Commit Graph

88 Commits

Author SHA1 Message Date
phk
ca21a25f17 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
phk
16e3fbd2c1 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
phk
291460bc14 Purging lint from the Bruce filter. 1999-03-30 09:00:45 +00:00
phk
a6cff8a405 Fix some nasty hangs if garbage were passed.
Noticed by:	Emmanuel DELOGET <pixel@DotCom.FR>
Remembered by:	msmith
1999-03-23 14:23:15 +00:00
dfr
22ceb237f0 * Change sysctl from using linker_set to construct its tree using SLISTs.
This makes it possible to change the sysctl tree at runtime.

* Change KLD to find and register any sysctl nodes contained in the loaded
  file and to unregister them when the file is unloaded.

Reviewed by: Archie Cobbs <archie@whistle.com>,
	Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
1999-02-16 10:49:55 +00:00
phk
5be9d2c45d Back out last change to sysctl.
It was nay'ed before committing on the grounds that this is not
the way to do it, and has been decided as such several times in
the past.

There is not point in loading gobs of ascii into the kernel when
the only use of that ascii is presentation to the user.

Next thing we'd be adding all section 4 man pages to the loaded
kernel as well.

The argument about KLD's is bogus, klds can store a file in
/usr/share/doc/sysctl/dev/foo/thisvar.txt with a description and
sysctl or other facilities can pick it up there.

Proper documentation will take several K worth of text for many
sysctl variables, we don't want that in the kernel under any
circumstances.

I will welcome any well thought out attempt at improving the
situation wrt. sysctl documentation, but this wasn't it.
1999-01-10 07:45:33 +00:00
des
710c564eff Add kernel support for sysctl descriptions. The NO_SYSCTL_DESCRIPTIONS option
disables them if they're not wanted; in that case, sysctl_sysctl_descr will
always return an empty string.

Apporved by:	jkh
1999-01-10 05:33:43 +00:00
dfr
9238b8271d Fix some 64bit truncation problems which crept into SYSCTL_LONG() with the
last cleanup.  Since the oid_arg2 field of struct sysctl_oid is not wide
enough to hold a long, the SYSCTL_LONG() macro has been modified to only
support exporting long variables by pointer instead of by value.

Reviewed by: bde
1998-12-27 18:03:29 +00:00
truckman
cd7e13cf0f Add a generic flag, CTLFLAG_SECURE, which can be used to mark a sysctl
variable unwriteable when securelevel > 0.
Reviewed by: jdp, eivind
1998-12-13 07:19:13 +00:00
archie
982e80577d Examine all occurrences of sprintf(), strcat(), and str[n]cpy()
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.

These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.

Reviewed by:	Bruce Evans <bde@zeta.org.au>
Reviewed by:	Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by:	Mike Spengler <mks@networkcs.com>
1998-12-04 22:54:57 +00:00
peter
464de37ce6 *gulp*. Jordan specifically OK'ed this..
This is the bulk of the support for doing kld modules.  Two linker_sets
were replaced by SYSINIT()'s.  VFS's and exec handlers are self registered.
kld is now a superset of lkm.  I have converted most of them, they will
follow as a seperate commit as samples.
This all still works as a static a.out kernel using LKM's.
1998-10-16 03:55:01 +00:00
bde
0f44756d5a Ignore the statically configured vfs type numbers and assign vfs
type numbers in vfs attach order (modulo incomplete reuse of old
numbers after vfs LKMs are unloaded).  This requires reinitializing
the sysctl tree (or at least the vfs subtree) for vfs's that support
sysctls (currently only nfs).  sysctl_order() already handled
reinitialization reasonably except it checked for annulled self
references in the wrong place.

Fixed sysctls for vfs LKMs.
1998-09-05 17:13:28 +00:00
bde
572c995dfc Fixed bogotification of pseudocode for syscall args by rev.1.53 of
syscalls.master.
1998-09-05 14:30:11 +00:00
dfr
5fdaeb281d Change various syscalls to use size_t arguments instead of u_int.
Add some overflow checks to read/write (from bde).

Change all modifications to vm_page::flags, vm_page::busy, vm_object::flags
and vm_object::paging_in_progress to use operations which are not
interruptable.

Reviewed by: Bruce Evans <bde@zeta.org.au>
1998-08-24 08:39:39 +00:00
eivind
01dd6091ed Make COMPAT_43 and COMPAT_SUNOS new-style options. 1997-12-16 17:40:42 +00:00
phk
4c8218a5c7 Move the "retval" (3rd) parameter from all syscall functions and put
it in struct proc instead.

This fixes a boatload of compiler warning, and removes a lot of cruft
from the sources.

I have not removed the /*ARGSUSED*/, they will require some looking at.

libkvm, ps and other userland struct proc frobbing programs will need
recompiled.
1997-11-06 19:29:57 +00:00
phk
36e7a51ea1 Last major round (Unless Bruce thinks of somthing :-) of malloc changes.
Distribute all but the most fundamental malloc types.  This time I also
remembered the trick to making things static:  Put "static" in front of
them.

A couple of finer points by:	bde
1997-10-12 20:26:33 +00:00
phk
645e7b2ab6 Distribute and statizice a lot of the malloc M_* types.
Substantial input from:	bde
1997-10-11 18:31:40 +00:00
bde
0bbbf42ba9 Include <sys/buf.h> instead of <sys/vnode.h>. kern_sysctl.c no
longer has anything to do with vnodes and never had anything to do
with buffers, but it needs the definitions of B_READ and B_WRITE
for use with the bogus useracc() interface and was getting them
bogusly due to excessive cleanups in rev.1.49.
1997-04-09 15:23:09 +00:00
peter
94b6d72794 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
bde
da9d173299 Fixed garbage being returned for constant int values, e.g., for
KERN_SAVED_IDS.

Should be in 2.2.

Reviewed by:	phk
Found by:	NIST-PCTS
1996-12-15 14:38:46 +00:00
bde
e5c4f61fd1 Fixed bogus casts (const on the wrong *' in **') in a qsort-comparision
function.
1996-09-03 22:26:31 +00:00
bde
7d4c1814f6 Don't depend in the kernel on the gcc feature of doing arithmetic on
pointers of type `void *'.  Warn about this in future.
1996-08-31 14:48:13 +00:00
nate
68b3f1ce70 Implemented 'kern_sysctl', which differs from 'userland_sysctl' in that
it assumes all of the data exists in the kernel.  Also, fix
sysctl_new-kernel (unused until now) which had reversed operands to
bcopy().

Reviewed by:	phk

Poul writes:
... actually the lock/sleep/wakeup cruft shouldn't be needed in the
kernel version I think, but just leave it there for now.
1996-06-10 16:23:42 +00:00
phk
09a08e98f0 If handler function returns EAGAIN, restart operation. 1996-06-06 17:17:54 +00:00
phk
52978a6ce9 Fix a longstanding bug and a buglet of no significance.
Now net.ipx works.

Noticed by:	John Hay -- John.Hay@csir.co.za
1996-04-13 13:28:54 +00:00
phk
f7f7113b0b Move the "mib" variables out to their own file. 1996-04-07 13:03:06 +00:00
hsu
74c95b5d5b From Lite2: rename fs to vfs.
Reviewed by:	davidg & bde
1996-03-11 02:18:23 +00:00
peter
b8347dacd2 Fix the reversed source and dest args to bcopy() in the kernel space
sysctl handler (ouch!)

Add a "const" qualifier to the source of the copyin() and copyout()
functions - the other const warning in kern_sysctl.c was silenced when
copyout was declared as having a const source.. (which it is)
1996-01-01 17:05:07 +00:00
phk
baca7dc09c Add an obscure feature, needed for debugging. 1995-12-17 21:11:22 +00:00
phk
63ec2c0ae9 A Major staticize sweep. Generates a couple of warnings that I'll deal
with later.
A number of unused vars removed.
A number of unused procs removed or #ifdefed.
1995-12-14 08:32:45 +00:00
dg
c30f46c534 Untangled the vm.h include file spaghetti. 1995-12-07 12:48:31 +00:00
phk
ae642367e2 A couple of minor tweaks to the sysctl stuff. 1995-12-06 13:27:39 +00:00
bde
699ff01f66 Include <vm/vm.h> or <vm/vm_page.h> explicitly to avoid breaking when
vnode_if.h doesn't include vm stuff.
1995-12-05 21:51:45 +00:00
phk
6b7609f909 A major sweep over the sysctl stuff.
Move a lot of variables home to their own code (In good time before xmas :-)

Introduce the string descrition of format.

Add a couple more functions to poke into these marvels, while I try to
decide what the correct interface should look like.

Next is adding vars on the fly, and sysctl looking at them too.

Removed a tine bit of defunct and #ifdefed notused code in swapgeneric.
1995-12-04 16:48:58 +00:00
phk
d0c66446cc Mega commit for sysctl.
Convert the remaining sysctl stuff to the new way of doing things.
the devconf stuff is the reason for the large number of files.
Cleaned up some compiler warnings while I were there.
1995-11-20 12:42:39 +00:00
phk
7631637fd4 All net.* sysctl converted now. 1995-11-16 19:00:27 +00:00
phk
39e0ab2a22 Do what is generally belived to be the right thing, though it may not be :-) 1995-11-14 20:43:29 +00:00
phk
8d3e9824b0 Final part of this bunch of sysctl commits: cleanup. 1995-11-14 09:42:22 +00:00
phk
df7c5ad2a5 Get rid of the last debug sysctl variables of the old style. 1995-11-14 09:40:06 +00:00
phk
ec15d167b9 Get rid of hostnamelen variable. 1995-11-14 09:37:22 +00:00
phk
0cd6c033b7 Move all the VM sysctl stuff home where it belongs. 1995-11-14 09:29:34 +00:00
phk
c04786d47c A couple of nitpicks. 1995-11-14 09:26:17 +00:00
phk
fb71a2c5dd Convert dumpdev & securelevel. 1995-11-14 09:22:15 +00:00
phk
f8d7b213d8 KERN_MAXFILESPERPROC, KERN_MAXFILES went to another file. 1995-11-14 09:17:32 +00:00
phk
c23e20dc57 Get rid of domainnamelen. 1995-11-14 09:10:54 +00:00
phk
08ab771c4d Move KERN_NTP to a more suitable file. 1995-11-14 09:07:14 +00:00
phk
32605f2bff Move the process-table stuff to a more suitable file.
Remove filetable stuff from kern_sysctl.c
1995-11-14 09:05:40 +00:00
phk
d5b9afd781 Try to make my new scheme work more along the lines of the manual.
There are still some gray areas here and there.
1995-11-13 13:54:09 +00:00