diff options
Diffstat (limited to 'sys/sys/jail.h')
| -rw-r--r-- | sys/sys/jail.h | 87 |
1 files changed, 80 insertions, 7 deletions
diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 08bc8406eadf..5fab37a93a35 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -13,21 +13,74 @@ #ifndef _SYS_JAIL_H_ #define _SYS_JAIL_H_ -struct jail { +#ifdef _KERNEL +struct jail_v0 { u_int32_t version; char *path; char *hostname; u_int32_t ip_number; }; +#endif + +struct jail { + uint32_t version; + char *path; + char *hostname; + char *jailname; + uint32_t ip4s; + uint32_t ip6s; + struct in_addr *ip4; + struct in6_addr *ip6; +}; +#define JAIL_API_VERSION 2 + +/* + * For all xprison structs, always keep the pr_version an int and + * the first variable so userspace can easily distinguish them. + */ +#ifndef _KERNEL +struct xprison_v1 { + int pr_version; + int pr_id; + char pr_path[MAXPATHLEN]; + char pr_host[MAXHOSTNAMELEN]; + u_int32_t pr_ip; +}; +#endif struct xprison { int pr_version; int pr_id; + int pr_state; + cpusetid_t pr_cpusetid; char pr_path[MAXPATHLEN]; char pr_host[MAXHOSTNAMELEN]; - u_int32_t pr_ip; + char pr_name[MAXHOSTNAMELEN]; + uint32_t pr_ip4s; + uint32_t pr_ip6s; +#if 0 + /* + * sizeof(xprison) will be malloced + size needed for all + * IPv4 and IPv6 addesses. Offsets are based numbers of addresses. + */ + struct in_addr pr_ip4[]; + struct in6_addr pr_ip6[]; +#endif +}; +#define XPRISON_VERSION 3 + +static const struct prison_state { + int pr_state; + const char * state_name; +} prison_states[] = { +#define PRISON_STATE_INVALID 0 + { PRISON_STATE_INVALID, "INVALID" }, +#define PRISON_STATE_ALIVE 1 + { PRISON_STATE_ALIVE, "ALIVE" }, +#define PRISON_STATE_DYING 2 + { PRISON_STATE_DYING, "DYING" }, }; -#define XPRISON_VERSION 1 + #ifndef _KERNEL @@ -52,6 +105,8 @@ MALLOC_DECLARE(M_PRISON); #include <sys/osd.h> +struct cpuset; + /* * This structure describes a prison. It is pointed to by all struct * ucreds's of the inmates. pr_ref keeps track of them and is used to @@ -68,15 +123,22 @@ struct prison { LIST_ENTRY(prison) pr_list; /* (a) all prisons */ int pr_id; /* (c) prison id */ int pr_ref; /* (p) refcount */ + int pr_state; /* (p) prison state */ + int pr_nprocs; /* (p) process count */ char pr_path[MAXPATHLEN]; /* (c) chroot path */ + struct cpuset *pr_cpuset; /* (p) cpuset */ struct vnode *pr_root; /* (c) vnode to rdir */ char pr_host[MAXHOSTNAMELEN]; /* (p) jail hostname */ - u_int32_t pr_ip; /* (c) ip addr host */ + char pr_name[MAXHOSTNAMELEN]; /* (c) admin jail name */ void *pr_linux; /* (p) linux abi */ int pr_securelevel; /* (p) securelevel */ struct task pr_task; /* (d) destroy task */ struct mtx pr_mtx; struct osd pr_osd; /* (p) additional data */ + int pr_ip4s; /* (c) number of v4 IPs */ + struct in_addr *pr_ip4; /* (c) v4 IPs of jail */ + int pr_ip6s; /* (c) number of v6 IPs */ + struct in6_addr *pr_ip6; /* (c) v6 IPs of jail */ }; #endif /* _KERNEL || _WANT_PRISON */ @@ -104,6 +166,8 @@ struct ucred; struct mount; struct sockaddr; struct statfs; +struct thread; +int kern_jail(struct thread *, struct jail *); int jailed(struct ucred *cred); void getcredhostname(struct ucred *cred, char *, size_t); int prison_check(struct ucred *cred1, struct ucred *cred2); @@ -113,13 +177,22 @@ void prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct prison *prison_find(int prid); void prison_free(struct prison *pr); void prison_free_locked(struct prison *pr); -u_int32_t prison_getip(struct ucred *cred); void prison_hold(struct prison *pr); void prison_hold_locked(struct prison *pr); +void prison_proc_hold(struct prison *); +void prison_proc_free(struct prison *); +int prison_getip4(struct ucred *cred, struct in_addr *ia); +int prison_local_ip4(struct ucred *cred, struct in_addr *ia); +int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); +int prison_check_ip4(struct ucred *cred, struct in_addr *ia); +#ifdef INET6 +int prison_getip6(struct ucred *, struct in6_addr *); +int prison_local_ip6(struct ucred *, struct in6_addr *, int); +int prison_remote_ip6(struct ucred *, struct in6_addr *); +int prison_check_ip6(struct ucred *, struct in6_addr *); +#endif int prison_if(struct ucred *cred, struct sockaddr *sa); -int prison_ip(struct ucred *cred, int flag, u_int32_t *ip); int prison_priv_check(struct ucred *cred, int priv); -void prison_remote_ip(struct ucred *cred, int flags, u_int32_t *ip); /* * Kernel jail services. |