Commit Graph

2292 Commits

Author SHA1 Message Date
phk
ca21a25f17 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
phk
58c42d9a16 Add the jail system call. 1999-04-28 11:28:49 +00:00
dt
ba8c622703 s/static foo_devsw_installed = 0;/static int foo_devsw_installed;/.
(Edited automatically)
1999-04-28 10:54:24 +00:00
luoqi
af7e9be5cc Enable vmspace sharing on SMP. Major changes are,
- %fs register is added to trapframe and saved/restored upon kernel entry/exit.
- Per-cpu pages are no longer mapped at the same virtual address.
- Each cpu now has a separate gdt selector table. A new segment selector
  is added to point to per-cpu pages, per-cpu global variables are now
  accessed through this new selector (%fs). The selectors in gdt table are
  rearranged for cache line optimization.
- fask_vfork is now on as default for both UP and SMP.
- Some aio code cleanup.

Reviewed by:	Alan Cox	<alc@cs.rice.edu>
		John Dyson	<dyson@iquest.net>
		Julian Elischer	<julian@whistel.com>
		Bruce Evans	<bde@zeta.org.au>
		David Greenman	<dg@root.com>
1999-04-28 01:04:33 +00:00
phk
c85ea5017c Change suser_xxx() to suser() where it applies. 1999-04-27 12:21:16 +00:00
phk
16e3fbd2c1 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
peter
fb89c43e31 Register the local (unix domain) sockets ourselves. 1999-04-26 08:56:53 +00:00
peter
71a85450ac Redo domain registration to use SYSINITS rather than linker sets.
Get rid of the spl wrapper kludge, it doesn't seem to be needed between
init calls since all that's running is the domain/protocol timers and they
are safe since domain list modifications are splnet() protected (which
blocks the timers)
1999-04-26 08:56:09 +00:00
peter
107cc59b36 Fix a very long standing bug in run_interrupt_driven_config_hooks(). It
was fetching the next pointer from memory that could have been free()'d.
1999-04-25 22:13:34 +00:00
phk
9944adfa60 Make the machdep.i8254_freq and machdep.tsc_freq sysctls modify the
timecounter as well

Asked for by:	bde, jhay
1999-04-25 09:00:00 +00:00
dt
3843abdc03 Fixed printf format errors on alpha. 1999-04-24 18:50:48 +00:00
ache
cfd84c8eac Lite2 bugfixes merge:
so_linger is in seconds, not in 1/HZ
range checking in SO_*TIMEO was wrong

PR: 11252
1999-04-24 18:22:34 +00:00
phk
711d7d880d Fix a braino in the v_id wraparound code. Give more (current) details
in comment.

PR:		11307
Spotted by:	Ville-Pertti Keinonen <will@iki.fi>
1999-04-24 17:58:14 +00:00
dt
f84bfd9862 Use pointer arithmetic to do pointer arithmetic. 1999-04-24 11:25:01 +00:00
sada
b77bb336f9 The function msgrcv() could copy larger data than it should do
under some circumstances.
PR:		kern/10765
Submitted by:	Yasuhito FUTATSUKI <futatuki@fureai.or.jp>
1999-04-21 13:30:01 +00:00
peter
fa628c268c Stage 1 of a cleanup of the i386 interrupt registration mechanism.
Interrupts under the new scheme are managed by the i386 nexus with the
awareness of the resource manager.  There is further room for optimizing
the interfaces still.  All the users of register_intr()/intr_create()
should be gone, with the exception of pcic and i386/isa/clock.c.
1999-04-21 07:26:30 +00:00
alc
a58e3203d4 Address several problems in vn_read and vn_write:
1. Make read-ahead work for pread and aio_read.

2. Fix one place where a comparison of uio_offset with -1
   wasn't updated to use FOF_OFFSET.

3. Honor O_APPEND in the FOF_OFFSET case.

In addition, use the variable name "ioflag" in both vn_read and
vn_write to avoid possible confusion between the variable "flag"
and the parameter "flags".

Submitted by:	Bruce Evans <bde@zeta.org.au> and me
1999-04-21 05:56:45 +00:00
des
d3e9d9a7c3 Make the location of init(8) tunable at boot time. 1999-04-20 21:15:13 +00:00
peter
336f21c48d GC some stray debugging printf()s... 1999-04-19 19:39:08 +00:00
peter
725616780f Zap LKM option and support. Farewell old friend. 1999-04-19 14:19:52 +00:00
peter
a74bdeb7d1 unifdef -DVM_STACK - it's been on for a while for x86 and was checked
and appeared to be working for the Alpha some time ago.
1999-04-19 14:14:14 +00:00
peter
c5665d9c0e GC some unused code. 1999-04-17 09:12:35 +00:00
peter
b5e9563d84 Well folks, this is it - The second stage of the removal for build support
for LKM's..
1999-04-17 08:36:07 +00:00
peter
087d4857e5 Bring the 'new-bus' to the i386. This extensively changes the way the
i386 platform boots, it is no longer ISA-centric, and is fully dynamic.
Most old drivers compile and run without modification via 'compatability
shims' to enable a smoother transition.  eisa, isapnp and pccard* are
not yet using the new resource manager.  Once fully converted, all drivers
will be loadable, including PCI and ISA.

(Some other changes appear to have snuck in, including a port of Soren's
 ATA driver to the Alpha.  Soren, back this out if you need to.)

This is a checkpoint of work-in-progress, but is quite functional.

The bulk of the work was done over the last few years by Doug Rabson and
Garrett Wollman.

Approved by:	core
1999-04-16 21:22:55 +00:00
dt
490abdf54d getnewbuf(): check return value from tsleep(). Interruptible NFS may pass
PCATCH to slpflag.
1999-04-14 18:51:52 +00:00
tegge
8f4b15eccc Backout early start of APs since it caused some machines to hang. 1999-04-13 03:24:47 +00:00
eivind
c8003f9434 More consistent with surrounding style. (Hey - it looked great in the
diff...)

Prodded by:	bde
1999-04-12 14:34:52 +00:00
des
9ecd5a48c9 Typo in comment. 1999-04-12 10:07:15 +00:00
eivind
3208d85e73 Staticize. 1999-04-11 02:27:06 +00:00
eivind
081517e8b2 Staticize. 1999-04-11 02:17:47 +00:00
tegge
b149849b9f Add prototype for wait_ap(). 1999-04-11 00:43:43 +00:00
tegge
7b3fdbf486 Let BSP wait until all APs are initialized. 1999-04-10 22:58:29 +00:00
des
f9cbfc392a Allow setting MAXFILES in the kernel config. 1999-04-09 16:28:11 +00:00
nsayer
4d675dd8bf More secure clock management. Allow positive steps only once per second
for as much as one second, but no more. Allows a miscreant to
double-time march the clock, but no worse.

XXX Unlike putting negative deltas in a while(1), performing small
positive steps inside of a while(1) will return EPERM for the
unpermitted ones. Repeated negative deltas are clamped without
error (but the kernel does log a notice).
1999-04-07 19:48:09 +00:00
mjacob
32c3652183 Fix last delta so file would compile again- I think I got it
right. Add a clarifying (to me at least) comment. Some formatting
fixes.
1999-04-07 17:32:21 +00:00
peter
2680ced170 Disable the mtrr copy calls, it doesn't work with the i686_mem.c stuff.
This should make it compile/link again.
1999-04-07 17:08:40 +00:00
nsayer
0144e6c736 If securelevel>1, allow the clock to be adjusted negatively only up to
1 second prior to the highest the clock has run so far. This allows
time adjusters like xntpd to do their work, but the worst a miscreant
can do is "freeze" the clock, not go back in time.

We still need to decide on an algorithm to clamp positive adjustments.
As it stands, it is possible to achieve arbitrary negative adjustments
by "wrapping" time around.

PR:		10361
1999-04-07 16:36:56 +00:00
alc
7c9bf17e25 Fix a performance problem with the new getnewbuf() code: in an outofspace
condition ( bufspace > hibufspace ), an inappropriate scan of the empty
queue was performed looking for buffer space to free up.

Submitted by:	Matthew Dillon <dillon@apollo.backplane.com>
1999-04-07 02:41:54 +00:00
peter
399ad295b1 Use the reference counted PHOLD()/PRELE() rather than P_PHYSIO. 1999-04-06 03:04:47 +00:00
peter
8cc7f56269 Use the reference-counted PHOLD()/PRELE() rather than P_NOSWAP. 1999-04-06 03:03:34 +00:00
peter
28b4daeeae LK_RETRY is a vn_lock() flag, not one for lockmgr(). 1999-04-06 03:02:11 +00:00
julian
0ed09d2ad5 Catch a case spotted by Tor where files mmapped could leave garbage in the
unallocated parts of the last page when the file ended on a frag
but not a page boundary.
Delimitted by tags PRE_MATT_MMAP_EOF and POST_MATT_MMAP_EOF,
in files alpha/alpha/pmap.c i386/i386/pmap.c nfs/nfs_bio.c vm/pmap.h
    vm/vm_page.c vm/vm_page.h vm/vnode_pager.c miscfs/specfs/spec_vnops.c
    ufs/ufs/ufs_readwrite.c kern/vfs_bio.c

Submitted by: Matt Dillon <dillon@freebsd.org>
Reviewed by: Alan Cox <alc@freebsd.org>
1999-04-05 19:38:30 +00:00
dt
426a328be5 Regenerate (padding for pread and pwrite). 1999-04-04 21:43:36 +00:00
dt
f13dd5fa6d Add standard padding argument to pread and pwrite syscall. That should make them
NetBSD compatible.

Add parameter to fo_read and fo_write. (The only flag FOF_OFFSET mean that
the offset is set in the struct uio).

Factor out some common code from read/pread/write/pwrite syscalls.
1999-04-04 21:41:28 +00:00
phk
95a470c499 Fix a division which I had made a multiplication.
Fix return value from ntp_adjtime().

Submitted by:	jhay
1999-04-04 19:56:04 +00:00
phk
ec237a8695 Dang, lost some LL's there. 1999-04-04 10:53:59 +00:00
phk
c675a22738 Update to latest version from Dave Mills. Mostly textual. 1999-04-04 10:28:42 +00:00
jdp
60ad956050 Restore support for executing BSD/OS binaries on the i386 by passing
the address of the ps_strings structure to the process via %ebx.
For other kinds of binaries, %ebx is still zeroed as before.

Submitted by:	Thomas Stephens <tas@stephens.org>
Reviewed by:	jdp
1999-04-03 22:20:03 +00:00
phk
e4a7067080 Don't open window for race condition.
Detected by:	Reg Clemens <reg@dwf.com>
1999-04-02 13:57:21 +00:00
phk
291460bc14 Purging lint from the Bruce filter. 1999-03-30 09:00:45 +00:00