freebsd-nq/sys/security
Jamie Gritton 0304c73163 Add hierarchical jails. A jail may further virtualize its environment
by creating a child jail, which is visible to that jail and to any
parent jails.  Child jails may be restricted more than their parents,
but never less.  Jail names reflect this hierarchy, being MIB-style
dot-separated strings.

Every thread now points to a jail, the default being prison0, which
contains information about the physical system.  Prison0's root
directory is the same as rootvnode; its hostname is the same as the
global hostname, and its securelevel replaces the global securelevel.
Note that the variable "securelevel" has actually gone away, which
should not cause any problems for code that properly uses
securelevel_gt() and securelevel_ge().

Some jail-related permissions that were kept in global variables and
set via sysctls are now per-jail settings.  The sysctls still exist for
backward compatibility, used only by the now-deprecated jail(2) system
call.

Approved by:	bz (mentor)
2009-05-27 14:11:23 +00:00
..
audit Remove the thread argument from the FSD (File-System Dependent) parts of 2009-05-11 15:33:26 +00:00
mac Convert the MAC Framework from using rwlocks to rmlocks to stabilize 2009-05-27 09:41:58 +00:00
mac_biba Get rid of VSTAT and replace it with VSTAT_PERMS, which is somewhat 2009-03-29 17:45:48 +00:00
mac_bsdextended Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
mac_ifoff Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_lomac Remove 'uio' argument from MAC Framework and MAC policy entry points for 2009-03-08 12:32:06 +00:00
mac_mls Get rid of VSTAT and replace it with VSTAT_PERMS, which is somewhat 2009-03-29 17:45:48 +00:00
mac_none Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_partition Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_portacl - Correct logic in if statement - we want to allocate temporary buffer 2009-03-14 20:40:06 +00:00
mac_seeotheruids Rather than having MAC policies explicitly declare what object types 2009-01-10 10:58:41 +00:00
mac_stub Remove 'uio' argument from MAC Framework and MAC policy entry points for 2009-03-08 12:32:06 +00:00
mac_test Remove 'uio' argument from MAC Framework and MAC policy entry points for 2009-03-08 12:32:06 +00:00