d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Remove the prison flags PR_IP4_DISABLE and PR_IP6_DISABLE, which have been

Browse Source 
write-only for as long as they've existed.
This commit is contained in:
Jamie Gritton 2015-01-14 04:50:28 +00:00
parent 0e5e396ede
commit 6a3f277901
2 changed files with 10 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
sys/kern/kern_jail.c
View File

@ -187,10 +187,10 @@ struct jailsys_flags {
{ "vnet", 0, PR_VNET },
#endif
#ifdef INET
{ "ip4", PR_IP4_USER | PR_IP4_DISABLE, PR_IP4_USER },
{ "ip4", PR_IP4_USER, PR_IP4_USER },
#endif
#ifdef INET6
{ "ip6", PR_IP6_USER | PR_IP6_DISABLE, PR_IP6_USER },
{ "ip6", PR_IP6_USER, PR_IP6_USER },
#endif
};
const size_t pr_flag_jailsys_size = sizeof(pr_flag_jailsys);
@ -807,11 +807,9 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
error = EINVAL;
goto done_free;
} else {
ch_flags |= PR_IP4_USER | PR_IP4_DISABLE;
if (ip4s == 0)
pr_flags |= PR_IP4_USER | PR_IP4_DISABLE;
else {
pr_flags = (pr_flags & ~PR_IP4_DISABLE) | PR_IP4_USER;
ch_flags |= PR_IP4_USER;
pr_flags |= PR_IP4_USER;
if (ip4s > 0) {
ip4s /= sizeof(*ip4);
if (ip4s > jail_max_af_ips) {
error = EINVAL;
@ -865,11 +863,9 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
error = EINVAL;
goto done_free;
} else {
ch_flags |= PR_IP6_USER | PR_IP6_DISABLE;
if (ip6s == 0)
pr_flags |= PR_IP6_USER | PR_IP6_DISABLE;
else {
pr_flags = (pr_flags & ~PR_IP6_DISABLE) | PR_IP6_USER;
ch_flags |= PR_IP6_USER;
pr_flags |= PR_IP6_USER;
if (ip6s > 0) {
ip6s /= sizeof(*ip6);
if (ip6s > jail_max_af_ips) {
error = EINVAL;
@ -1249,8 +1245,7 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
{
#ifdef INET
if (!(ch_flags & PR_IP4_USER))
pr->pr_flags |=
PR_IP4 | PR_IP4_USER | PR_IP4_DISABLE;
pr->pr_flags |= PR_IP4 | PR_IP4_USER;
else if (!(pr_flags & PR_IP4_USER)) {
pr->pr_flags |= ppr->pr_flags & PR_IP4;
if (ppr->pr_ip4 != NULL) {
@ -1265,8 +1260,7 @@ kern_jail_set(struct thread *td, struct uio *optuio, int flags)
#endif
#ifdef INET6
if (!(ch_flags & PR_IP6_USER))
pr->pr_flags |=
PR_IP6 | PR_IP6_USER | PR_IP6_DISABLE;
pr->pr_flags |= PR_IP6 | PR_IP6_USER;
else if (!(pr_flags & PR_IP6_USER)) {
pr->pr_flags |= ppr->pr_flags & PR_IP6;
if (ppr->pr_ip6 != NULL) {
@ -2724,7 +2718,6 @@ prison_restrict_ip4(struct prison *pr, struct in_addr *newip4)
}
}
if (pr->pr_ip4s == 0) {
pr->pr_flags |= PR_IP4_DISABLE;
free(pr->pr_ip4, M_PRISON);
pr->pr_ip4 = NULL;
}
@ -3065,7 +3058,6 @@ prison_restrict_ip6(struct prison *pr, struct in6_addr *newip6)
}
}
if (pr->pr_ip6s == 0) {
pr->pr_flags |= PR_IP6_DISABLE;
free(pr->pr_ip6, M_PRISON);
pr->pr_ip6 = NULL;
}

2
sys/sys/jail.h
View File

@ -201,8 +201,6 @@ struct prison_racct {
#define PR_IP4_USER 0x00000004 /* Restrict IPv4 addresses */
#define PR_IP6_USER 0x00000008 /* Restrict IPv6 addresses */
#define PR_VNET 0x00000010 /* Virtual network stack */
#define PR_IP4_DISABLE 0x00000020 /* Disable IPv4 */
#define PR_IP6_DISABLE 0x00000040 /* Disable IPv6 */
#define PR_IP4_SADDRSEL 0x00000080 /* Do IPv4 src addr sel. or use the */
/* primary jail address. */
#define PR_IP6_SADDRSEL 0x00000100 /* Do IPv6 src addr sel. or use the */