Commit Graph

49 Commits

Author SHA1 Message Date
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Mike Smith
f8dc47162a Allow loadable interface drivers with BPF support to be loaded into a kernel
that doesn't have it.  This is achieved by having minimal do-nothing stubs
enabled when there are no bpfilter devices configured.

Driver modules should be built with BPF enabled for maximum
convenience (but can be built without it for maximum performance).
1999-04-28 01:18:13 +00:00
Matthew Dillon
831a80b0d5 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 22:42:27 +00:00
Archie Cobbs
f1d19042b0 The "easy" fixes for compiling the kernel -Wunused: remove unreferenced static
and local variables, goto labels, and functions declared but not defined.
1998-12-07 21:58:50 +00:00
Don Lewis
831d27a9f5 Installed the second patch attached to kern/7899 with some changes suggested
by bde, a few other tweaks to get the patch to apply cleanly again and
some improvements to the comments.

This change closes some fairly minor security holes associated with
F_SETOWN, fixes a few bugs, and removes some limitations that F_SETOWN
had on tty devices.  For more details, see the description on the PR.

Because this patch increases the size of the proc and pgrp structures,
it is necessary to re-install the includes and recompile libkvm,
the vinum lkm, fstat, gcore, gdb, ipfilter, ps, top, and w.

PR:		kern/7899
Reviewed by:	bde, elvind
1998-11-11 10:04:13 +00:00
Alexander Langer
bdc2cdc5fe Check the timeval passed to BIOCSRTIMEOUT with itimerfix. Use tvtohz()
to convert the timeval into a tick count.

Suggested by:	bde
Reviewed by:	bde

Handle hz > 1000 in BIOCGRTIMEOUT.

Pointed out by:	bde
Reviewed by:	bde
Obtained from:	OpenBSD
1998-10-08 00:32:08 +00:00
Alexander Langer
8bcbc7df27 The length argument for bcopy is a size_t, not u_int. Adjust
bpf_mcopy() and catchpacket() prototypes accordingly.
1998-10-04 23:04:48 +00:00
Alexander Langer
ee6f62ee47 Support hz > 1000 (Alpha) in BIOCSRTIMEOUT.
Obtained from:	OpenBSD
1998-10-04 17:20:22 +00:00
Andrey A. Chernov
22f05c4320 Implement DLT_RAW from libpcap 1998-08-18 10:13:11 +00:00
Kenjiro Cho
4f53e3cc7a update ATM driver. (base version: midway.c 1.67 --> 1.68)
several new features are added:
	- support vc/vp shaping
	- support pvc shadow interface

code cleanup:
	- remove WMAYBE related code.  ENI WMAYBE DMA doen't work.
	- remove updating if_lastchange for every packet.
	- BPF related code is moved to midway.c as it should be.
	  (bpfwrite should work if atm_pseudohdr and LLC/SNAP are
	  prepended.)
	- BPF link type is changed to DLT_ATM_RFC1483.
	  BPF now understands only LLC/SNAP!! (because bpf can't
	  handle variable link header length.)
	  It is recommended to use LLC/SNAP instead of NULL
	  encapsulation for various reasons.  (BPF, IPv6,
	  interoperability, etc.)

the code has been used for months in ALTQ and KAME IPv6.

OKed by phk long time ago.
1998-07-29 05:35:16 +00:00
Doug Rabson
ecbb00a262 This commit fixes various 64bit portability problems required for
FreeBSD/alpha.  The most significant item is to change the command
argument to ioctl functions from int to u_long.  This change brings us
inline with various other BSD versions.  Driver writers may like to
use (__FreeBSD_version == 300003) to detect this change.

The prototype FreeBSD/alpha machdep will follow in a couple of days
time.
1998-06-07 17:13:14 +00:00
Bruce Evans
e31abede1f Don't depend on "implicit int" or bloat the data section in the
declaration of xxx_devsw_installed.
1998-02-20 13:46:58 +00:00
Eivind Eklund
7b778b5e61 Make all file-system (MFS, FFS, NFS, LFS, DEVFS) related option new-style.
This introduce an xxxFS_BOOT for each of the rootable filesystems.
(Presently not required, but encouraged to allow a smooth move of option *FS
to opt_dontuse.h later.)

LFS is temporarily disabled, and will be re-enabled tomorrow.
1998-01-24 02:54:56 +00:00
Bruce Evans
fba9235d76 Removed unused #includes.
Fixed nonblocking mode.  It was per-device instead of per-file.  This
also fixes clobbering of bd_rtout by overloading it to hold a wrong
version of the blocking flag.  I hope nothing depends on the bugs.
1997-11-18 16:29:53 +00:00
Julian Elischer
ed0af9bc44 Allow interfaces to be attached to bpf at times other than boot.
doing so without this patch leads to an infinite loop in the kernel.
1997-10-03 21:32:05 +00:00
Bruce Evans
514ede0953 Fixed gratuitous ANSIisms. 1997-09-16 11:44:05 +00:00
Peter Wemm
243ac7d85a select -> poll
Obtained from: NetBSD (I think)
1997-09-14 03:03:05 +00:00
Bruce Evans
4d1d4912ae Added used #include - don't depend on <sys/mbuf.h> including
<sys/malloc.h> (unless we only use the bogusly shared M*WAIT flags).
1997-09-02 01:19:47 +00:00
Bruce Evans
528f627f00 Don't include <sys/ioctl.h> in the kernel. Stage 6: include
<sys/filio.h>, <sys/sockio.h> and <sys/ttycom.h> instead of
<sys/ioctl.h> in a couple of files.  This is still only 1/3
as spammish as <sys/ioctl.h> - 5 or 6 old tty ioctl headers
aren't needed.
1997-03-24 12:12:36 +00:00
Bruce Evans
3ac4d1ef0c Don't #include <sys/fcntl.h> in <sys/file.h> if KERNEL is defined.
Fixed everything that depended on getting fcntl.h stuff from the wrong
place.  Most things don't depend on file.h stuff at all.
1997-03-23 03:37:54 +00:00
Peter Wemm
6875d25465 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Garrett Wollman
4f079e2ff0 Correctly account for header length in m_pkthdr.len when sending
packets through BPF.

Submitted by:	seki@sysrap.cs.fujitsu.co.jp in PR#2415
1997-01-08 14:17:27 +00:00
Bruce Evans
0453d3cbb3 Changed some memcpy()'s back to bcopy()'s.
gcc only inlines memcpy()'s whose count is constant and didn't inline
these.  I want memcpy() in the kernel go away so that it's obvious that
it doesn't need to be optimized.  Now it is only used for one struct
copy in si.c.
1996-06-08 08:19:03 +00:00
David Greenman
a76f92a8f0 Fix bug in bpf_ifname() where the unit didn't get added correctly to the
name string. This function should be rewritten to deal with more than
10 units of a given type.

Pointed out by:	jmf@free-gate.com (Jean-Marc Frailong)
(I fixed it slightly differently)
1996-06-08 06:12:58 +00:00
Bruce Evans
3157adc8af Removed now-unused #includes of <machine/cpu.h>. They were for bootverbose
being declared in the wrong place.
1996-04-07 17:32:42 +00:00
Marc G. Fournier
ccbc58d3ca Using devfs_add_devswf() instead of devfs_add_devsw()
Reviewed by:	julian@freebsd.org
1996-03-28 14:33:59 +00:00
Garrett Wollman
9b44ff2214 Clean up Ethernet drivers:
- fill in and use ifp->if_softc
	- use if_bpf rather than private cookie variables
	- change bpf interface to take advantage of this
	- call ether_ifattach() directly from Ethernet drivers
	- delete kludge in if_attach() that did this indirectly
1996-02-06 18:51:28 +00:00
Poul-Henning Kamp
f708ef1b9e Another mega commit to staticize things. 1995-12-14 09:55:16 +00:00
Poul-Henning Kamp
d2f265fab8 Julian forgot to make the *devsw structures static. 1995-12-08 23:23:00 +00:00
Julian Elischer
87f6c6625d Pass 3 of the great devsw changes
most devsw referenced functions are now static, as they are
in the same file as their devsw structure. I've also added DEVFS
support for nearly every device in the system, however
many of the devices have 'incorrect' names under DEVFS
because I couldn't quickly work out the correct naming conventions.
(but devfs won't be coming on line for a month or so anyhow so that doesn't
matter)

If you "OWN" a device which would normally have an entry in /dev
then search for the devfs_add_devsw() entries and munge to make them right..
check out similar devices to see what I might have done in them in you
can't see what's going on..
for a laugh compare conf.c conf.h defore and after... :)
I have not doen DEVFS entries for any DISKSLICE devices yet as that will be
a much more complicated job.. (pass 5 :)

pass 4 will be to make the devsw tables of type (cdevsw * )
rather than (cdevsw)
seems to work here..
complaints to the usual places.. :)
1995-12-08 11:19:42 +00:00
Bruce Evans
0310c19f5d Replaced #includes of <sys/user.h> by less gross headers, usually
<sys/vm.h>.  Many device drivers need only the definition of vtophys()
from vm.

Added nearby #includes of <sys/conf.h> where appropriate.
1995-12-06 23:52:35 +00:00
Bruce Evans
ce7609a49c Completed function declarations and/or added prototypes. 1995-12-02 19:38:06 +00:00
Julian Elischer
7198bf4725 If you're going to mechanically replicate something in 50 files
it's best to not have a (compiles cleanly) typo in it! (sigh)
1995-11-29 14:41:20 +00:00
Julian Elischer
53ac6efbd8 OK, that's it..
That's EVERY SINGLE driver that has an entry in conf.c..
my next trick will be to define cdevsw[] and bdevsw[]
as empty arrays and remove all those DAMNED defines as well..

Each of these drivers has a SYSINIT linker set entry
that comes in very early.. and asks teh driver to add it's own
entry to the two devsw[] tables.

some slight reworking of the commits from yesterday (added the SYSINIT
stuff and some usually wrong but token DEVFS entries to all these
devices.

BTW does anyone know where the 'ata' entries in conf.c actually reside?
seems we don't actually have a 'ataopen() etc...

If you want to add a new device in conf.c
please  make sure I know
so I can keep it up to date too..

as before, this is all dependent on #if defined(JREMOD)
(and #ifdef DEVFS in parts)
1995-11-29 10:49:16 +00:00
Poul-Henning Kamp
c9d160712f Fix #includes. 1995-11-20 12:29:05 +00:00
Garrett Wollman
963e4c2a50 Fix BPf to generate a header mbuf for writes.
Fix loopback and discard interfaces to understand BPF writes.
(These two from Bill Fenner to fix PR 512.)

Move ifpromisc() from bpf.c to if.c as suggested by comment in BPF.
Send a notice to the log when promiscuous mode is enabled.
1995-09-22 17:57:48 +00:00
Garrett Wollman
2eeab93993 Only print `bpf: foo0 attached' if bootverbose. 1995-09-20 20:48:29 +00:00
Bruce Evans
6003967057 Fix benign type mismatches in devsw functions. 82 out of 299 devsw
functions were wrong.
1995-09-08 11:09:15 +00:00
Peter Wemm
f0448ae4a2 Fix panic("ifpromisc failed") when shutting down a bpf tap when the attached
interface is no longer IFF_UP.
The test for IFF_UP in ifpromisc is only useful while enabling IFF_PROMISC
and the higher levels of the bpf code do not allow for the possibility of
failure while shutting down.  This is a trivial change.
Also, fixes PR#522.
1995-07-31 10:35:36 +00:00
Bruce Evans
97e156674d Don't include <sys/tty.h> in drivers that aren't tty drivers or in general
files that don't depend on the internals of <sys/tty.h>
1995-07-16 10:13:08 +00:00
Paul Traina
00a838879b Give the BPF the ability to generate signals when a packet is available.
Reviewed by:	pst & wollman
Submitted by:	grossman@cygnus.com
1995-06-15 18:11:00 +00:00
Rodney W. Grimes
9b2e535452 Remove trailing whitespace. 1995-05-30 08:16:23 +00:00
David Greenman
94a5d9b6a1 Replaced some bcopy()'s with memcpy()'s so that gcc while inline/optimize. 1995-05-09 13:35:48 +00:00
David Greenman
d41f24e742 Added support for generic FDDI and the DEC DEFEA and DEFPA FDDI adapters.
Submitted by:	Matt Thomas
1995-03-14 09:16:07 +00:00
David Greenman
35c10d2239 Got rid of map.h. It's a leftover from the rmap code, and we use rlists.
Changed swapmap into swaplist.
1994-10-09 07:35:18 +00:00
David Greenman
7b42c960f8 1) cleaned up after Garrett - fixed more redundant declarations, changed
use of timeout_t -> timeout_func_t in aha1542 and aha1742 drivers.
2) fix a bug in the portalfs that was uncovered by better prototyping -
   specifically, the time must be converted from timeval to timespec
   before storing in va_atime.
3) fixed/added some miscellaneous prototypes
1994-08-20 03:49:02 +00:00
David Greenman
3c4dd3568f Added $Id$ 1994-08-02 07:55:43 +00:00
Rodney W. Grimes
df8bae1de4 BSD 4.4 Lite Kernel Sources 1994-05-24 10:09:53 +00:00