Yet-another-update: rename ``kern.prison'' to a new sysctl root entry,
``jail'', and move the set_hostname_allowed sysctl there, as well as fixing a bug in the sysctl that resulted in jails being over-limited (preventing them from reading as well as writing the hostname). Also, correct some formatting issues, courtesy bde :-). Reviewed by: phk Approved by: jkh
This commit is contained in:
Robert Watson
parent
be3448f6ad
commit
83f1e257e0
sys
@ -20,11 +20,20 @@
|
||||
#include <sys/proc.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <net/if.h>
|
||||
#include <netinet/in.h>
|
||||
|
||||
MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
|
||||
|
||||
SYSCTL_NODE(, OID_AUTO, jail, CTLFLAG_RW, 0,
|
||||
"Jail rules");
|
||||
|
||||
int jail_set_hostname_allowed = 1;
|
||||
SYSCTL_INT(_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
|
||||
&jail_set_hostname_allowed, 0,
|
||||
"Processes in jail can set their hostnames");
|
||||
|
||||
int
|
||||
jail(p, uap)
|
||||
struct proc *p;
|
||||
|
||||
@ -77,9 +77,6 @@ SYSCTL_NODE(, CTL_P1003_1B, p1003_1b, CTLFLAG_RW, 0,
|
||||
SYSCTL_NODE(, OID_AUTO, compat, CTLFLAG_RW, 0,
|
||||
"Compatibility code");
|
||||
|
||||
SYSCTL_NODE(_kern, OID_AUTO, prison, CTLFLAG_RW, 0,
|
||||
"Prison rules");
|
||||
|
||||
SYSCTL_STRING(_kern, KERN_OSRELEASE, osrelease, CTLFLAG_RD,
|
||||
osrelease, 0, "Operating system type");
|
||||
|
||||
@ -145,11 +142,6 @@ static char machine_arch[] = MACHINE_ARCH;
|
||||
SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD,
|
||||
machine_arch, 0, "System architecture");
|
||||
|
||||
static int prison_set_hostname_allowed = 1;
|
||||
SYSCTL_INT(_kern_prison, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
|
||||
&prison_set_hostname_allowed, 0,
|
||||
"Processes in prison can set their hostnames");
|
||||
|
||||
char hostname[MAXHOSTNAMELEN];
|
||||
|
||||
static int
|
||||
@ -158,7 +150,7 @@ sysctl_hostname SYSCTL_HANDLER_ARGS
|
||||
int error;
|
||||
|
||||
if (req->p->p_prison) {
|
||||
if (!prison_set_hostname_allowed)
|
||||
if (!jail_set_hostname_allowed && req->newptr)
|
||||
return(EPERM);
|
||||
error = sysctl_handle_string(oidp,
|
||||
req->p->p_prison->pr_host,
|
||||
|
||||
@ -46,7 +46,7 @@ struct prison {
|
||||
/*
|
||||
* Sysctl-set variables that determine global jail policy
|
||||
*/
|
||||
extern int prison_set_hostname_allowed;
|
||||
extern int jail_set_hostname_allowed;
|
||||
|
||||
#endif /* !_KERNEL */
|
||||
#endif /* !_SYS_JAIL_H_ */
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user