Commit Graph

1547 Commits

Author SHA1 Message Date
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Joerg Wunsch
a44388523d Mention that you can only create a block or char special file using
mknod(2).
1999-04-28 10:04:48 +00:00
Tim Vanderhoek
e21de373a2 Mention that set-id bits are not honoured for shell scripts and
filesystems with the "nosuid" option.  Mention that syscall tracing
is disabled sometimes.

PR:		misc/11328
1999-04-27 03:56:10 +00:00
Warner Losh
dcb0ae4ed8 More egcs warning fixes:
o use braces to avoid potentially ambiguous else
	o don't default to type int (and also remove a useless register
	  modifier).
	o Use parens around assignment values used as truth values.
	o Remove unused function.

Reviewed by: obrien and chuckr
1999-04-25 22:29:30 +00:00
Wes Peters
aba0410b29 Re-fixed to start at 1969 per the actual Posix requirement. Also
fixed a typo on the man page.
1999-04-25 07:28:39 +00:00
Wes Peters
a00b1d8f7a Bring two-digit years up-to-date with POSIX requirements.
70-00 are intepreted in the 20th century; 01-69 in the
21st century.  (Yes, 2000 is the last year of the 20th
century, not the first year of the 21st.)

Submitted by:	Sergey Babkin <babkin@bellatlantic.net>
1999-04-25 01:42:18 +00:00
Poul-Henning Kamp
00c7dcf63e Add missing strings.
PR:		11285
Submitted by:	Chris Costello <chris@calldei.com>
Reviewed by:	phk
1999-04-24 18:28:24 +00:00
Warner Losh
6d34f07c9d Fix all the mipseb Makefiles. They were broken when I checked them in
before.

Added SYS.h for mipseb and mipsel.

I now get part way through building libc in the cross environment that
I have (along with pending mipse[bl] changes to the intree egcs) with
these changes.
1999-04-22 07:16:11 +00:00
John Polstra
6d30b16752 Back out my change from 6 April PDT that added a new dlversion()
function.  It was an ill-considered feature.  It didn't solve the
problem I wanted it to solve.   And it added Yet Another Version
Number that would have to be maintained at every release point.
I'm nuking it now before anybody grows too fond of it.
1999-04-22 01:54:38 +00:00
Guy Helmer
ec407dbb0d Revise for KLD's.
Prompted-By:	Nathan Ahlstrom <nrahlstr@winternet.com>
1999-04-20 20:36:36 +00:00
Peter Wemm
f4e6d58dca vfsload maps into kldload only now, no more fork/exec of modload(8). 1999-04-19 14:28:45 +00:00
Dmitrij Tejblum
88874fcfe6 Document pread() and pwrite().
Obtained from:	NetBSD (mostly)
1999-04-11 21:14:40 +00:00
Nik Clayton
3ef0a1c27c Contains the para
Unlike other filesystem objects, symbolic links do not have an owner,
  group, access mode, times, etc.  Instead, these attributes are taken from
  the directory that contains the link.  The only attributes returned from
  an lstat() that refer to the symbolic link itself are the file type
  (S_IFLNK), size, blocks, and link count (always 1).

This is bogus, and disagrees with the implementation and symlink(7).

Removed it.

PR:		docs/10269
Submitted by:	Tolik <tolik@sibptus.tomsk.ru>
1999-04-10 20:49:27 +00:00
Warner Losh
26ba999e7e Various language and style concerns fixed.
Noted by: bde
1999-04-09 18:26:46 +00:00
Bruce Evans
1dc547e7a9 Fixed missing include in synopsis.
Fixed some mdoc usage errors.
1999-04-09 14:31:59 +00:00
John Polstra
a35ed6d00d Add manpage link for dlversion(3). 1999-04-07 02:59:47 +00:00
John Polstra
14f5fa0596 Add a new function dlversion() which returns the version number of
the dynamic linker in the same form as __FreeBSD_version.  This is
mainly intended for checking the dynamic linker version during a make
world.
1999-04-07 02:43:11 +00:00
Bruce Evans
940b0c98ca Fixed disordering in previous 2 commits. Fixed an English error. 1999-04-05 07:38:07 +00:00
Dmitrij Tejblum
1b30ac5124 Add wrappers for pread and pwrite syscalls. 1999-04-04 21:46:24 +00:00
Warner Losh
2ee878400e Add mkstemps to the man page, and create a link for it.
Obtained from: OpenBSD
Poked in the eye about committing new functions without a manpage: obrien
1999-04-04 21:15:37 +00:00
Warner Losh
06b6a8ab98 Add mkstemps from OpenBSD. This has been in my tree for months and
hasn't caused any problems until the egcs import.  This fix breaks the
world build, but my very next commit will remove mkstemps from the
egcs build.
1999-04-04 20:28:04 +00:00
Doug Rabson
67022433f8 Manpages for the KLD system calls.
PR:		docs/10412
Submitted by:	Chris Costello <chris@calldei.com>
1999-04-04 12:29:31 +00:00
John Polstra
07963c8cbf Fix a macro name typo that made a word disappear. 1999-04-03 22:47:25 +00:00
Poul-Henning Kamp
5b26e84968 Disable the "Hint" option in phkmalloc as default. Recent VM system
changes have made this too expensive.  This gains about 1.25% on
worldstone on my SMP machine.

Swap-less machines, for instance PicoBSDs, and machines which experience
page-out trafic, check with top(1), will probably want to reenable this
with:
	ln -s H /etc/malloc.conf

Suggested by: alc (&dyson ?)
1999-03-28 14:16:05 +00:00
Dag-Erling Smørgrav
9b030d1073 Partial fix for the forking problem: if we can't access the master maps,
try again with the unrestricted map.

PR:		bin/10821
1999-03-27 21:51:33 +00:00
Doug Rabson
a02290da19 Rename when building libc_r. 1999-03-25 18:43:17 +00:00
Peter Wemm
5fe5a4dd73 Fix a (relatively harmless) braino. I confused myself over the for() loop
that counted the number of elements in argv.  The counter is incremented
in the next-iteration section of the loop, not the body, so at termination
it's already "counted" the element that failed the continuation test - in
this case the NULL argv terminator.

Noted by:  bde
1999-03-24 02:43:05 +00:00
Peter Wemm
ce04fea445 Remove last remaining references to malloc/realloc and functions that
call them.  All the execX() libc functions should be vfork() safe now.
Specifically:
- execlp() does the argument count-and-build into a vector from alloca
    (like the others) - buildargv() is no longer used (and gone).
- execvp() uses alloca/strcpy rather than strdup().
- the ENOEXEC handler uses alloca rather than malloc.
- a couple of free() calls removed - alloca works on the local stack and
    the allocations are freed on function exit (which is why buildargv
    wasn't useful - it's alloca() context would disappear on return).
Along the way:
- If alloca() fails (can it?), set errno = ENOMEM explicitly.
- The ENOEXEC recovery routine that trys again with /bin/sh appeared to
    not be terminating the new argv[] array for /bin/sh, allowing it to
    walk off the end of the list.

I dithered a bit about using alloca() even more as it's most commonly
associated with gcc.  However, standalone portable (using malloc) and
machine-specific assembler alloca implementations appear to be available
on just about all the architectures we're likely to want to port to.
alloca will be the least of our problems if ever going to another compiler.
1999-03-23 16:40:34 +00:00
Poul-Henning Kamp
cc7532aaf0 Add a sysctl variable which can help stop chroot(2) escapes.
kern.chroot_allow_open_directories = 0
	chroot(2) fails if there are open directories.

kern.chroot_allow_open_directories = 1 (default)
	chroot(2) fails if there are open directories and the process
	is subject of a previous chroot(2).

kern.chroot_allow_open_directories = anything else
	filedescriptors are not checked.  (old behaviour).

I'm very interested in reports about software which breaks when
running with the default setting.
1999-03-23 14:26:40 +00:00
Joseph Koshy
f5a7833449 Typo fix.
PR:		docs/10733
Submitted by:	Steve Coltrin <spcoltri@io.com>
1999-03-23 05:01:11 +00:00
Warner Losh
43b4fd733d Don't be so selective about which errors cause us to continue and
which ones cause us to fail.  Now all open errors on the databse file
will cause the next file in the list to be tried.

Submitted by: Arne Henrik Juul <arnej@math.ntnu.no>
PR: 4585
1999-03-21 03:45:58 +00:00
Alexander Langer
ee28fadec0 EACESS -> EACCES 1999-03-15 00:14:57 +00:00
Doug Rabson
93263596ac Add support for long long modifier (e.g. %llx, %lld).
Reviewed by: bde
1999-03-11 22:44:02 +00:00
Ollivier Robert
1e06f30845 PID_MAX is now 99999.
PR:		docs/10530
Submitted by:	Ben Smithurst <ben@scientia.demon.co.uk>
1999-03-10 20:55:23 +00:00
Guy Helmer
6e6019dc13 Explain ENXIO error status with respect to fifos.
PR:		docs/8559
1999-03-07 18:45:35 +00:00
Bruce Evans
6da7e7c6fb Don't bogotify the synopsis by attempting to describe err_set_file() there.
Fixed some disorder.
1999-03-05 15:36:23 +00:00
Alexander Langer
1f34b7f3f8 Fixed references to unmount(2) specified as umount.
Submitted by:	Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
		via OpenBSD
1999-03-05 15:16:31 +00:00
Bruce Evans
dcf01d60ba Fixed disordering and incoinsistent style in previous commit. 1999-03-05 13:01:22 +00:00
Bruce Evans
b300c1d8f9 The pseudocode in the synopsis didn't come close to actually
compiling, since <stdio.h> correctly doesn't declare off_t although
the pseudo-prototypes for the new fseeko() and ftello() functions
use it.  Handle this like the corresponding problem for va_list
versus the vprintf() family.

Fixed some English errors.
1999-03-05 12:56:37 +00:00
Bruce Evans
12d9948ac8 Don't use undocumented markup "{}". Use 32767 instead of LINK_MAX to
give bug for bug compatibility with intro.2.
1999-03-05 10:39:50 +00:00
Bruce Evans
07799a2af1 Backed out most of rev.1.4. I didn't submit it; I only submitted a
request for it something like it.  It was poorly worded and too
far from both POSIX wording and normal (mal)practice by referring to
sysconf(_SC_NGROUPS_MAX) instead of {NGROUPS_MAX} or NGROUPS.  POSIX.1
uses curly braces to mark up "symbolic constants or limits [that may
be] defined in certain headers".  Since we don't document this markup,
don't use it.  Just use NGROUPS_MAX.
1999-03-05 10:29:34 +00:00
Poul-Henning Kamp
c40956e25d Use sysctlbyname() instead of sysctl(). 1999-03-05 10:01:24 +00:00
Bruce Evans
5d57729b8a Forgot to add $Id$ and change date in previous commit. 1999-03-05 09:44:59 +00:00
Bruce Evans
abd022381d Changed the type of quotactl()'s 4th arg from char *' to void *'
so that non-sloppy applications can call it without using disgusting
casts to avoid warnings.  The 4th arg is sort of varargs -- it must
sometimes represent a filename, sometimes a struct pointer, and is
sometimes unused.  The arg type is still caddr_t in the kernel.

Obtained from:	mostly from NetBSD
1999-03-05 09:28:33 +00:00
Warner Losh
4afab83f7d These were missing from the previous commit. 1999-03-03 07:08:03 +00:00
Warner Losh
d7ee48f115 Bring in initial libc support for mips. These files were taken from
the OpenBSD tree and should be considered preliminary.  They are here
to facilitate building of the tree.
1999-03-03 07:06:17 +00:00
Guy Helmer
6e062fe1b7 Correct synopsys: getsubopt is declared in unistd.h, not stdlib.h.
PR:		docs/9376
1999-03-02 02:35:57 +00:00
Guy Helmer
42b47d96f0 Mention that getservbyport requires its port parameter to be in
network byte order.

PR:		docs/9376
1999-03-02 02:34:23 +00:00
Guy Helmer
2704b2cb2b Corrected use of backslash escaping in sample code.
PR:		docs/10284
Submitted by:	Alfred Perlstein <bright@cygnus.rush.net>
1999-02-27 00:54:40 +00:00
Tim Vanderhoek
654b249ced Decapitalize function name by prepending with word "The".
PR:		docs/10247
1999-02-26 01:28:06 +00:00