d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0304c73163
freebsd-skq/sys
History
Jamie Gritton 0304c73163 Add hierarchical jails. A jail may further virtualize its environment 
by creating a child jail, which is visible to that jail and to any
parent jails.  Child jails may be restricted more than their parents,
but never less.  Jail names reflect this hierarchy, being MIB-style
dot-separated strings.

Every thread now points to a jail, the default being prison0, which
contains information about the physical system.  Prison0's root
directory is the same as rootvnode; its hostname is the same as the
global hostname, and its securelevel replaces the global securelevel.
Note that the variable "securelevel" has actually gone away, which
should not cause any problems for code that properly uses
securelevel_gt() and securelevel_ge().

Some jail-related permissions that were kept in global variables and
set via sysctls are now per-jail settings.  The sysctls still exist for
backward compatibility, used only by the now-deprecated jail(2) system
call.

Approved by:	bz (mentor)
2009-05-27 14:11:23 +00:00
..
amd64 Don't bother reading the initial value of the machine check banks during 2009-05-20 16:11:22 +00:00
arm accumulate npe statistics and expose them through dev.npe.X.stats 2009-05-23 19:14:20 +00:00
boot Improve the accf_dns_load description. 2009-05-17 10:58:50 +00:00
bsm Merge OpenBSM 1.1 from OpenBSM vendor branch to head. 2009-04-19 16:17:13 +00:00
cam Remove dead code. 2009-05-12 16:38:32 +00:00
cddl Add the OpenSolaris dtrace lockstat provider. The lockstat provider 2009-05-26 20:28:22 +00:00
compat Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
conf Add the ksyms(4) pseudo driver. The ksyms driver allows a process to 2009-05-26 21:39:09 +00:00
contrib Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
crypto Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(), 2009-05-27 09:52:12 +00:00
ddb Prefer prototypes to k&r definitions. 2009-03-09 13:32:19 +00:00
dev Clear IFF_DRV_OACTIVE if at least one TX xen/mbuf ring slot has been freed. 2009-05-27 13:59:17 +00:00
fs Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
gdb
geom - Unbreak 64 bit platforms by casting off_t to intmax. 2009-05-26 14:15:06 +00:00
gnu Remove empty files and do nto try to build them. 2009-05-18 17:20:24 +00:00
i386 We don't need d_thread_t for cross-branch portability here anymore. 2009-05-20 16:47:40 +00:00
ia64 Rename ia64_invalidate_icache() to ia64_sync_icache(). We're 2009-05-18 18:44:54 +00:00
isa Rename statclock_disable variable to atrtcclock_disable that it actually is, 2009-05-03 17:47:21 +00:00
kern Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
kgssapi Fix build of KGSSAPI bits post-vimage. 2009-05-24 11:10:27 +00:00
legacy/dev Garbage collect legacy upgt driver now that it is available in the new 2009-05-13 17:11:25 +00:00
libkern Add memmove() to the kernel, making the kernel compile with Clang. 2009-02-28 16:21:25 +00:00
mips pmap_enter() *must* set PG_WRITEABLE on the given page if it creates a 2009-05-23 22:05:14 +00:00
modules ports urtw(4) for USB2. Additionally it supports a 8187B chipset weakly 2009-05-27 03:57:38 +00:00
net Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
net80211 Fix handling of devices w/o radiotap support: 2009-05-25 16:38:47 +00:00
netatalk Lock interface address list lock around ifaddr inserts and deletes 2009-04-19 22:01:38 +00:00
netgraph Fix copy-paste bug in NGM_NETFLOW_SETCONFIG argument size verification. 2009-05-13 02:26:34 +00:00
netinet Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
netinet6 Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
netipsec Lock SPTREE before parsing it in key_spddump() 2009-05-27 09:44:14 +00:00
netipx Staticize spx_remque() now that it's only used from spx_reass.c. 2009-05-25 13:52:51 +00:00
netnatm Replace d_thread_t * with struct thread *. 2009-05-20 17:00:16 +00:00
netncp
netsmb
nfs Add cpu_flush_dcache() for use after non-DMA based I/O so that a 2009-05-18 18:37:18 +00:00
nfsclient Make sure we feed 32bit align memory to nfsm_dissect otherwise we will fault 2009-05-24 13:22:00 +00:00
nfsserver Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
nlm Remove the unmaintained University of Michigan NFSv4 client from 8.x 2009-05-22 12:35:12 +00:00
opencrypto Fix cryptodev UIO creation. 2009-05-23 13:23:46 +00:00
pc98 Add cpu_flush_dcache() for use after non-DMA based I/O so that a 2009-05-18 18:37:18 +00:00
pci For RTL8139C+ controllers, have controller handle padding short 2009-04-20 07:13:04 +00:00
powerpc Set PG_WRITEABLE in Book-E pmap_enter[_locked] if it creates a mapping that 2009-05-26 06:24:50 +00:00
rpc Remove the unmaintained University of Michigan NFSv4 client from 8.x 2009-05-22 12:35:12 +00:00
security Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
sparc64 Add nge(4), nge(4) should work on all architectures. 2009-05-21 02:19:01 +00:00
sun4v Add cpu_flush_dcache() for use after non-DMA based I/O so that a 2009-05-18 18:37:18 +00:00
sys Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
tools Add SDT DTrace probes for VFS vnode operations in the vfs:vop 2009-03-29 03:30:15 +00:00
ufs Add hierarchical jails. A jail may further virtualize its environment 2009-05-27 14:11:23 +00:00
vm - back out direct map hack 2009-05-19 01:14:37 +00:00
xdr Add memmove() to the kernel, making the kernel compile with Clang. 2009-02-28 16:21:25 +00:00
xen Fix the Xen build for i386 PV mode. 2009-04-01 17:06:28 +00:00
Makefile Remove the unmaintained University of Michigan NFSv4 client from 8.x 2009-05-22 12:35:12 +00:00