d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduce a new sysctl, kern.jailcansethostname, which determines whether

Browse Source 
or not a process in a jail, with privilege, may set the jail's hostname.
Defaults to 1, which permits this.  May be set to 0 by a process with
appropriate privilege outside of jail.  Preventing hostname renaming
from within a jail is currently required to make jails manageable, as they
a currently identifiable only by hostname using /proc, which may be
modified without this sysctl being set to 0.  This will be documented
in upcoming man commits.

Authorized by:	jkh, the ever-patient
This commit is contained in:
Robert Watson 2000-02-10 05:32:03 +00:00
parent 0decb68047
commit 6c144e7521
2 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sys/kern/kern_mib.c
View File

@ -145,6 +145,11 @@ static char machine_arch[] = MACHINE_ARCH;
SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD, SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD,
machine_arch, 0, "System architecture"); machine_arch, 0, "System architecture");
static int jailcansethostname=1;
SYSCTL_INT(_kern, KERN_JAILCANSETHOSTNAME, jailcansethostname,
CTLFLAG_RW, &jailcansethostname, 0,
"Jail can set its hostname");
char hostname[MAXHOSTNAMELEN]; char hostname[MAXHOSTNAMELEN];
static int static int
@ -152,11 +157,13 @@ sysctl_hostname SYSCTL_HANDLER_ARGS
{ {
int error; int error;
if (req->p->p_prison) if (req->p->p_prison) {
if (!jailcansethostname)
return(EPERM);
error = sysctl_handle_string(oidp, error = sysctl_handle_string(oidp,
req->p->p_prison->pr_host, req->p->p_prison->pr_host,
sizeof req->p->p_prison->pr_host, req); sizeof req->p->p_prison->pr_host, req);
else } else
error = sysctl_handle_string(oidp, error = sysctl_handle_string(oidp,
hostname, sizeof hostname, req); hostname, sizeof hostname, req);
return (error); return (error);

4
sys/sys/sysctl.h
View File

@ -260,7 +260,8 @@ void sysctl_unregister_oid(struct sysctl_oid *oidp);
#define KERN_PS_STRINGS 32 /* int: address of PS_STRINGS */ #define KERN_PS_STRINGS 32 /* int: address of PS_STRINGS */
#define KERN_USRSTACK 33 /* int: address of USRSTACK */ #define KERN_USRSTACK 33 /* int: address of USRSTACK */
#define KERN_LOGSIGEXIT 34 /* int: do we log sigexit procs? */ #define KERN_LOGSIGEXIT 34 /* int: do we log sigexit procs? */
#define KERN_MAXID 35 /* number of valid kern ids */ #define KERN_JAILCANSETHOSTNAME 35 /* int: jailed p can set hostname */
#define KERN_MAXID 36 /* number of valid kern ids */
#define CTL_KERN_NAMES { \ #define CTL_KERN_NAMES { \
{ 0, 0 }, \ { 0, 0 }, \
@ -298,6 +299,7 @@ void sysctl_unregister_oid(struct sysctl_oid *oidp);
{ "ps_strings", CTLTYPE_INT }, \ { "ps_strings", CTLTYPE_INT }, \
{ "usrstack", CTLTYPE_INT }, \ { "usrstack", CTLTYPE_INT }, \
{ "logsigexit", CTLTYPE_INT }, \ { "logsigexit", CTLTYPE_INT }, \
{ "jailcansethostname", CTLTYPE_INT }, \
} }
/* /*