d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bf9b367941
freebsd-dev/usr.sbin
History
Bjoern A. Zeeb 413628a7e3 MFp4: 
Bring in updated jail support from bz_jail branch.

This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..

SCTP support was updated and supports IPv6 in jails as well.

Cpuset support permits jails to be bound to specific processor
sets after creation.

Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.

DDB 'show jails' command was added to aid debugging.

Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.

Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.

Bump __FreeBSD_version for the afore mentioned and in kernel changes.

Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
  and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
  help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
  suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
  on cluster machines as well as all the testers and people
  who provided feedback the last months on freebsd-jail and
  other channels.
- My employer, CK Software GmbH, for the support so I could work on this.

Reviewed by:	(see above)
MFC after:	3 months (this is just so that I get the mail)
X-MFC Before:   7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
..
ac Sort sections. 2005-01-18 20:02:45 +00:00
accton
acpi Update to reflect reality: 2008-05-20 12:07:02 +00:00
adduser The original adduser/rmuser scripts in Perl used to modify the PATH 2008-07-30 18:37:21 +00:00
amd Don't always link statically with libwrap. By the time amd(8) 2008-03-29 18:13:15 +00:00
ancontrol Remove duplicate headers <sys/socket.h> 2008-04-21 07:25:26 +00:00
apm Make apm(8) understand AC Line state 2 as "backup power". 2005-05-30 18:44:43 +00:00
apmd getopt(3) returns -1, not EOF when out of args. 2007-02-05 07:35:23 +00:00
arp Spell "blackhole" correctly and fix one grammar nit. 2008-03-24 22:57:55 +00:00
asf Make grammar a bit more consistent in this document. 2006-12-20 06:21:51 +00:00
audit Enable building of OpenBSM command line tools: 2006-02-02 10:15:30 +00:00
auditd Enable building of OpenBSM command line tools: 2006-02-02 10:15:30 +00:00
auditreduce auditreduce now requires OpenBSM's config/config.h, so add that to the 2006-09-25 11:56:20 +00:00
authpf Do not bypass WARNS machinery by hadcoding -Werror into CFLAGS. 2006-09-21 18:16:22 +00:00
bluetooth Straighten out those pesky SDP records for the Bluetooth 2008-11-25 21:54:42 +00:00
boot0cfg - Improve error message given on g_providername call failure. 2008-09-30 07:18:49 +00:00
boot98cfg Correct typo in usage message. 2007-12-19 03:31:44 +00:00
bootparamd Remove a useless cast. 2008-08-02 00:10:02 +00:00
bsnmpd Only build the bsnmpd netgraph module if MK_NETGRAPH_SUPPORT is set. 2008-10-02 14:26:56 +00:00
btxld Allow for a zero length 'loader'. 2008-04-05 10:26:20 +00:00
burncd - Remove MLINKS to nonexistant manpages 2005-07-14 20:29:08 +00:00
cdcontrol - Enhance volume handling 2008-07-14 13:22:09 +00:00
chkgrp Fix a bug introduced in revision 1.9 which causes chkgrp to coredump on 2005-08-25 17:01:06 +00:00
chown Expand *n't contractions. 2005-02-13 22:25:33 +00:00
chroot
ckdist Constify return value of stripath and avoid unnecessary deconst 2008-11-19 00:09:01 +00:00
clear_locks Add missing library dependency. 2008-03-29 18:07:06 +00:00
config Allow multiple makeoption lines to be used with the += operator, this permits 2008-11-22 21:12:47 +00:00
cpucontrol - Fix error reporting. 2008-08-12 09:47:50 +00:00
crashinfo Add a script to perform simple analysis of a crash dump (either a full 2008-08-05 20:41:46 +00:00
cron remove a pointless prototype and static-fy the corresponding function 2008-11-18 01:19:25 +00:00
crunch Introduce crunchide to the ELF e_machine MIPS values. 2008-09-03 16:21:28 +00:00
ctm Expand *n't contractions. 2005-02-13 22:25:33 +00:00
cxgbtool - Fix regression with GETMEM 2008-09-10 01:10:17 +00:00
daemon Unbreak rev 1.7's getopt usage. The -f switch does not take an argument. 2007-04-19 16:43:30 +00:00
dconschat Set the default escape character as described in the manpage of dconschat(8). 2007-07-12 13:08:00 +00:00
devinfo Bump up the limit for when to print the resources for a given resource 2007-10-27 13:06:15 +00:00
digictl Sort sections. 2005-01-18 20:02:45 +00:00
diskinfo Print provider's ident when in verbose mode. 2007-05-06 00:25:21 +00:00
dnssec-keygen Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
dnssec-signzone Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
dumpcis damn. Always do make depend. Forgot to recompile main because of it, 2008-11-20 08:32:19 +00:00
editmap Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
edquota Drag this code kicking and screaming into the twenty-first century. 2008-07-02 15:51:59 +00:00
eeprom Flush my typo fix queue for this directory. 2006-12-05 23:20:14 +00:00
extattr Invoke err() with a format string rather than directly with a passed 2008-07-15 16:07:34 +00:00
extattrctl Fixed the misplaced $FreeBSD$. 2005-02-09 18:07:17 +00:00
faithd Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
fdcontrol Force the use of the tbl(1) preprocessor. 2006-10-25 10:44:59 +00:00
fdformat Fix a nit noticed during translation. 2007-02-28 10:24:34 +00:00
fdread Remove unused variables. 2006-07-20 09:38:46 +00:00
fdwrite Expand *n't contractions. 2005-02-13 22:25:33 +00:00
fifolog Populate usage() 2008-05-14 23:29:02 +00:00
flowctl Implement "verbose" optional keyword for "show" command. This is analog 2005-03-23 09:40:18 +00:00
freebsd-update In freebsd-update IDS, strip out file flags before we look for 2008-08-08 04:34:00 +00:00
ftp-proxy Link pf 4.1 to the build: 2007-07-03 12:46:08 +00:00
fwcontrol Sweep this man page a bit: 2008-09-11 22:11:41 +00:00
getfmac Remove unnecessary SRCS= where could be guessed directly by our 2005-01-27 14:52:47 +00:00
getpmac Remove unnecessary SRCS= where could be guessed directly by our 2005-01-27 14:52:47 +00:00
gssd Tiny typo fix and remove 'example' from a "real" manpage. 2008-11-05 09:42:05 +00:00
gstat - Allow gstat to print values to different kind of outputs. 2008-10-07 10:25:27 +00:00
ifmcstat mdoc fix: Add missing .El request 2007-10-30 16:04:23 +00:00
inetd o inetd(8) requires wait/nowait column in inetd.conf for 2008-01-12 21:09:48 +00:00
iostat Fix the device name spacing. 2008-09-11 09:55:54 +00:00
ip6addrctl Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
ipfwpcap Add a signal handler for SIGINT to make sure that the PID file 2007-10-12 14:57:39 +00:00
IPXrouted Use printf formats which match the variable types without casts so we 2007-11-17 23:09:39 +00:00
jail MFp4: 2008-11-29 14:32:14 +00:00
jexec MFp4: 2008-11-29 14:32:14 +00:00
jls MFp4: 2008-11-29 14:32:14 +00:00
kbdcontrol Some clarifications to make keyboard configuration under syscons. 2008-01-29 18:28:50 +00:00
kbdmap Output keymap choice to stderr so it is easier to parse for apps chained to 2007-08-27 21:56:42 +00:00
kernbb
keyserv Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
kgmon Correct a typo 2006-06-29 09:18:16 +00:00
kgzip Sort sections. 2005-01-18 20:02:45 +00:00
kldxref These are the things that the tinderbox has problems with because it 2007-11-20 02:07:30 +00:00
lastlogin
lmcconfig Style. 2006-09-01 09:24:28 +00:00
lpr use bigger local variable to calculate free space 2008-09-01 12:32:40 +00:00
lptcontrol Remove useless mode argument to open(). 2005-01-25 14:25:18 +00:00
mailstats Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
mailwrapper Markup fixes. 2006-09-29 17:57:04 +00:00
makemap Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
manctl
memcontrol Correct formatting of pointers in the listing by using "0x%" PRIx64 instead of 2005-03-29 20:17:47 +00:00
mergemaster No need to run rm ${COMPFILE} after mm_install() - mm_install() 2008-11-11 02:13:21 +00:00
mixer mixer(8) is WARNS=6 clean since 1.25. 2008-03-16 08:06:36 +00:00
mld6query These IPv6-only tools have no explicit dependency on the INET6 macro. 2006-07-27 15:31:13 +00:00
mlxcontrol Make mlxcontrol work with more than one system drive: 2008-09-12 17:40:17 +00:00
mount_nwfs Use sysctlbyname() instead of sysctl 2006-05-11 17:23:57 +00:00
mount_portalfs Decrease to WARNS=3. 2007-01-20 23:24:11 +00:00
mount_smbfs Convert mount_smbfs to use nmount(). 2005-11-16 02:47:12 +00:00
mountd Implement support for RPCSEC_GSS authentication to both the NFS client 2008-11-03 10:38:00 +00:00
moused Improve the virtual scrolling mechanism to make middle clicking less 2008-05-15 15:05:02 +00:00
mptable Expand *n't contractions. 2005-02-13 22:25:33 +00:00
mtest Import rewrite of IPv4 socket multicast layer to support source-specific 2007-06-12 16:24:56 +00:00
mtree Add the mtree.5 manpage. I'll come back soon and 2008-01-01 06:15:57 +00:00
named Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
named-checkconf Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
named-checkzone Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
named.reload Switch from BIND 8 to BIND 9. 2004-09-21 19:01:48 +00:00
ndiscvt remove reference for unexisting ndisapi(9) 2008-07-23 05:50:17 +00:00
ndp Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
newsyslog Fix 6-year old cut&paste error. The # could be escaped with '\', not 2008-06-26 07:02:47 +00:00
nfsd Implement support for RPCSEC_GSS authentication to both the NFS client 2008-11-03 10:38:00 +00:00
ngctl Modify the DoParseCommand() to work on (const char *) instead of just 2008-06-28 12:31:30 +00:00
nghook Sort sections. 2005-01-18 20:02:45 +00:00
nologin Update nologin(5) to match the modern reality of login.conf(5) and PAM. 2007-05-10 11:22:24 +00:00
nscd Slightly adjust code logic: we allocate a "size"ed length of memory, not 2008-10-23 00:31:15 +00:00
ntp - fix typo 2008-11-18 23:38:47 +00:00
nvram Revise markup. 2006-09-30 19:07:03 +00:00
ofwdump De-sparc64-ify (now that it's also installed on PowerPC). 2008-01-31 14:58:55 +00:00
pciconf Add ADMA, SATA and SAS mass storage subclasses. 2008-11-13 19:49:16 +00:00
periodic - The weekly periodic runs occur on Saturday mornings, not on Sunday mornings 2007-09-07 21:54:45 +00:00
pkg_install Display usage when pkg_add is called with no arguments. 2008-10-17 15:10:45 +00:00
pmcannotate Import an initial revision of the pmcannotate tool. 2008-11-26 21:44:57 +00:00
pmccontrol Ignore absent CPUs when listing the current state of PMC hardware. 2008-11-16 04:26:38 +00:00
pmcstat Add the -m option to pmcstat. 2008-11-25 23:24:29 +00:00
pnpinfo Remove alpha left-overs. 2006-08-22 08:03:01 +00:00
portsnap - remove superfluous word 2008-09-15 16:30:06 +00:00
powerd Restore original frequency on exit. 2008-11-18 15:48:23 +00:00
ppp Make ppp use <termios.h>, not <sys/tty.h>. 2008-06-05 17:46:32 +00:00
pppctl Expand *n't contractions. 2005-02-13 22:25:33 +00:00
pppd Add missing <stdlib.h> for exit() 2007-11-07 10:57:35 +00:00
pppstats Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
praliases Remove kludges intended to support src trees with partial obj trees. 2005-06-10 06:12:53 +00:00
praudit Enable building of OpenBSM command line tools: 2006-02-02 10:15:30 +00:00
procctl
pstat Clamp the values of t_column to 5 digits in pstat -t' and show all ttys'. 2008-11-01 13:40:46 +00:00
pw Use arc4random_uniform() to avoid "modulo bias" 2008-08-16 15:41:03 +00:00
pwd_mkdb Correctly handle an input file without a newline on the last line (and 2005-06-15 10:13:04 +00:00
quot Make `quot -a' work when we've got slashes in the device name. 2008-09-14 11:50:19 +00:00
quotaon Drag this code kicking and screaming into the twenty-first century. 2008-07-02 15:51:59 +00:00
rarpd Fixed the misplaced $FreeBSD$. 2005-02-09 18:07:17 +00:00
raycontrol Expand *n't contractions. 2005-02-13 22:25:33 +00:00
repquota Drag this code kicking and screaming into the twenty-first century. 2008-07-02 15:51:59 +00:00
rip6query Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
rmt Remove rexecd(8), a server that implements a particularly insecure 2005-06-10 20:52:36 +00:00
rndc Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
rndc-confgen Update bmake glue for the BIND 9.4.1 import. 2007-06-02 23:19:58 +00:00
route6d Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
rpc.lockd Re-implement the client side of rpc.lockd in the kernel. This implementation 2008-06-26 10:21:54 +00:00
rpc.statd Re-implement the client side of rpc.lockd in the kernel. This implementation 2008-06-26 10:21:54 +00:00
rpc.umntall Use clnt_create_timed() instead of clnt_create(). The former has an 2005-05-27 00:05:16 +00:00
rpc.yppasswdd - Whenever a password/shell is changed via rpc.yppasswdd, the daemon leaves 2008-10-30 01:54:31 +00:00
rpc.ypupdated Kill blank line at EOF. 2007-02-15 02:45:14 +00:00
rpc.ypxfrd o There is no securenets(5) man page, refer to ypserv(8). 2006-11-02 07:36:33 +00:00
rpcbind No network addresses in the system isn't a good excuse 2008-02-14 20:12:23 +00:00
rrenumd Cleanup of userland __P use 2007-11-07 10:53:41 +00:00
rtadvd Change 2 arc4random modulo operations to arc4random_uniform() as 2008-07-26 15:39:32 +00:00
rtprio Sort sections. 2005-01-18 20:02:45 +00:00
rtsold Change arc4random to arc4random_uniform since modulo is not power of 2, 2008-07-26 15:46:39 +00:00
rwhod - Avoid a memory leak if realloc(3) fails by using reallocf(3) 2005-06-03 17:38:33 +00:00
sa Ensure that the -s flag truncates the accounting data. 2008-02-21 07:12:56 +00:00
sade Move sysinstall/sade away from TIOCGSIZE. 2008-05-23 14:24:33 +00:00
sendmail This FFR is no longer needed in sendmail 8.14 2007-04-09 01:45:52 +00:00
setfib - Use static for usage() 2008-10-17 21:11:09 +00:00
setfmac An average consumer of fts(3) that avoids keeping pointers to old 2008-01-29 17:50:29 +00:00
setpmac Remove unnecessary SRCS= where could be guessed directly by our 2005-01-27 14:52:47 +00:00
sicontrol Remove sicontrol(8)'s "ttystat". 2008-06-09 08:43:27 +00:00
sliplogin Remove an unused variable and a useless getuid() declaration. 2005-04-09 15:00:51 +00:00
slstat Correct xref to systat(1) which was mispelled as ststat(1) in 1.5. 2005-11-29 16:33:44 +00:00
smbmsg Force the use of the tbl(1) preprocessor. 2006-10-25 10:44:59 +00:00
snapinfo Imagine a situation where: 2007-03-16 12:36:54 +00:00
spkrtest
spray
sysinstall Add ale(4) to the list of supported network interface. 2008-11-12 10:01:16 +00:00
syslogd Add a flag, -T, that tells syslogd to always replace the timestamp on 2008-09-25 09:28:18 +00:00
tcpdchk Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
tcpdmatch Reimplementation of world/kernel build options. For details, see: 2006-03-17 18:54:44 +00:00
tcpdrop Normalize usage output. 2007-10-31 13:49:20 +00:00
tcpdump Update for tcpdump 3.9.8 2007-10-16 02:32:44 +00:00
timed Remove spurious duplicated defination of sock. 2008-09-24 00:04:51 +00:00
traceroute Add AS lookup functionality. On each hop we query a whois server to 2008-02-20 23:29:53 +00:00
traceroute6 Give traceroute6 the ability to traceroute with packets with no 2008-02-10 21:06:38 +00:00
trpt Obey MK_INET6_SUPPORT. 2006-07-27 14:52:12 +00:00
tzsetup - Replace rcsid with __FBSDID. 2008-06-03 22:34:52 +00:00
ugidfw Add some new options to mac_bsdestended. We can now match on: 2006-04-23 17:06:18 +00:00
usbconfig src/sys/dev/usb2/controller/uss820dci_pccard.c 2008-11-19 08:56:35 +00:00
usbdevs
vidcontrol Tweak some wording and markup. 2006-12-22 23:23:59 +00:00
vipw s/insure/ensure/ in previous commit. My dictionary and m-w.com say they 2005-10-28 22:47:40 +00:00
watch Convert the snp(4) driver to use cdevpriv. 2008-08-15 13:07:07 +00:00
watchdogd Don't exit from watchdogd on receiving a signal if we cannot stop the watchdog. 2006-12-15 22:47:36 +00:00
wlandebug misc cleanups for stricter compilation 2008-05-28 23:37:37 +00:00
wlconfig
wpa 'Strict EAP conformance' makes more sense here than 'String EAP 2008-11-21 18:15:39 +00:00
yp_mkdb Expand *n't contractions. 2005-02-13 22:25:33 +00:00
ypbind Don't rely on private RPC data structures when there is a perfectly good 2008-09-15 14:01:40 +00:00
yppoll
yppush Remove unsafe use of asynchronous I/O (the SIGIO handler could cause 2006-08-16 12:58:41 +00:00
ypserv Add -P <port> option to allow binding to a specific port. 2008-02-03 17:39:37 +00:00
ypset Increase helpfulness in diagnostic message - ypbind running without -ypset or 2007-02-28 22:49:12 +00:00
zic Finish a few more .Dl "quoted" arguments missed in revision 184984 2008-11-15 06:41:57 +00:00
zzz
Makefile Import an initial revision of the pmcannotate tool. 2008-11-26 21:44:57 +00:00
Makefile.inc