Commit Graph

33 Commits

Author SHA1 Message Date
Robert Watson
0309554711 o Introduce kern.suser_permitted, a sysctl that disables the suser_xxx()
returning anything but EPERM.
o suser is enabled by default; once disabled, cannot be reenabled
o To be used in alternative security models where uid0 does not connote
  additional privileges
o Should be noted that uid0 still has some additional powers as it
  owns many important files and executables, so suffers from the same
  fundamental security flaws as securelevels.  This is fixed with
  MAC integrity protection code (in progress)
o Not safe for consumption unless you are *really* sure you don't want
  things like shutdown to work, et al :-)

Obtained from:	TrustedBSD Project
2000-06-05 14:53:55 +00:00
Poul-Henning Kamp
9626b608de Separate the struct bio related stuff out of <sys/buf.h> into
<sys/bio.h>.

<sys/bio.h> is now a prerequisite for <sys/buf.h> but it shall
not be made a nested include according to bdes teachings on the
subject of nested includes.

Diskdrivers and similar stuff below specfs::strategy() should no
longer need to include <sys/buf.> unless they need caching of data.

Still a few bogus uses of struct buf to track down.

Repocopy by:    peter
2000-05-05 09:59:14 +00:00
Poul-Henning Kamp
8c125869a9 Draw the outline of "struct bio".
Struct bio is the future carrier of I/O requests for "struct buf".
2000-04-02 09:26:51 +00:00
Matthew Dillon
db6a426158 The SMP cleanup commit broke UP compiles. Make UP compiles work again. 2000-03-28 18:06:49 +00:00
Robert Watson
83f1e257e0 Yet-another-update: rename ``kern.prison'' to a new sysctl root entry,
``jail'', and move the set_hostname_allowed sysctl there, as well as
fixing a bug in the sysctl that resulted in jails being over-limited
(preventing them from reading as well as writing the hostname).  Also,
correct some formatting issues, courtesy bde :-).

Reviewed by:	phk
Approved by:	jkh
2000-02-12 13:41:56 +00:00
Robert Watson
5bdee2c5d5 Fix sysctl namespace for jail: move the kern.jailcansethostname to
kern.prison.set_hostname_allowed, off of the kern.prison node.  Future
jail twiddles should be placed in this namespace.
2000-02-10 18:51:58 +00:00
Robert Watson
6c144e7521 Introduce a new sysctl, kern.jailcansethostname, which determines whether
or not a process in a jail, with privilege, may set the jail's hostname.
Defaults to 1, which permits this.  May be set to 0 by a process with
appropriate privilege outside of jail.  Preventing hostname renaming
from within a jail is currently required to make jails manageable, as they
a currently identifiable only by hostname using /proc, which may be
modified without this sysctl being set to 0.  This will be documented
in upcoming man commits.

Authorized by:	jkh, the ever-patient
2000-02-10 05:32:03 +00:00
Peter Wemm
d1f088dab5 Trim unused options (or #ifdef for undoc options).
Submitted by:	phk
1999-10-11 15:19:12 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Marcel Moolenaar
c6dfea0ebd Add sysctl variables for the Linuxulator. These reside under `compat.linux' as
discussed on current.

The following variables are defined (for now):

    osname (defaults to "Linux")
        Allow users to change the name of the OS as returned by uname(2),
        specially added for all those Linux Netscape users and statistics
        maniacs :-) We now have what we all wanted!

    osrelease (defaults to "2.2.5")
        Allow users to change the version of the OS as returned by uname(2).
        Since -current supports glibc2.1 now, change the default to 2.2.5
        (was 2.0.36).

    oss_version (defaults to 198144 [0x030600])
        This one will be used by the OSS_GETVERSION ioctl (PR 12917) which I
        can commit now that we have the MIB. The default version number is the
        lowest version possible with the current 'encoding'.

A note about imprisoned processes (see jail(2)):
  These variables are copy-on-write (as suggested by phk). This means that
  imprisoned processes will use the system wide value unless it is written/set
  by the process. From that moment on, a copy local to the prison will be
  used.

A note about the implementation:
  I choose to add a single pointer to struct prison, because I didn't like the
  idea of changing struct prison every time I come up with a new variable. As
  a side effect, the extra storage is only needed when a variable is set from
  within the prison. This also minimizes kernel bloat when the Linuxulator is
  not used; both compiled in or as a module.

Reviewed by: bde (first version only) and phk
1999-08-27 19:47:41 +00:00
Poul-Henning Kamp
0ef1c82630 Decommision miscfs/specfs/specdev.h. Most of it goes into <sys/conf.h>,
a few lines into <sys/vnode.h>.

Add a few fields to struct specinfo, paving the way for the fun part.
1999-08-08 18:43:05 +00:00
Poul-Henning Kamp
d7bf417de7 add debug.sizeof.specinfo 1999-07-20 07:19:32 +00:00
Poul-Henning Kamp
6f13bfc261 Add sysctl tree debug.sizeof to tell us how big things are. First two
entries are struct proc and struct vnode.
1999-07-19 09:13:12 +00:00
Bill Fumerola
3d177f465a Add sysctl descriptions to many SYSCTL_XXXs
PR:		kern/11197
Submitted by:	Adrian Chadd <adrian@FreeBSD.org>
Reviewed by:	billf(spelling/style/minor nits)
Looked at by:	bde(style)
1999-05-03 23:57:32 +00:00
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Matthew Dillon
56319e3a58 Ok, people didn't like kern.conf_dir. Poof, backed out. 1999-01-26 07:37:11 +00:00
Matthew Dillon
b1cba377b0 Add kern.conf_dir sysctl. This is a R+W string used to specify the
directory containing rc.conf.local and rc.local, and possibly other
    things in the future.

    This sysctl is used by the diskless startup code and new rc.conf.  If
    it cannot be found or is empty, the system should revert to using /etc.
1999-01-25 18:26:09 +00:00
KATO Takenori
582e52862a - hw.machine_arch returns cpu architecture type.
- moved definition of MACHINE_ARCH from cpu.h to parm.h as alpha.
- Added definitions of _MACHINE and _MACHINE_ARCH.
- Added hw.ispc98. The hw.ispc98 is 1 in PC98 kernel and is 0 in
  IBM-PC kernel.

Discussed with:	John Birrell <jb@FreeBSD.ORG>
1998-08-31 08:41:58 +00:00
Peter Dufault
8a6472b723 Finish _POSIX_PRIORITY_SCHEDULING. Needs P1003_1B and
_KPOSIX_PRIORITY_SCHEDULING options to work.  Changes:

Change all "posix4" to "p1003_1b".  Misnamed files are left
as "posix4" until I'm told if I can simply delete them and add
new ones;

Add _POSIX_PRIORITY_SCHEDULING system calls for FreeBSD and Linux;

Add man pages for _POSIX_PRIORITY_SCHEDULING system calls;

Add options to LINT;

Minor fixes to P1003_1B code during testing.
1998-03-28 11:51:01 +00:00
Peter Dufault
644d85f4ca Reviewed by: msmith, bde long ago
Fix for RTPRIO scheduler to eliminate invalid context switches.

POSIX.4 headers and sysctl variables.  Nothing should change
unless POSIX4 is defined or _POSIX_VERSION is set to 199309.
1998-03-04 10:25:55 +00:00
Gary Palmer
b3b84d9b17 Make kern.ncpu reports the number of detected processors when running
with a SMP kernel.
1997-12-25 13:14:21 +00:00
David Greenman
916ca17535 kern.maxproc is not writable since there are tables that are statically
sized at startup.
PR: 4675
1997-10-19 18:45:59 +00:00
KATO Takenori
662f9a6987 Move MACHINE_ARCH definition from <machine/param.h> to <machine/cpu.h>.
Submitted by:	Bruce Evans <bde@zeta.org.au>
1997-08-30 02:52:04 +00:00
KATO Takenori
664f85174a Added a sysctl arg, hw.machine_arch. The hw.machine_arch is "ibm-pc"
on IBM-PC box and is "pc-98" on NEC PC-98 box.  Userland program can
distinguish architecture on which the program runs.
1997-08-29 09:03:40 +00:00
Joerg Wunsch
e16ed08126 Don't ever allow lowering the securelevel at all. Allowing it does
nothing good except of opening a can of (potential or real) security
holes.  People maintaining a machine with higher security requirements
need to be on the console anyway, so there's no point in not forcing
them to reboot before starting maintenance.

Agreed by:	hackers, guido
1997-06-25 07:31:47 +00:00
Bruce Evans
4a8b966013 Attach vfs_sysctl() one level lower so that only the levels below
VFS_GENERIC aren't done in the FreeBSD way.  The previous commit
broke the nfs sysctls.
1997-03-04 18:31:56 +00:00
Bruce Evans
3a76a5949b Merged Lite2's vfs_sysctl(). It doesn't fit very well into FreeBSD's
(phk's) sysctl framework, and I needed special code to disambiguate
the VFS_GENERIC node from the VFS_VFSCONF leaf, so I only converted
the leaves to the FreeBSD framework.  The error handling isn't quite
right.  CSRGS's sysctls seem to return ENOTDIR too much and FreeBSD's
sysctls don't agree with the man page.
1997-03-03 12:58:20 +00:00
Peter Wemm
6875d25465 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Bruce Evans
7c1aacb5be Oops, read-only is spelled RD here. 1996-09-28 15:53:30 +00:00
Bruce Evans
501b55314c Fixed bitrot in the read-only attribute:
- kern.maxproc and kern.maxprocperuid were read-only (and thus essentially
  useless.  Apparently no one uses them).
- all the user sysctls were read-write (and thus it was possible for them
  to be inconsistent with the authoritative fixed values in the library).

Removed unused #include.
1996-09-28 15:43:39 +00:00
Garrett Wollman
949f380f38 Rename KERN_DOMAINNAME to KERN_NISDOMAINNAME so that it can't be confused
with a real Domain Name.

Suggested by: Keith Bostic
1996-07-25 18:02:40 +00:00
Poul-Henning Kamp
45ec3b3838 Move the "mib" variables out to their own file. 1996-04-07 13:03:06 +00:00