diff options
| author | Bjoern A. Zeeb <bz@FreeBSD.org> | 2009-12-13 13:57:32 +0000 |
|---|---|---|
| committer | Bjoern A. Zeeb <bz@FreeBSD.org> | 2009-12-13 13:57:32 +0000 |
| commit | de0bd6f76b4d39a09bccb18b0804ee60119a442a (patch) | |
| tree | 8d2708fb3455d0829b95b1ddc69d4a072486bf2d /sys/kern/kern_jail.c | |
| parent | e65a4ba18bc75ff9f5adb71e000ede446282622c (diff) | |
| download | src-de0bd6f76b4d39a09bccb18b0804ee60119a442a.tar.gz src-de0bd6f76b4d39a09bccb18b0804ee60119a442a.zip | |
Notes
Diffstat (limited to 'sys/kern/kern_jail.c')
| -rw-r--r-- | sys/kern/kern_jail.c | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 0cc330cd5ad4..0900541f2cc9 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -3161,7 +3161,7 @@ prison_check_af(struct ucred *cred, int af) pr = cred->cr_prison; #ifdef VIMAGE /* Prisons with their own network stack are not limited. */ - if (pr->pr_flags & PR_VNET) + if (prison_owns_vnet(cred)) return (0); #endif @@ -3222,6 +3222,11 @@ prison_if(struct ucred *cred, struct sockaddr *sa) KASSERT(cred != NULL, ("%s: cred is NULL", __func__)); KASSERT(sa != NULL, ("%s: sa is NULL", __func__)); +#ifdef VIMAGE + if (prison_owns_vnet(cred)) + return (0); +#endif + error = 0; switch (sa->sa_family) { @@ -3279,6 +3284,24 @@ jailed(struct ucred *cred) } /* + * Return 1 if the passed credential is in a jail and that jail does not + * have its own virtual network stack, otherwise 0. + */ +int +jailed_without_vnet(struct ucred *cred) +{ + + if (!jailed(cred)) + return (0); +#ifdef VIMAGE + if (prison_owns_vnet(cred)) + return (0); +#endif + + return (1); +} + +/* * Return the correct hostname (domainname, et al) for the passed credential. */ void |