freebsd-nq/sys/fs/procfs/procfs_vnops.c

1024 lines
24 KiB
C
Raw Normal View History

1994-05-24 10:09:53 +00:00
/*
* Copyright (c) 1993, 1995 Jan-Simon Pendry
* Copyright (c) 1993, 1995
1994-05-24 10:09:53 +00:00
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Jan-Simon Pendry.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)procfs_vnops.c 8.18 (Berkeley) 5/21/95
1994-05-24 10:09:53 +00:00
*
* $Id: procfs_vnops.c,v 1.67 1999/04/30 13:04:21 phk Exp $
1994-05-24 10:09:53 +00:00
*/
/*
* procfs vnode interface
*/
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/time.h>
#include <sys/kernel.h>
#include <sys/lock.h>
#include <sys/fcntl.h>
1994-05-24 10:09:53 +00:00
#include <sys/proc.h>
#include <sys/signalvar.h>
1994-05-24 10:09:53 +00:00
#include <sys/vnode.h>
#include <sys/namei.h>
#include <sys/dirent.h>
#include <machine/reg.h>
#include <vm/vm_zone.h>
#include <miscfs/procfs/procfs.h>
#include <sys/pioctl.h>
1994-05-24 10:09:53 +00:00
static int procfs_abortop __P((struct vop_abortop_args *));
static int procfs_access __P((struct vop_access_args *));
static int procfs_badop __P((void));
static int procfs_bmap __P((struct vop_bmap_args *));
static int procfs_close __P((struct vop_close_args *));
static int procfs_getattr __P((struct vop_getattr_args *));
static int procfs_inactive __P((struct vop_inactive_args *));
static int procfs_ioctl __P((struct vop_ioctl_args *));
static int procfs_lookup __P((struct vop_lookup_args *));
static int procfs_open __P((struct vop_open_args *));
static int procfs_print __P((struct vop_print_args *));
static int procfs_readdir __P((struct vop_readdir_args *));
static int procfs_readlink __P((struct vop_readlink_args *));
static int procfs_reclaim __P((struct vop_reclaim_args *));
static int procfs_setattr __P((struct vop_setattr_args *));
1994-05-24 10:09:53 +00:00
/*
* This is a list of the valid names in the
* process-specific sub-directories. It is
* used in procfs_lookup and procfs_readdir
*/
1998-02-09 06:11:36 +00:00
static struct proc_target {
u_char pt_type;
u_char pt_namlen;
char *pt_name;
pfstype pt_pfstype;
int (*pt_valid) __P((struct proc *p));
} proc_targets[] = {
1994-05-24 10:09:53 +00:00
#define N(s) sizeof(s)-1, s
/* name type validp */
{ DT_DIR, N("."), Pproc, NULL },
{ DT_DIR, N(".."), Proot, NULL },
{ DT_REG, N("file"), Pfile, procfs_validfile },
{ DT_REG, N("mem"), Pmem, NULL },
{ DT_REG, N("regs"), Pregs, procfs_validregs },
{ DT_REG, N("fpregs"), Pfpregs, procfs_validfpregs },
{ DT_REG, N("ctl"), Pctl, NULL },
{ DT_REG, N("status"), Pstatus, NULL },
{ DT_REG, N("note"), Pnote, NULL },
{ DT_REG, N("notepg"), Pnotepg, NULL },
{ DT_REG, N("map"), Pmap, procfs_validmap },
{ DT_REG, N("etype"), Ptype, procfs_validtype },
{ DT_REG, N("cmdline"), Pcmdline, NULL },
{ DT_REG, N("rlimit"), Prlimit, NULL },
1994-05-24 10:09:53 +00:00
#undef N
};
static const int nproc_targets = sizeof(proc_targets) / sizeof(proc_targets[0]);
1994-05-24 10:09:53 +00:00
static pid_t atopid __P((const char *, u_int));
/*
* set things up for doing i/o on
* the pfsnode (vp). (vp) is locked
* on entry, and should be left locked
* on exit.
*
* for procfs we don't need to do anything
* in particular for i/o. all that is done
* is to support exclusive open on process
* memory images.
*/
static int
1994-05-24 10:09:53 +00:00
procfs_open(ap)
struct vop_open_args /* {
struct vnode *a_vp;
int a_mode;
struct ucred *a_cred;
struct proc *a_p;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
struct pfsnode *pfs = VTOPFS(ap->a_vp);
1997-10-27 15:39:01 +00:00
struct proc *p1, *p2;
1997-10-27 15:39:01 +00:00
p2 = PFIND(pfs->pfs_pid);
if (p2 == NULL)
1997-10-27 15:39:01 +00:00
return (ENOENT);
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
if (!PRISON_CHECK(ap->a_p, p2))
return (ENOENT);
1994-05-24 10:09:53 +00:00
switch (pfs->pfs_type) {
case Pmem:
if (((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL)) ||
((pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE)))
1994-05-24 10:09:53 +00:00
return (EBUSY);
1997-10-27 15:39:01 +00:00
p1 = ap->a_p;
if (!CHECKIO(p1, p2) &&
!procfs_kmemaccess(p1))
1997-10-27 15:39:01 +00:00
return (EPERM);
1994-05-24 10:09:53 +00:00
if (ap->a_mode & FWRITE)
pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL);
return (0);
default:
break;
}
return (0);
}
/*
* close the pfsnode (vp) after doing i/o.
* (vp) is not locked on entry or exit.
*
* nothing to do for procfs other than undo
* any exclusive open flag (see _open above).
*/
static int
1994-05-24 10:09:53 +00:00
procfs_close(ap)
struct vop_close_args /* {
struct vnode *a_vp;
int a_fflag;
struct ucred *a_cred;
struct proc *a_p;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
struct pfsnode *pfs = VTOPFS(ap->a_vp);
struct proc *p;
1994-05-24 10:09:53 +00:00
switch (pfs->pfs_type) {
case Pmem:
if ((ap->a_fflag & FWRITE) && (pfs->pfs_flags & O_EXCL))
pfs->pfs_flags &= ~(FWRITE|O_EXCL);
/*
* This rather complicated-looking code is trying to
* determine if this was the last close on this particular
* vnode. While one would expect v_usecount to be 1 at
* that point, it seems that (according to John Dyson)
* the VM system will bump up the usecount. So: if the
* usecount is 2, and VOBJBUF is set, then this is really
* the last close. Otherwise, if the usecount is < 2
* then it is definitely the last close.
* If this is the last close, then it checks to see if
* the target process has PF_LINGER set in p_pfsflags,
* if this is *not* the case, then the process' stop flags
* are cleared, and the process is woken up. This is
* to help prevent the case where a process has been
* told to stop on an event, but then the requesting process
* has gone away or forgotten about it.
*/
if ((ap->a_vp->v_usecount < 2)
&& (p = pfind(pfs->pfs_pid))
&& !(p->p_pfsflags & PF_LINGER)) {
p->p_stops = 0;
p->p_step = 0;
wakeup(&p->p_step);
}
1994-05-24 10:09:53 +00:00
break;
default:
break;
1994-05-24 10:09:53 +00:00
}
return (0);
}
/*
* do an ioctl operation on a pfsnode (vp).
* (vp) is not locked on entry or exit.
*/
static int
procfs_ioctl(ap)
struct vop_ioctl_args *ap;
{
struct pfsnode *pfs = VTOPFS(ap->a_vp);
struct proc *procp, *p;
int error;
int signo;
struct procfs_status *psp;
unsigned char flags;
p = ap->a_p;
procp = pfind(pfs->pfs_pid);
if (procp == NULL) {
return ENOTTY;
}
if (!CHECKIO(p, procp))
return EPERM;
switch (ap->a_command) {
case PIOCBIS:
procp->p_stops |= *(unsigned int*)ap->a_data;
break;
case PIOCBIC:
procp->p_stops &= ~*(unsigned int*)ap->a_data;
break;
case PIOCSFL:
/*
* NFLAGS is "non-suser_xxx flags" -- currently, only
* PFS_ISUGID ("ignore set u/g id");
*/
#define NFLAGS (PF_ISUGID)
flags = (unsigned char)*(unsigned int*)ap->a_data;
if (flags & NFLAGS && (error = suser(p)))
return error;
procp->p_pfsflags = flags;
break;
case PIOCGFL:
*(unsigned int*)ap->a_data = (unsigned int)procp->p_pfsflags;
case PIOCSTATUS:
psp = (struct procfs_status *)ap->a_data;
psp->state = (procp->p_step == 0);
psp->flags = procp->p_pfsflags;
psp->events = procp->p_stops;
if (procp->p_step) {
psp->why = procp->p_stype;
psp->val = procp->p_xstat;
} else {
psp->why = psp->val = 0; /* Not defined values */
}
break;
case PIOCWAIT:
psp = (struct procfs_status *)ap->a_data;
if (procp->p_step == 0) {
error = tsleep(&procp->p_stype, PWAIT | PCATCH, "piocwait", 0);
if (error)
return error;
}
psp->state = 1; /* It stopped */
psp->flags = procp->p_pfsflags;
psp->events = procp->p_stops;
psp->why = procp->p_stype; /* why it stopped */
psp->val = procp->p_xstat; /* any extra info */
break;
case PIOCCONT: /* Restart a proc */
if (procp->p_step == 0)
return EINVAL; /* Can only start a stopped process */
if ((signo = *(int*)ap->a_data) != 0) {
if (signo >= NSIG || signo <= 0)
return EINVAL;
psignal(procp, signo);
}
procp->p_step = 0;
wakeup(&procp->p_step);
break;
default:
return (ENOTTY);
}
return 0;
}
1994-05-24 10:09:53 +00:00
/*
* do block mapping for pfsnode (vp).
* since we don't use the buffer cache
* for procfs this function should never
* be called. in any case, it's not clear
* what part of the kernel ever makes use
* of this function. for sanity, this is the
* usual no-op bmap, although returning
* (EIO) would be a reasonable alternative.
*/
static int
procfs_bmap(ap)
struct vop_bmap_args /* {
struct vnode *a_vp;
daddr_t a_bn;
struct vnode **a_vpp;
daddr_t *a_bnp;
int *a_runp;
} */ *ap;
{
if (ap->a_vpp != NULL)
*ap->a_vpp = ap->a_vp;
if (ap->a_bnp != NULL)
*ap->a_bnp = ap->a_bn;
if (ap->a_runp != NULL)
*ap->a_runp = 0;
return (0);
}
/*
* procfs_inactive is called when the pfsnode
1994-05-24 10:09:53 +00:00
* is vrele'd and the reference count goes
* to zero. (vp) will be on the vnode free
* list, so to get it back vget() must be
* used.
*
* (vp) is locked on entry, but must be unlocked on exit.
1994-05-24 10:09:53 +00:00
*/
static int
1994-05-24 10:09:53 +00:00
procfs_inactive(ap)
struct vop_inactive_args /* {
struct vnode *a_vp;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
struct vnode *vp = ap->a_vp;
1994-05-24 10:09:53 +00:00
VOP_UNLOCK(vp, 0, ap->a_p);
1994-05-24 10:09:53 +00:00
return (0);
}
/*
* _reclaim is called when getnewvnode()
* wants to make use of an entry on the vnode
* free list. at this time the filesystem needs
* to free any private data and remove the node
* from any private lists.
*/
static int
1994-05-24 10:09:53 +00:00
procfs_reclaim(ap)
struct vop_reclaim_args /* {
struct vnode *a_vp;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
return (procfs_freevp(ap->a_vp));
1994-05-24 10:09:53 +00:00
}
/*
* _print is used for debugging.
* just print a readable description
* of (vp).
*/
static int
1994-05-24 10:09:53 +00:00
procfs_print(ap)
struct vop_print_args /* {
struct vnode *a_vp;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
struct pfsnode *pfs = VTOPFS(ap->a_vp);
1998-07-11 07:46:16 +00:00
printf("tag VT_PROCFS, type %d, pid %ld, mode %x, flags %lx\n",
pfs->pfs_type, (long)pfs->pfs_pid, pfs->pfs_mode, pfs->pfs_flags);
return (0);
1994-05-24 10:09:53 +00:00
}
/*
* _abortop is called when operations such as
* rename and create fail. this entry is responsible
* for undoing any side-effects caused by the lookup.
* this will always include freeing the pathname buffer.
*/
static int
1994-05-24 10:09:53 +00:00
procfs_abortop(ap)
struct vop_abortop_args /* {
struct vnode *a_dvp;
struct componentname *a_cnp;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
if ((ap->a_cnp->cn_flags & (HASBUF | SAVESTART)) == HASBUF)
zfree(namei_zone, ap->a_cnp->cn_pnbuf);
1994-05-24 10:09:53 +00:00
return (0);
}
/*
* generic entry point for unsupported operations
*/
static int
1994-05-24 10:09:53 +00:00
procfs_badop()
{
return (EIO);
}
/*
* Invent attributes for pfsnode (vp) and store
* them in (vap).
* Directories lengths are returned as zero since
* any real length would require the genuine size
* to be computed, and nothing cares anyway.
*
* this is relatively minimal for procfs.
*/
static int
1994-05-24 10:09:53 +00:00
procfs_getattr(ap)
struct vop_getattr_args /* {
struct vnode *a_vp;
struct vattr *a_vap;
struct ucred *a_cred;
struct proc *a_p;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
struct pfsnode *pfs = VTOPFS(ap->a_vp);
struct vattr *vap = ap->a_vap;
struct proc *procp;
int error;
/*
* First make sure that the process and its credentials
* still exist.
*/
1994-05-24 10:09:53 +00:00
switch (pfs->pfs_type) {
case Proot:
case Pcurproc:
1994-05-24 10:09:53 +00:00
procp = 0;
break;
default:
procp = PFIND(pfs->pfs_pid);
if (procp == 0 || procp->p_cred == NULL ||
procp->p_ucred == NULL)
1994-05-24 10:09:53 +00:00
return (ENOENT);
}
error = 0;
/* start by zeroing out the attributes */
VATTR_NULL(vap);
/* next do all the common fields */
vap->va_type = ap->a_vp->v_type;
vap->va_mode = pfs->pfs_mode;
vap->va_fileid = pfs->pfs_fileno;
vap->va_flags = 0;
vap->va_blocksize = PAGE_SIZE;
vap->va_bytes = vap->va_size = 0;
/*
* Make all times be current TOD.
* It would be possible to get the process start
* time from the p_stat structure, but there's
* no "file creation" time stamp anyway, and the
* p_stat structure is not addressible if u. gets
* swapped out for that process.
*/
nanotime(&vap->va_ctime);
vap->va_atime = vap->va_mtime = vap->va_ctime;
1994-05-24 10:09:53 +00:00
/*
* If the process has exercised some setuid or setgid
* privilege, then rip away read/write permission so
* that only root can gain access.
*/
switch (pfs->pfs_type) {
case Pctl:
1994-05-24 10:09:53 +00:00
case Pregs:
case Pfpregs:
if (procp->p_flag & P_SUGID)
vap->va_mode &= ~((VREAD|VWRITE)|
((VREAD|VWRITE)>>3)|
((VREAD|VWRITE)>>6));
break;
case Pmem:
/* Retain group kmem readablity. */
if (procp->p_flag & P_SUGID)
vap->va_mode &= ~(VREAD|VWRITE);
break;
default:
break;
1994-05-24 10:09:53 +00:00
}
/*
* now do the object specific fields
*
* The size could be set from struct reg, but it's hardly
* worth the trouble, and it puts some (potentially) machine
* dependent data into this machine-independent code. If it
* becomes important then this function should break out into
* a per-file stat function in the corresponding .c file.
*/
vap->va_nlink = 1;
if (procp) {
vap->va_uid = procp->p_ucred->cr_uid;
vap->va_gid = procp->p_ucred->cr_gid;
}
1994-05-24 10:09:53 +00:00
switch (pfs->pfs_type) {
case Proot:
/*
* Set nlink to 1 to tell fts(3) we don't actually know.
*/
vap->va_nlink = 1;
vap->va_uid = 0;
vap->va_gid = 0;
vap->va_size = vap->va_bytes = DEV_BSIZE;
break;
case Pcurproc: {
char buf[16]; /* should be enough */
1994-05-24 10:09:53 +00:00
vap->va_uid = 0;
vap->va_gid = 0;
vap->va_size = vap->va_bytes =
snprintf(buf, sizeof(buf), "%ld", (long)curproc->p_pid);
1994-05-24 10:09:53 +00:00
break;
}
1994-05-24 10:09:53 +00:00
case Pproc:
vap->va_nlink = nproc_targets;
vap->va_size = vap->va_bytes = DEV_BSIZE;
1994-05-24 10:09:53 +00:00
break;
case Pfile:
error = EOPNOTSUPP;
break;
case Pmem:
/*
* If we denied owner access earlier, then we have to
* change the owner to root - otherwise 'ps' and friends
* will break even though they are setgid kmem. *SIGH*
*/
if (procp->p_flag & P_SUGID)
vap->va_uid = 0;
else
vap->va_uid = procp->p_ucred->cr_uid;
vap->va_gid = KMEM_GROUP;
1994-05-24 10:09:53 +00:00
break;
case Pregs:
vap->va_bytes = vap->va_size = sizeof(struct reg);
break;
1994-05-24 10:09:53 +00:00
case Pfpregs:
vap->va_bytes = vap->va_size = sizeof(struct fpreg);
break;
case Ptype:
case Pmap:
1994-05-24 10:09:53 +00:00
case Pctl:
case Pstatus:
case Pnote:
case Pnotepg:
case Pcmdline:
case Prlimit:
1994-05-24 10:09:53 +00:00
break;
default:
panic("procfs_getattr");
}
return (error);
}
static int
1994-05-24 10:09:53 +00:00
procfs_setattr(ap)
struct vop_setattr_args /* {
struct vnode *a_vp;
struct vattr *a_vap;
struct ucred *a_cred;
struct proc *a_p;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
if (ap->a_vap->va_flags != VNOVAL)
return (EOPNOTSUPP);
1994-05-24 10:09:53 +00:00
/*
* just fake out attribute setting
* it's not good to generate an error
* return, otherwise things like creat()
* will fail when they try to set the
* file length to 0. worse, this means
* that echo $note > /proc/$pid/note will fail.
*/
return (0);
}
/*
* implement access checking.
*
* something very similar to this code is duplicated
* throughout the 4bsd kernel and should be moved
* into kern/vfs_subr.c sometime.
*
* actually, the check for super-user is slightly
* broken since it will allow read access to write-only
* objects. this doesn't cause any particular trouble
* but does mean that the i/o entry points need to check
* that the operation really does make sense.
*/
static int
1994-05-24 10:09:53 +00:00
procfs_access(ap)
struct vop_access_args /* {
struct vnode *a_vp;
int a_mode;
struct ucred *a_cred;
struct proc *a_p;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
struct vattr *vap;
struct vattr vattr;
int error;
/*
* If you're the super-user,
* you always get access.
*/
if (ap->a_cred->cr_uid == 0)
1994-05-24 10:09:53 +00:00
return (0);
1994-05-24 10:09:53 +00:00
vap = &vattr;
error = VOP_GETATTR(ap->a_vp, vap, ap->a_cred, ap->a_p);
if (error)
1994-05-24 10:09:53 +00:00
return (error);
/*
* Access check is based on only one of owner, group, public.
* If not owner, then check group. If not a member of the
* group, then check public access.
*/
if (ap->a_cred->cr_uid != vap->va_uid) {
gid_t *gp;
int i;
ap->a_mode >>= 3;
1994-05-24 10:09:53 +00:00
gp = ap->a_cred->cr_groups;
for (i = 0; i < ap->a_cred->cr_ngroups; i++, gp++)
if (vap->va_gid == *gp)
goto found;
ap->a_mode >>= 3;
found:
;
}
if ((vap->va_mode & ap->a_mode) == ap->a_mode)
return (0);
return (EACCES);
}
/*
* lookup. this is incredibly complicated in the
* general case, however for most pseudo-filesystems
* very little needs to be done.
*
* unless you want to get a migraine, just make sure your
* filesystem doesn't do any locking of its own. otherwise
* read and inwardly digest ufs_lookup().
*/
static int
1994-05-24 10:09:53 +00:00
procfs_lookup(ap)
struct vop_lookup_args /* {
struct vnode * a_dvp;
struct vnode ** a_vpp;
struct componentname * a_cnp;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
struct componentname *cnp = ap->a_cnp;
struct vnode **vpp = ap->a_vpp;
struct vnode *dvp = ap->a_dvp;
char *pname = cnp->cn_nameptr;
struct proc *curp = cnp->cn_proc;
struct proc_target *pt;
struct vnode *fvp;
1994-05-24 10:09:53 +00:00
pid_t pid;
struct pfsnode *pfs;
struct proc *p;
1994-05-24 10:09:53 +00:00
int i;
*vpp = NULL;
if (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)
return (EROFS);
1994-05-24 10:09:53 +00:00
if (cnp->cn_namelen == 1 && *pname == '.') {
*vpp = dvp;
VREF(dvp);
/* vn_lock(dvp, LK_EXCLUSIVE | LK_RETRY, curp); */
1994-05-24 10:09:53 +00:00
return (0);
}
pfs = VTOPFS(dvp);
switch (pfs->pfs_type) {
case Proot:
if (cnp->cn_flags & ISDOTDOT)
return (EIO);
if (CNEQ(cnp, "curproc", 7))
return (procfs_allocvp(dvp->v_mount, vpp, 0, Pcurproc));
1994-05-24 10:09:53 +00:00
pid = atopid(pname, cnp->cn_namelen);
if (pid == NO_PID)
break;
1994-05-24 10:09:53 +00:00
p = PFIND(pid);
if (p == 0)
break;
1994-05-24 10:09:53 +00:00
return (procfs_allocvp(dvp->v_mount, vpp, pid, Pproc));
1994-05-24 10:09:53 +00:00
case Pproc:
if (cnp->cn_flags & ISDOTDOT)
return (procfs_root(dvp->v_mount, vpp));
1994-05-24 10:09:53 +00:00
p = PFIND(pfs->pfs_pid);
if (p == 0)
break;
1994-05-24 10:09:53 +00:00
for (pt = proc_targets, i = 0; i < nproc_targets; pt++, i++) {
if (cnp->cn_namelen == pt->pt_namlen &&
bcmp(pt->pt_name, pname, cnp->cn_namelen) == 0 &&
(pt->pt_valid == NULL || (*pt->pt_valid)(p)))
1994-05-24 10:09:53 +00:00
goto found;
}
break;
1994-05-24 10:09:53 +00:00
found:
if (pt->pt_pfstype == Pfile) {
fvp = procfs_findtextvp(p);
/* We already checked that it exists. */
VREF(fvp);
vn_lock(fvp, LK_EXCLUSIVE | LK_RETRY, curp);
*vpp = fvp;
return (0);
1994-05-24 10:09:53 +00:00
}
return (procfs_allocvp(dvp->v_mount, vpp, pfs->pfs_pid,
pt->pt_pfstype));
1994-05-24 10:09:53 +00:00
default:
return (ENOTDIR);
}
return (cnp->cn_nameiop == LOOKUP ? ENOENT : EROFS);
1994-05-24 10:09:53 +00:00
}
/*
* Does this process have a text file?
*/
int
procfs_validfile(p)
struct proc *p;
{
return (procfs_findtextvp(p) != NULLVP);
}
1994-05-24 10:09:53 +00:00
/*
* readdir returns directory entries from pfsnode (vp).
*
* the strategy here with procfs is to generate a single
* directory entry at a time (struct pfsdent) and then
* copy that out to userland using uiomove. a more efficent
* though more complex implementation, would try to minimize
* the number of calls to uiomove(). for procfs, this is
* hardly worth the added code complexity.
*
* this should just be done through read()
*/
static int
1994-05-24 10:09:53 +00:00
procfs_readdir(ap)
struct vop_readdir_args /* {
struct vnode *a_vp;
struct uio *a_uio;
struct ucred *a_cred;
int *a_eofflag;
int *a_ncookies;
u_long **a_cookies;
} */ *ap;
1994-05-24 10:09:53 +00:00
{
struct uio *uio = ap->a_uio;
struct pfsdent d;
struct pfsdent *dp = &d;
struct pfsnode *pfs;
int count, error, i, off;
1994-05-24 10:09:53 +00:00
pfs = VTOPFS(ap->a_vp);
off = (int)uio->uio_offset;
if (off != uio->uio_offset || off < 0 || (u_int)off % UIO_MX != 0 ||
uio->uio_resid < UIO_MX)
1994-05-24 10:09:53 +00:00
return (EINVAL);
error = 0;
count = 0;
i = (u_int)off / UIO_MX;
1994-05-24 10:09:53 +00:00
switch (pfs->pfs_type) {
/*
* this is for the process-specific sub-directories.
* all that is needed to is copy out all the entries
* from the procent[] table (top of this file).
*/
case Pproc: {
struct proc *p;
struct proc_target *pt;
p = PFIND(pfs->pfs_pid);
if (p == NULL)
break;
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
if (!PRISON_CHECK(curproc, p))
break;
for (pt = &proc_targets[i];
uio->uio_resid >= UIO_MX && i < nproc_targets; pt++, i++) {
if (pt->pt_valid && (*pt->pt_valid)(p) == 0)
continue;
1994-05-24 10:09:53 +00:00
dp->d_reclen = UIO_MX;
dp->d_fileno = PROCFS_FILENO(pfs->pfs_pid, pt->pt_pfstype);
dp->d_namlen = pt->pt_namlen;
bcopy(pt->pt_name, dp->d_name, pt->pt_namlen + 1);
dp->d_type = pt->pt_type;
if ((error = uiomove((caddr_t)dp, UIO_MX, uio)) != 0)
1994-05-24 10:09:53 +00:00
break;
}
break;
}
/*
* this is for the root of the procfs filesystem
* what is needed is a special entry for "curproc"
* followed by an entry for each process on allproc
#ifdef PROCFS_ZOMBIE
* and zombproc.
#endif
*/
case Proot: {
#ifdef PROCFS_ZOMBIE
int doingzomb = 0;
#endif
int pcnt = 0;
volatile struct proc *p = allproc.lh_first;
1994-05-24 10:09:53 +00:00
for (; p && uio->uio_resid >= UIO_MX; i++, pcnt++) {
1994-05-24 10:09:53 +00:00
bzero((char *) dp, UIO_MX);
dp->d_reclen = UIO_MX;
switch (i) {
case 0: /* `.' */
case 1: /* `..' */
dp->d_fileno = PROCFS_FILENO(0, Proot);
dp->d_namlen = i + 1;
bcopy("..", dp->d_name, dp->d_namlen);
dp->d_name[i + 1] = '\0';
dp->d_type = DT_DIR;
break;
case 2:
dp->d_fileno = PROCFS_FILENO(0, Pcurproc);
dp->d_namlen = 7;
bcopy("curproc", dp->d_name, 8);
dp->d_type = DT_LNK;
1994-05-24 10:09:53 +00:00
break;
default:
while (pcnt < i) {
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
p = p->p_list.le_next;
if (!p)
goto done;
if (!PRISON_CHECK(curproc, p))
continue;
pcnt++;
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
}
while (!PRISON_CHECK(curproc, p)) {
p = p->p_list.le_next;
if (!p)
goto done;
1994-05-24 10:09:53 +00:00
}
dp->d_fileno = PROCFS_FILENO(p->p_pid, Pproc);
dp->d_namlen = sprintf(dp->d_name, "%ld",
(long)p->p_pid);
dp->d_type = DT_REG;
p = p->p_list.le_next;
1994-05-24 10:09:53 +00:00
break;
}
if ((error = uiomove((caddr_t)dp, UIO_MX, uio)) != 0)
1994-05-24 10:09:53 +00:00
break;
}
done:
#ifdef PROCFS_ZOMBIE
if (p == 0 && doingzomb == 0) {
doingzomb = 1;
p = zombproc.lh_first;
goto again;
}
#endif
1994-05-24 10:09:53 +00:00
break;
}
default:
error = ENOTDIR;
break;
}
uio->uio_offset = i * UIO_MX;
return (error);
}
/*
* readlink reads the link of `curproc'
*/
static int
procfs_readlink(ap)
struct vop_readlink_args *ap;
{
char buf[16]; /* should be enough */
int len;
if (VTOPFS(ap->a_vp)->pfs_fileno != PROCFS_FILENO(0, Pcurproc))
return (EINVAL);
len = snprintf(buf, sizeof(buf), "%ld", (long)curproc->p_pid);
return (uiomove((caddr_t)buf, len, ap->a_uio));
}
1994-05-24 10:09:53 +00:00
/*
* convert decimal ascii to pid_t
*/
static pid_t
atopid(b, len)
const char *b;
u_int len;
{
pid_t p = 0;
while (len--) {
char c = *b++;
if (c < '0' || c > '9')
return (NO_PID);
p = 10 * p + (c - '0');
if (p > PID_MAX)
return (NO_PID);
}
return (p);
}
/*
* procfs vnode operations.
*/
vop_t **procfs_vnodeop_p;
static struct vnodeopv_entry_desc procfs_vnodeop_entries[] = {
{ &vop_default_desc, (vop_t *) vop_defaultop },
{ &vop_abortop_desc, (vop_t *) procfs_abortop },
{ &vop_access_desc, (vop_t *) procfs_access },
{ &vop_advlock_desc, (vop_t *) procfs_badop },
{ &vop_bmap_desc, (vop_t *) procfs_bmap },
{ &vop_close_desc, (vop_t *) procfs_close },
{ &vop_create_desc, (vop_t *) procfs_badop },
{ &vop_getattr_desc, (vop_t *) procfs_getattr },
{ &vop_inactive_desc, (vop_t *) procfs_inactive },
{ &vop_link_desc, (vop_t *) procfs_badop },
{ &vop_lookup_desc, (vop_t *) procfs_lookup },
{ &vop_mkdir_desc, (vop_t *) procfs_badop },
{ &vop_mknod_desc, (vop_t *) procfs_badop },
{ &vop_open_desc, (vop_t *) procfs_open },
{ &vop_pathconf_desc, (vop_t *) vop_stdpathconf },
{ &vop_print_desc, (vop_t *) procfs_print },
{ &vop_read_desc, (vop_t *) procfs_rw },
{ &vop_readdir_desc, (vop_t *) procfs_readdir },
{ &vop_readlink_desc, (vop_t *) procfs_readlink },
{ &vop_reclaim_desc, (vop_t *) procfs_reclaim },
{ &vop_remove_desc, (vop_t *) procfs_badop },
{ &vop_rename_desc, (vop_t *) procfs_badop },
{ &vop_rmdir_desc, (vop_t *) procfs_badop },
{ &vop_setattr_desc, (vop_t *) procfs_setattr },
{ &vop_symlink_desc, (vop_t *) procfs_badop },
{ &vop_write_desc, (vop_t *) procfs_rw },
{ &vop_ioctl_desc, (vop_t *) procfs_ioctl },
{ NULL, NULL }
1994-05-24 10:09:53 +00:00
};
static struct vnodeopv_desc procfs_vnodeop_opv_desc =
1994-05-24 10:09:53 +00:00
{ &procfs_vnodeop_p, procfs_vnodeop_entries };
VNODEOP_SET(procfs_vnodeop_opv_desc);