Commit Graph

681 Commits

Author SHA1 Message Date
phk
ca21a25f17 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
hoek
0f4a245030 .Xr chflags 1 , 1999-04-27 23:33:52 +00:00
imp
321c551969 First set of fixes to keep egcs happy. These include {} around single
statement if blocks[*] when the else could be ambiguous, not defaulting
to int type and removal of some unused variables.

[*] This is explicitly allowed by style(9) when the single statement
spans more than one line.

Reviewed by: obrien, chuckr
1999-04-25 21:13:34 +00:00
bde
27a850982e Reverted some more of rev.1.9 (emphasize that -H != -h). 1999-04-25 11:58:25 +00:00
dt
6ec46c7bd7 Quick fix to allow transfer files >2GB. 1999-04-25 10:36:00 +00:00
nik
34378e1d7c Revert part of the previous commit. Keep the example that shows how the
"-h" flag is used, but use "chown" in the example instead of "file".

Prompted by: bde
1999-04-24 10:08:09 +00:00
cracauer
da2b842fad Next approach to make loops in interactive interruptable.
PR:		bin/9173
1999-04-21 11:52:39 +00:00
max
3ee4dda734 Typo fix. 1999-04-19 18:48:26 +00:00
nik
4091174196 Change description of file(1) following symlinks to the truth (namely,
by default, file(1) does not follow symlinks, the -L flag must be
specified.

PR:		docs/8602
Submitted by:	Kazuo Horikawa <k-horik@yk.rim.or.jp>
Reviewed by:	nik
1999-04-14 18:45:07 +00:00
cracauer
fd7050b5fd Remove my temporary detection for PR 7059, Tor Egge fixed this bug.
PR:		7059
1999-04-13 12:43:55 +00:00
tegge
82a8c819f3 During variable expansion, the internal representation of the expression
might be relocated.  Handle this case.
PR:		7059
1999-04-13 04:13:09 +00:00
cracauer
6fcc4a0cb0 Fix typo in source-explaining comment. 1999-04-12 15:23:27 +00:00
cracauer
532c73c7d7 Add a guarded abort() for the problem in PR bin/7059 (no fix so far,
this is hairy).

Reformat this file to comply to style(9). It had mixed styles before.

PR:		bin/7059
1999-04-12 14:23:36 +00:00
tegge
e35119550e When a variable expansion is enclosed in double quotes, the internal
representation of the expression is quoted.  Take care of this when
doing pattern matching in conjunction with trimming.

	#!/bin/sh
	c=d:e; echo "${c%:e}"

PR:		NetBSD PR#7231
Noticed by:	Havard Eidnes <Havard.Eidnes@runit.sintef.no>
1999-04-09 15:23:48 +00:00
peter
ec2b45c067 Update p_flags doc. 1999-04-06 03:18:57 +00:00
peter
00ac022f64 Look at p_lock instead of P_NOSWAP etc as an indicator of unswappability.
(While here, put a #ifndef pgtok around the macro that gets a redefinition
 warning)
1999-04-06 03:17:57 +00:00
cracauer
1ea5fe55b8 In interactive shells, break loops to the topmost level when a child
is killed by a signal.

(In non-interactive shells - that means a shellscript - the shell just
exits, this was already working)

PR:		bin/9173
1999-04-03 12:55:51 +00:00
cracauer
affd55a23b Implement -a flag. A test shell script can be found at
http://www.cons.org/cracauer/download/sh-interrupt/testsuite/test_export.sh
The PR also had test cases the new version passes.

Fix typo in comment.

PR:		bin/1030
1999-04-03 11:41:46 +00:00
cracauer
b3dc9a5f33 -T was missing in the synopsis line.
Submitted by:	BDE
1999-04-02 09:28:00 +00:00
wpaul
9bde04a698 On FreeBSD/alpha, ps(1) does not correctly report process start times
and CPU runtime because it can't access the user area via /proc/<pid>/mem.
This is because the uarea is not mapped into the process address space
at USRSTACK on the alpha like it is on the x86.

Since I'm haven't been able to wrap my brain around the VM system enough
to be able to figure out how to achieve this mapping, and since it's
questionable that such an architectural change is correct, I implemented
a workaround to allow ps(1) to read the uarea from /dev/kmem using
kvm_read() instead of from the process address space via kvm_uread().
The kludge is hidden inside #ifdef __alpha__/#endif so as not to impact
the x86. (Note that top(1) probably uses this same gimmick since it works
on FreeBSD/alpha.)

Reviewed by: dfr
1999-04-01 14:45:18 +00:00
cracauer
5610584759 The immediate execution of traps I introduced in September 1998 (to
make /etc/rc interruptible in cases when programs hang with blocked
signals) isn't standard enough.

It is now switched off by default and a new switch -T enables it.

You should update /etc/rc to the version I'm about to commit in a few
minutes to keep it interruptible.
1999-04-01 13:27:36 +00:00
brian
52fb511664 sh doesn't support <> redirections.
PR:	7325
1999-03-31 21:02:01 +00:00
brian
f5ccad82da Support seconds with -v.
PR:		6308
Submitted by:	Max Euston <meuston@jmrodgers.com>
1999-03-09 09:38:54 +00:00
jkh
d0aab313ef Don't emit usage() message when no arguments given to -f. This
appears to be consistent with other Unixen, like Solaris.

PR:		10240
Submitted by:	jun_sun@hlla.is.tsukuba.ac.jp
1999-02-25 22:18:08 +00:00
fenner
1fff269456 Clean up some .Os macro uses: quotes are not needed, multiple arguments
don't really work if the first one isn't "FreeBSD", and "FreeBSD-Experimental"
isn't an OS name.
1999-02-15 08:34:14 +00:00
alex
95c394b70e Removed occurrences of consecutive repeated words (such as "the the"). 1999-02-12 02:12:08 +00:00
wollman
0f1371bcfb Fix synopsis to match 1003.2. Add text describing the way in which
our implementation does not meet 1003.2 (rather than the now outdated
``is expected to comply' language).
1999-01-28 17:41:02 +00:00
julian
05a2232887 Enable Linux threads support by default.
This takes the conditionals out of the code that has been tested by
various people for a while.
ps and friends (libkvm) will need a recompile as some proc structure
changes are made.

Submitted by:	"Richard Seaman, Jr." <dick@tar.com>
1999-01-26 02:38:12 +00:00
danny
6ed0387d6b Example "19%y" changed to "%Y" to discourage poor usage. 1999-01-13 07:01:07 +00:00
julian
e9b13157ad Re-enable the options in ps(1) that were disabled with the Linux
threads support.

Submitted by:	"Richard Seaman, Jr." <dick@tar.com>
1999-01-13 03:11:43 +00:00
julian
61490236bc Reviewed by: Luoqi Chen, Jordan Hubbard
Submitted by:	 "Richard Seaman, Jr." <lists@tar.com>
Obtained from:	linux :-)

Code to allow Linux Threads to run under FreeBSD.

By default not enabled
This code is dependent on the conditional
COMPAT_LINUX_THREADS (suggested by Garret)
This is not yet a 'real' option but will be within some number of hours.
1998-12-19 02:55:34 +00:00
jkoshy
50a4f62af0 Add references to test(1) and expr(1). 1998-12-18 03:51:18 +00:00
jkoshy
1f0db97d01 Add cross-references to test(1) and expr(1) respectively.
PR: 		docs/9111
Submitted by:	Josh Gilliam <josh@quick.net>
1998-12-18 03:16:47 +00:00
peter
858805daf7 Cleaning out old stuff from one of my source trees:
use mkdtemp() rather than mktemp() and fix a trivial memory leak.
1998-12-16 05:29:09 +00:00
imp
3b3da1d9ef Free memory from setmode.
Obtained from: OpenBSD
1998-12-16 04:45:35 +00:00
imp
499ab4bd0d Use getcwd in stead of using getwd so that we try harder to avoid
overflowing a buffer.

Obtained from: Either OpenBSD or a discussion in bugtraq.
1998-12-16 04:44:32 +00:00
imp
a15b387ba9 Free memory obtained from setmode.
Obtained from: OpenBSD
1998-12-16 04:42:33 +00:00
bde
325019ad69 Don't put compiler warning flags in leaf Makefiles. 1998-12-07 12:50:48 +00:00
bde
38bdbdd81a CFLAGS+= -Wall -Wformat for all of src/bin. All warnings except 2 minor
ones in rmail have been fixed.
1998-12-07 12:44:12 +00:00
bde
670450a851 Fixed printf format errors. 1998-12-07 12:37:11 +00:00
bde
c586f2866a Fixed warnx format errors in printf and csh, and snprintf format errors
in sh, by using separate macros for the 1, 2 and 3-arg calls to warnx.
(The 3-arg warnx macro in sh/bltin/bltin.h used to require bogus dummy
args.)
1998-12-07 12:14:04 +00:00
bde
5462b94b62 Fixed -Wall regression (broken in rev.1.12). Removed unused includes. 1998-12-07 10:25:48 +00:00
bde
3fbe04f245 Fixed printf format errors (new bugs in rev.1.7). Fixed a spelling error
(rev.1.7 blew away most of rev.1.2-1.6; I'm only fixing blowing away of
rev.1.4).
1998-12-07 10:16:58 +00:00
archie
167c036e91 Tweaks to allow compiling -Wall (mostly adding "const" to char rcsid[]). 1998-12-06 22:58:23 +00:00
obrien
28f22f9b9d Rev 1.13 fixes PR bin/8958 1998-12-06 05:49:29 +00:00
obrien
97f6d04b8b There is a bug in /bin/pax -s option processing. The code assumes that all
pattern matches will occur at offset zero of the source string.  The bug causes
the input source string pointer to be incremented by the offset of the end of
the match, instead of it's length.  The fix is to only increment the pointer by
the length of the pattern match (eo-so).

Of course, the one example in the man page shows a situation where the match
occurs at offset 0.

Submitted by:	John W. DeBoskey <jwd@unx.sas.com>
Obtained from:	freebsd-current@freebsd.org
1998-12-05 10:29:10 +00:00
billf
a20e40c35a Fix typo. "If the an entry" --> "If an entry"
PR:		docs/8140
Submitted by:	Sue Blake <sue@vedanix.welearn.com.au>
1998-12-02 23:20:11 +00:00
billf
a561427332 superceded -> superseded, which after some debate on #FreeBSD is in
fact the proper spelling.

PR:		docs/8697
Submitted by:	Sascha Blank <blank@fox.uni-trier.de>
1998-11-30 23:05:38 +00:00
billf
5e6fda58da changable -> changeable
PR:		docs/8697
Submitted by:	Sascha Blank <blank@fox.uni-trier.de>
1998-11-30 22:56:44 +00:00
bde
bddae886ca Describe `bs=n' more precisely. Fixed some English errors.
Obtained from:		OpenBSD
1998-11-29 13:54:20 +00:00