Commit Graph

406 Commits

Author SHA1 Message Date
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Poul-Henning Kamp
1c308b817a Change suser_xxx() to suser() where it applies. 1999-04-27 12:21:16 +00:00
Poul-Henning Kamp
f711d546d2 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
Julian Elischer
8d17e69460 Catch a case spotted by Tor where files mmapped could leave garbage in the
unallocated parts of the last page when the file ended on a frag
but not a page boundary.
Delimitted by tags PRE_MATT_MMAP_EOF and POST_MATT_MMAP_EOF,
in files alpha/alpha/pmap.c i386/i386/pmap.c nfs/nfs_bio.c vm/pmap.h
    vm/vm_page.c vm/vm_page.h vm/vnode_pager.c miscfs/specfs/spec_vnops.c
    ufs/ufs/ufs_readwrite.c kern/vfs_bio.c

Submitted by: Matt Dillon <dillon@freebsd.org>
Reviewed by: Alan Cox <alc@freebsd.org>
1999-04-05 19:38:30 +00:00
Warner Losh
ba1602a8ed Don't allow anyone except root to mount file systems that map uids.
This can have bad security implications, but the impact on FreeBSD
systems is minimal because this fs isn't in the default kernels and it
is unknown if it even works.

Submitted by: Manuel Bouyer <bouyer@antioche.eu.org> and
	Artur Grabowski <art@stacken.kth.se>
1999-03-12 19:40:39 +00:00
Peter Wemm
a32cf1f06d This code got moved as a result of confusion between union mounts and
unionfs.  Julian has already revived the union mount part of this move
in vfs_syscalls.c rev 1.119, but forgot to take it out of here.
1999-02-28 16:13:25 +00:00
Bruce Evans
a7b9d8fe6b Added a used #include (don't depend on "vnode_if.h" including <sys/buf.h>). 1999-02-25 16:06:51 +00:00
Matthew Dillon
155f87daf2 Reviewed by: Julian Elischer <julian@whistle.com>
Add d_parms() to {c,b}devsw[].  If non-NULL this function points to
    a device routine that will properly fill in the specinfo structure.
    vfs_subr.c's checkalias() supplies appropriate defaults.  This change
    should be fully backwards compatible with existing devices.
1999-02-25 05:22:30 +00:00
Luoqi Chen
b1028ad122 Hide access to vmspace:vm_pmap with inline function vmspace_pmap(). This
is the preparation step for moving pmap storage out of vmspace proper.

Reviewed by:	Alan Cox	<alc@cs.rice.edu>
		Matthew Dillion	<dillon@apollo.backplane.com>
1999-02-19 14:25:37 +00:00
Matthew Dillon
9fdfe602fc Remove MAP_ENTRY_IS_A_MAP 'share' maps. These maps were once used to
attempt to optimize forks but were essentially given-up on due to
    problems and replaced with an explicit dup of the vm_map_entry structure.
    Prior to the removal, they were entirely unused.
1999-02-07 21:48:23 +00:00
John Polstra
b7429e253a Correct a format mismatch on 64-bit architectures. This should
fix the erroneous values in the procfs "map" file on the Alpha.
1999-02-05 06:18:54 +00:00
Matthew Dillon
8aef171243 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-28 00:57:57 +00:00
Matthew Dillon
7191deb01e Fix but in devfs_strategy(). Switch cases were falling through
instead of breaking out, so a VCHR devices would run the VCHR
    routine and then fall through and run the VBLK routine.  Fixed.
1999-01-27 23:49:45 +00:00
Matthew Dillon
831a80b0d5 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 22:42:27 +00:00
Matthew Dillon
1c7c3c6a86 This is a rather large commit that encompasses the new swapper,
changes to the VM system to support the new swapper, VM bug
    fixes, several VM optimizations, and some additional revamping of the
    VM code.  The specific bug fixes will be documented with additional
    forced commits.  This commit is somewhat rough in regards to code
    cleanup issues.

Reviewed by:	"John S. Dyson" <root@dyson.iquest.net>, "David Greenman" <dg@root.com>
1999-01-21 08:29:12 +00:00
Eivind Eklund
ea2e827716 Remove declarations for undefined functions and a couple of unused
enotsupp implementations.
1999-01-12 11:49:30 +00:00
Peter Wemm
75ba77578f A partial implementation of the procfs cmdline pseudo-file. This
is enough to satisfy things like StarOffice.  This is a hack, but doing
it properly would be a LOT of work, and would require extensive grovelling
around in the user address space to find the argv[].

Obtained from: Mostly from Andrzej Bialecki <abial@nask.pl>.
1999-01-05 03:53:06 +00:00
Bruce Evans
f2aed91b48 Made this compile if UMAPFS_DIAGNOSTIC is defined. This has been broken
since before rev.1.1, so UMAPFS_DIAGNOSTIC should not be trusted.
UMAPFS_DIAGNOSTIC is commented out in LINT to hide various bugs.
1999-01-01 10:14:37 +00:00
Eivind Eklund
e910d98670 Fix possible NULL-pointer deref in error case (same as DEVFS). 1998-12-16 00:10:51 +00:00
Eivind Eklund
af00b35dfe Avoid NULL-pointer dereference on error condition. 1998-12-15 23:46:59 +00:00
Matthew Dillon
27ed09c2f0 Cleanup uninitialized-possibly-used (but really not) warnings 1998-12-14 05:00:59 +00:00
Eivind Eklund
2ae353f9a7 Rename one of the two devfs_link's to devfs_makelink. 1998-12-10 19:57:01 +00:00
Archie Cobbs
f1d19042b0 The "easy" fixes for compiling the kernel -Wunused: remove unreferenced static
and local variables, goto labels, and functions declared but not defined.
1998-12-07 21:58:50 +00:00
Eivind Eklund
c598db2204 '\0' is the most ugly NULL pointer constant I've ever seen in real code. 1998-12-07 02:47:46 +00:00
Archie Cobbs
2127f26023 Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.

These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.

Reviewed by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	Mike Spengler <mks@networkcs.com>
1998-12-04 22:54:57 +00:00
Eivind Eklund
9fcdafaefc Staticize. 1998-11-26 18:50:24 +00:00
Bruce Evans
1e1c37f1cd Return ENOTTY instead of EBADF for ioctls on dead vnodes. This fixes
tcsetpgrp() on controlling terminals that are no longer associated
with the session of the calling process, not to mention ioctl.2.
1998-11-22 09:19:07 +00:00
Bruce Evans
c25ded316f Finished updating module event handlers to be compatible with
modeventhand_t.
1998-11-15 15:33:52 +00:00
Peter Wemm
5187e87901 "fix" a warning that has been bugging me for ages. Eliminate a couple
of temporary variables since they are only used once and their types
were the cause of the warnings.
1998-11-09 09:21:25 +00:00
Peter Wemm
497e02e364 Delete stray extern declaration for non-existing variables. 1998-11-09 07:03:04 +00:00
Peter Wemm
8c14bf40a1 Change the #ifdef UNION code into a callable hook. Arrange to have this
set up when unionfs is present, either statically or as a kld module.
1998-11-03 08:01:48 +00:00
Peter Wemm
40c8cfe552 Use TAILQ macros for clean/dirty block list processing. Set b_xflags
rather than abusing the list next pointer with a magic number.
1998-10-31 15:31:29 +00:00
David Greenman
730075613a Added a second argument, "activate" to the vm_page_unwire() call so that
the caller can select either inactive or active queue to put the page on.
1998-10-28 13:37:02 +00:00
Bruce Evans
569555b969 Removed redundant bitrotted checks for major numbers instead of updating
them.
1998-10-26 08:53:13 +00:00
Søren Schmidt
4d075b334c Make devfs update the atime timestamp so that 'w' works when using
options DEVFS.
1998-09-30 20:33:46 +00:00
Poul-Henning Kamp
649c00db71 various nits that didn't make it through the brucefilter. 1998-09-12 20:21:54 +00:00
Bruce Evans
9754189a91 Oops, don't assume that the environment is normal in devfs_mount().
It isn't for the hidden mountpoint.  The static vfs's haven't been
attached then, so mp->mnt_vfc can't be valid.
1998-09-08 16:59:37 +00:00
Bruce Evans
8994ca3ce9 Removed statically configured mount type numbers (MOUNT_*) and all
references to them.

The change a couple of days ago to ignore these numbers in statically
configured vfsconf structs was slightly premature because the cd9660,
cfs, devfs, ext2fs, nfs vfs's still used MOUNT_* instead of the number
in their vfsconf struct.
1998-09-07 13:17:06 +00:00
Poul-Henning Kamp
0375c9f2b8 Add a new vnode op, VOP_FREEBLKS(), which filesystems can use to inform
device drivers about sectors no longer in use.

Device-drivers receive the call through d_strategy, if they have
D_CANFREE in d_flags.

This allows flash based devices to erase the sectors and avoid
pointlessly carrying them around in compactions.

Reviewed by:	Kirk Mckusick, bde
Sponsored by:	M-Systems (www.m-sys.com)
1998-09-05 14:13:12 +00:00
Doug Rabson
e69763a315 Cosmetic changes to the PAGE_XXX macros to make them consistent with
the other objects in vm.
1998-09-04 08:06:57 +00:00
Poul-Henning Kamp
a9ea5c0c51 sort the prototypes 1998-08-25 17:48:54 +00:00
Poul-Henning Kamp
07fe032454 Last commit managed to get mangled somehow. 1998-08-24 18:23:18 +00:00
Poul-Henning Kamp
1d9b3ba13d Remove the last remaining evidence of B_TAPE.
Reclaim 3 unused bits in b_flags
1998-08-24 17:47:25 +00:00
Bruce Evans
4e9a89772a Enabled Lite2 fix for reading from dead ttys. 1998-08-23 11:43:29 +00:00
Bruce Evans
86a14a7a0a Use [u]intptr_t instead of [u_]long for casts between pointers and
integers.  Don't forget to cast to (void *) as well.
1998-08-16 01:21:52 +00:00
Bruce Evans
89785a1654 Fixed printf format errors. 1998-07-30 17:40:45 +00:00
Alexander Langer
f35f7d0dfd Style fixes and a bug fix: don't remove the exit handler if unmount
fails.

Submitted by:	bde
1998-07-27 22:47:17 +00:00
Alexander Langer
3f47ee5c4d A better solution to the rm_at_exit problem: Register the exit function
during first mount.  Unregister the exit function at last unmount.

Concept by:	sef
Reviewed by:	sef
Implemented by:	alex
1998-07-27 01:07:01 +00:00
Alexander Langer
ca2be56ff9 Override the default VFS LKM dispatch functions so that a module
unload function can be provided (this is necessary to unregister
the at_exit handler).
1998-07-25 15:52:44 +00:00
Bruce Evans
15c7382561 Cast pointers to [u]intptr_t instead of to [unsigned] long. 1998-07-15 04:17:55 +00:00