8). The initial value of maxprocperuid is maxproc-1,
that of maxfilesperproc is maxfiles (untill maxfile will disappear)

Now it is at least possible to prohibit one user opening maxfiles

-Guido

Submitted by:
Obtained from:
1995-02-20 19:42:42 +00:00
David Greenman
be6a1d148e Fixed multiple bugs that cause null pointers to be followed or FREEed data
to be accessed if a process blocks when it is being run down.
1994-12-28 06:15:08 +00:00
Guido van Rooij
f81fcd410f Fix bug in sysctl_string so that when a string has a length that is to
short, it gets filled uop to its length. This matches the getdomainname
and gethostname manual pages.
(getbootfile also uses this function and I think it should have the same
behaviour)

This also fixes a bug with keyinit where the seed was not saved in
/etc/skeykeys. So S/Key should be fully functional again.

Reviewed by:
Submitted by:
Obtained from:
1994-12-18 13:56:50 +00:00
Bruce Evans
6124ac44aa Move declarations of public functions to <sys/sysctl.h>.
Make some private data static.

Comment about MAXPATHLEN bytes of bloat for the kernel name.
1994-11-14 13:58:30 +00:00
Garrett Wollman
8478cabaea kern_clock.c: define dk_names[][].
kern_sysctl.c: call dev_sysctl for hw.devconf mib subtree
kern_devconf.c: sysctl-accessible device-configuration and -management
	interface
1994-10-16 03:52:14 +00:00
David Greenman
824789192c Use tsleep() rather than sleep so that 'ps' is more informative about
the wait.
1994-10-06 21:07:04 +00:00
Poul-Henning Kamp
797f2d22f0 All of this is cosmetic. prototypes, #includes, printfs and so on. Makes
GCC a lot more silent.
1994-10-02 17:35:40 +00:00
Garrett Wollman
63b46ee515 Add MIB variable kern.bootfile (R/W) giving the name of the booted kernel.
Kernel variable is kernelname[].
1994-09-23 19:07:42 +00:00
Garrett Wollman
c901836c14 Implemented loadable VFS modules, and made most existing filesystems
loadable.  (NFS is a notable exception.)
1994-09-21 03:47:43 +00:00
Andrey A. Chernov
e9e2a85282 sysctl incorrectly check name[2] instead of name[1] 1994-09-19 21:07:00 +00:00
Garrett Wollman
3f31c649d1 Redo Kernel NTP PLL support, kernel side.
This code is mostly taken from the 1.1 port (which was in turn taken from
Dave Mills's kern.tar.Z example).  A few significant differences:

1) ntp_gettime() is now a MIB variable rather than a system call.  A few
fiddles are done in libc to make it behave the same.

2) mono_time does not participate in the PLL adjustments.

3) A new interface has been defined (in <machine/clock.h>) for doing
possibly machine-dependent things around the time of the clock update.
This is used in Pentium kernels to disable interrupts, set `time', and
reset the CPU cycle counter as quickly as possible to avoid jitter in
microtime().  Measurements show an apparent resolution of a bit more than
8.14usec, which is reasonable given system-call overhead.
1994-09-18 20:40:01 +00:00
Andrey A. Chernov
7a808ab73b KERN_ADJKERNTZ removed from here to cpu_sysctl MACHDEP section 1994-09-16 00:53:58 +00:00
Andrey A. Chernov
b93df24683 KERN_ADJKERNTZ added in preparation of resettodr() implementation 1994-09-14 23:21:00 +00:00
Garrett Wollman
501c23938c Define new MIB variable, hw.floatingpoint, which is true if FP hardware
is present, and false if an emulator is being used.
1994-09-09 23:13:03 +00:00
Garrett Wollman
f23b4c91c4 Fix up some sloppy coding practices:
- Delete redundant declarations.
- Add -Wredundant-declarations to Makefile.i386 so they don't come back.
- Delete sloppy COMMON-style declarations of uninitialized data in
  header files.
- Add a few prototypes.
- Clean up warnings resulting from the above.

NB: ioconf.c will still generate a redundant-declaration warning, which
is unavoidable unless somebody volunteers to make `config' smarter.
1994-08-18 22:36:09 +00:00
Garrett Wollman
9ae159169a Make it easier for programs to figure out what revision of FreeBSD they
are running under.  Here's how to bootstrap (order is important):

1) Re-compile gcc (just the driver is all you need).
2) Re-compile libc.
3) Re-compile your kernel.  Reboot.
4) cd /usr/src/include; make install

You can now detect the compilation environment with the following code:

#if !defined(__FreeBSD__)
#define __FreeBSD_version 199401
#elif __FreeBSD__ == 1
#define __FreeBSD_version 199405
#else
#include <osreldate.h>
#endif

You can determine the run-time environment by calling the new C library
function getosreldate(), or by examining the MIB variable kern.osreldate.

For the time being, the release date is defined as 199409, which we have
already established as our target.
1994-08-10 06:25:07 +00:00
Garrett Wollman
6ae6a09b83 Change default security level to -1, so that users don't get bitten by
upcoming makefile change.
1994-08-10 02:41:09 +00:00
Garrett Wollman
57034e7407 Run-time configuration of VFS update interval. Old UPDATE_INTERVAL
configuration option is no longer supported.
1994-08-08 15:41:08 +00:00
Garrett Wollman
4849be9c13 Define a sysctl MIB variable for the YP domain name. 1994-08-08 00:30:12 +00:00
David Greenman
3c4dd3568f Added $Id$ 1994-08-02 07:55:43 +00:00
Rodney W. Grimes
26f9a76710 The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.
Reviewed by:	Rodney W. Grimes
Submitted by:	John Dyson and David Greenman
1994-05-25 09:21:21 +00:00
Rodney W. Grimes
df8bae1de4 BSD 4.4 Lite Kernel Sources 1994-05-24 10:09:53 +00:00