201 Commits

Author SHA1 Message Date
Poul-Henning Kamp
75c1354190 This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing.  The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.

For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact:  "real virtual servers".

Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.

Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.

It generally does what one would expect, but setting up a jail
still takes a little knowledge.

A few notes:

   I have no scripts for setting up a jail, don't ask me for them.

   The IP number should be an alias on one of the interfaces.

   mount a /proc in each jail, it will make ps more useable.

   /proc/<pid>/status tells the hostname of the prison for
   jailed processes.

   Quotas are only sensible if you have a mountpoint per prison.

   There are no privisions for stopping resource-hogging.

   Some "#ifdef INET" and similar may be missing (send patches!)

If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!

Tools, comments, patches & documentation most welcome.

Have fun...

Sponsored by:   http://www.rndassociates.com/
Run for almost a year by:       http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
Poul-Henning Kamp
f711d546d2 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
Dmitrij Tejblum
f1cde7a270 Back out half of 1.32: don't print a message on every failed mount attempt.
It is too chatty and hardly useful. 2 mesages in somewhat usual cases are
left for now.
1999-03-28 23:00:33 +00:00
Matthew Dillon
831a80b0d5 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 22:42:27 +00:00
Dmitrij Tejblum
57081f7b94 Now empty DOS filesystems default to long file names. Non-empty filesystems
without traces of Win95 default to short file names, as before.
1999-01-02 18:52:13 +00:00
Dmitrij Tejblum
9d9fdb45c5 Ensure that deHighClust in direntry always initialized.
Noticed by: 	Carl Mascott <cmascott@world.std.com>

Don't write access time of a file more than once per day. (Its precision is
1 day anyway). Don't try to write access and creation time in nonwin95 case.

Suggested by:	bde (long time ago).
1999-01-02 13:26:29 +00:00
Bruce Evans
289bdf33d3 Ifdefed conditionally used simplock variables. 1999-01-02 11:34:57 +00:00
Archie Cobbs
f1d19042b0 The "easy" fixes for compiling the kernel -Wunused: remove unreferenced static
and local variables, goto labels, and functions declared but not defined.
1998-12-07 21:58:50 +00:00
Dmitrij Tejblum
5c5926277e Honor MNT_NOATIME.
PR:		8383
Submitted by:	Carl Mascott <cmascott@world.std.com>
1998-11-29 22:38:57 +00:00
Dmitrij Tejblum
bad3d41d83 Support NT VFAT lower case flags.
PR:		8383
(Mostly) Submitted by:	Carl Mascott <cmascott@world.std.com>
1998-11-21 00:20:24 +00:00
Peter Wemm
1c5bb3eaa1 add #include <sys/kernel.h> where it's needed by MALLOC_DEFINE() 1998-11-10 09:16:29 +00:00
Peter Wemm
40c8cfe552 Use TAILQ macros for clean/dirty block list processing. Set b_xflags
rather than abusing the list next pointer with a magic number.
1998-10-31 15:31:29 +00:00
Peter Wemm
44fdad9976 Use vtruncbuf() rather than vinvalbuf() when shortening files. 1998-10-29 09:29:17 +00:00
Bruce Evans
65baf8f06b Don't follow null bdevsw pointers. The `major(dev) < nblkdev' test rotted
when bdevsw[] became sparse.  We still depend on magic to avoid having to
check that (v_rdev) device numbers in vnodes are not NODEV.
1998-10-25 19:26:18 +00:00
Dmitrij Tejblum
5d3e2869e5 Remove unused variable.
Pointed out by:	bde
1998-09-13 15:40:31 +00:00
Dmitrij Tejblum
e27b047ccf Fix a bug related to renaming in root directory. This bug reported by
Cejka Rudolf <cejkar@dcse.fee.vutbr.cz> on freebsd-current in Messaage-Id
<199807141023.MAA09803@kazi.dcse.fee.vutbr.cz>.

Reviewed by:	bde
1998-09-13 15:39:01 +00:00
Bruce Evans
8994ca3ce9 Removed statically configured mount type numbers (MOUNT_*) and all
references to them.

The change a couple of days ago to ignore these numbers in statically
configured vfsconf structs was slightly premature because the cd9660,
cfs, devfs, ext2fs, nfs vfs's still used MOUNT_* instead of the number
in their vfsconf struct.
1998-09-07 13:17:06 +00:00
Bruce Evans
0492d857d1 Removed unused includes. 1998-08-17 19:09:36 +00:00
Bruce Evans
ac1e407b32 Fixed printf format errors. 1998-07-11 07:46:16 +00:00
Julian Elischer
fd5d1124e2 VOP_STRATEGY grows an (struct vnode *) argument
as the value in b_vp is often not really what you want.
(and needs to be frobbed). more cleanups will follow this.
Reviewed by: Bruce Evans <bde@freebsd.org>
1998-07-04 20:45:42 +00:00
Dmitrij Tejblum
40b0939a15 Back out previous change. This behavior is at least completely
"susv2"-compliant.
1998-06-10 13:46:46 +00:00
Dmitrij Tejblum
75065d2cd8 Also return EOPNOTSUPP rather than EINVAL for not supported owner and group
changes.
1998-06-10 11:36:01 +00:00
Peter Wemm
c3a24f69d9 Return EOPNOTSUPP rather than EINVAL for flags that are not supported. 1998-06-10 06:30:31 +00:00
Dmitrij Tejblum
ffbdd68eba Fix typo in a comment. 1998-06-09 13:20:29 +00:00
Dmitrij Tejblum
af9f1d50ae Fix priority bug in previous commit.
Submitted by:	bde
1998-05-18 10:24:26 +00:00
Dmitrij Tejblum
011cdb576c Fix support for pre-Win95 filesystems: Make it possible to lookup just
created short file name. Don't insert "generation numbers".
1998-05-17 21:18:08 +00:00
Dmitrij Tejblum
058ef24617 Remove bogus LK_RETRY.
Submitted by:	bde
1998-05-17 21:03:35 +00:00
Bruce Evans
5097a20d6e Don't forget to clean up after an error reading the directory entry
in deget().
1998-05-17 18:09:28 +00:00
Bruce Evans
84de3fb77d Removed vestiges of pre-Lite2 locking. 1998-05-17 18:00:45 +00:00
Poul-Henning Kamp
c21410e119 s/nanoruntime/nanouptime/g
s/microruntime/microuptime/g

Reviewed by:	bde
1998-05-17 11:53:46 +00:00
Dmitrij Tejblum
191e6fd0b6 Fix off by ane error in previous commit.
This caused following commands:
	mkdir z
	cd z
	touch A B
	mv B A
corrupt the '..' entry in 'z'.

Reported by:	bde
1998-05-09 09:36:38 +00:00
Mike Smith
7be2d30077 In the words of the submitter:
---------
Make callers of namei() responsible for releasing references or locks
instead of having the underlying filesystems do it.  This eliminates
redundancy in all terminal filesystems and makes it possible for stacked
transport layers such as umapfs or nullfs to operate correctly.

Quality testing was done with testvn, and lat_fs from the lmbench suite.

Some NFS client testing courtesy of Patrik Kudo.

vop_mknod and vop_symlink still release the returned vpp.  vop_rename
still releases 4 vnode arguments before it returns.  These remaining cases
will be corrected in the next set of patches.
---------

Submitted by:	Michael Hancock <michaelh@cet.co.jp>
1998-05-07 04:58:58 +00:00
Mike Smith
79cc756d8b As described by the submitter:
Reverse the VFS_VRELE patch.  Reference counting of vnodes does not need
to be done per-fs.  I noticed this while fixing vfs layering violations.
Doing reference counting in generic code is also the preference cited by
John Heidemann in recent discussions with him.

The implementation of alternative vnode management per-fs is still a valid
requirement for some filesystems but will be revisited sometime later,
most likely using a different framework.

Submitted by:	Michael Hancock <michaelh@cet.co.jp>
1998-05-06 05:29:41 +00:00
Dmitrij Tejblum
c681be377c Use DFLTBSIZE instead of MAXBSIZE for pm_fatblksize.
In msdosfs_sync: spelling fix, formatting changes; fix MNT_LAZY (sync
modified denodes, don't sync device)

Mostly submitted by (and with hints from):	bde

Increase limit for maximum disk size: as far as I can see previous limit was
gratuitously too low.
1998-04-29 12:55:51 +00:00
Bruce Evans
c1087c1324 Support compiling with `gcc -ansi'. 1998-04-15 17:47:40 +00:00
Dmitrij Tejblum
206faeeef7 Add a missing LK_RETRY.
Noticed by: Bruce (almost 2 monts ago)

Remove a debugging printf.
1998-04-15 11:04:53 +00:00
Poul-Henning Kamp
7cd5051bec Use random() rather then than homegrown stuff. 1998-04-06 11:39:04 +00:00
Andrey A. Chernov
aaf0bb1961 Print explanation diagnostics when mount is impossible
Submitted by: Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
1998-04-05 13:10:11 +00:00
Poul-Henning Kamp
00af9731c9 Time changes mark 2:
* Figure out UTC relative to boottime.  Four new functions provide
      time relative to boottime.

    * move "runtime" into struct proc.  This helps fix the calcru()
      problem in SMP.

    * kill mono_time.

    * add timespec{add|sub|cmp} macros to time.h.  (XXX: These may change!)

    * nanosleep, select & poll takes long sleeps one day at a time

Reviewed by:    bde
Tested by:      ache and others
1998-04-04 13:26:20 +00:00
Andrey A. Chernov
32d3966f1a Fix dead hang writing to FAT
Submitted by: Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
1998-03-28 07:22:03 +00:00
Poul-Henning Kamp
a0502b19d4 Add two new functions, get{micro|nano}time.
They are atomic, but return in essence what is in the "time" variable.
gettime() is now a macro front for getmicrotime().

Various patches to use the two new functions instead of the various
hacks used in their absence.

Some puntuation and grammer patches from Bruce.

A couple of XXX comments.
1998-03-26 20:54:05 +00:00
KATO Takenori
a8e4411603 Deleted 1024bytes/sector floppy code for PC-98 arch. The
1024bytes/sector code has not worked for long time and it should be
re-implemented.
1998-03-20 02:33:42 +00:00
Julian Elischer
b1897c197c Reviewed by: dyson@freebsd.org (john Dyson), dg@root.com (david greenman)
Submitted by:	Kirk McKusick (mcKusick@mckusick.com)
Obtained from:  WHistle development tree
1998-03-08 09:59:44 +00:00
Mike Smith
651ae11e2f Trivial filesystem getpages/putpages implementations, set the second.
These should be considered the first steps in a work-in-progress.
Submitted by:	Terry Lambert <terry@freebsd.org>
1998-03-06 09:46:52 +00:00
Mike Smith
3f75478c2e Patch to the last commit; attempt to unspam stuff from NetBSD.
Submitted by:	Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
1998-03-03 02:50:24 +00:00
Mike Smith
34bdbbd0de The intent is to get rid of WILLRELE in vnode_if.src by making
a complement to all ops that return a vpp, VFS_VRELE.  This is
initially only for file systems that implement the following ops
that do a WILLRELE:

	vop_create, vop_whiteout, vop_mknod, vop_remove, vop_link,
	vop_rename, vop_mkdir, vop_rmdir, vop_symlink

This is initial DNA that doesn't do anything yet.  VFS_VRELE is
implemented but not called.

A default vfs_vrele was created for fs implementations that use the
standard vnode management routines.

VFS_VRELE implementations were made for the following file systems:

Standard (vfs_vrele)
	ffs mfs nfs msdosfs devfs ext2fs

Custom
	union umapfs

Just EOPNOTSUPP
	fdesc procfs kernfs portal cd9660

These implementations may change as VOP changes are implemented.

In the next phase, in the vop implementations calls to vrele and the vrele
part of vput will be moved to the top layer vfs_vnops and made visible
to all layers.  vput will be replaced by unlock in these cases.  Unlocking
will still be done in the per fs layer but the refcount decrement will be
triggered at the top because it doesn't hurt to hold a vnode reference a
little longer.  This will have minimal impact on the structure of the
existing code.

This will only be done for vnode arguments that are released by the various
fs vop implementations.

Wider use of VFS_VRELE will likely require restructuring of the code.

Reviewed by:	phk, dyson, terry et. al.
Submitted by:	Michael Hancock <michaelh@cet.co.jp>
1998-03-01 22:46:53 +00:00
Mike Smith
ea0665cd2b Fix mmap() on msdosfs. In the words of the submitter:
|In the process of evaluating the getpages/putpages issues I discovered
|that mmap on MSDOSFS does not work. This is because I blindly merged
|NetBSD changes in msdosfs_bmap and msdosfs_strategy. Apparently, their
|blocksize is always DEV_BSIZE (even in files), while in FreeBSD
|blocksize in files is v_mount->mnt_stat.f_iosize (i.e. clustersize in
|MSDOSFS case). The patch is below.

Submitted by:	Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
1998-03-01 21:26:09 +00:00
Mike Smith
cce0eefd5a Fix a problem with the conversion of Unix filenames into the VFAT
namespace.
Submitted by:	Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
1998-02-27 12:22:22 +00:00
Mike Smith
69a36f24fb Fixes for some bugs in the VFAT/FAT32 support:
- 'mv longnamedfile1 longnamedfile2' would cause longnamedfile2 to lose its
   long name.
 - Long names have trailing spaces/dots stripped for lookup as well as
   assignment.
 - A lockup when the mdsosfs was accessed from within the Linux emulator is fixed.
 - A bug whereby long filenames were recognised by Microsoft operating systems but
   not FreeBSD is fixed.

Submitted by:	Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
1998-02-26 06:45:46 +00:00
Andrey A. Chernov
5114f1d7c6 Back out "always view in lowercase" part
Return to previous variant "comparing in lowercase" in winChkName
1998-02-24 14:13:16 +00:00