diff options
author | Joel Sherrill <joel.sherrill@oarcorp.com> | 2012-03-08 07:25:21 -0600 |
---|---|---|
committer | Joel Sherrill <joel.sherrill@oarcorp.com> | 2012-03-08 07:25:21 -0600 |
commit | e2d2bf579b8d9ac67c1fdf0ad419b22860b93b35 (patch) | |
tree | 4f285040086226090aa9f664e011ffd8ced0a03a /freebsd/sys/jail.h | |
parent | Add wish list for freebsd-to-rtems.py (diff) | |
download | rtems-libbsd-e2d2bf579b8d9ac67c1fdf0ad419b22860b93b35.tar.bz2 |
Move rtems/freebsd to freebsd and contrib to freebsd/contrib
Diffstat (limited to 'freebsd/sys/jail.h')
-rw-r--r-- | freebsd/sys/jail.h | 385 |
1 files changed, 385 insertions, 0 deletions
diff --git a/freebsd/sys/jail.h b/freebsd/sys/jail.h new file mode 100644 index 00000000..af690132 --- /dev/null +++ b/freebsd/sys/jail.h @@ -0,0 +1,385 @@ +/*- + * Copyright (c) 1999 Poul-Henning Kamp. + * Copyright (c) 2009 James Gritton. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _SYS_JAIL_HH_ +#define _SYS_JAIL_HH_ + +#ifdef _KERNEL +struct jail_v0 { + u_int32_t version; + char *path; + char *hostname; + u_int32_t ip_number; +}; +#endif + +struct jail { + uint32_t version; + char *path; + char *hostname; + char *jailname; + uint32_t ip4s; + uint32_t ip6s; + struct in_addr *ip4; + struct in6_addr *ip6; +}; +#define JAIL_API_VERSION 2 + +/* + * For all xprison structs, always keep the pr_version an int and + * the first variable so userspace can easily distinguish them. + */ +#ifndef _KERNEL +struct xprison_v1 { + int pr_version; + int pr_id; + char pr_path[MAXPATHLEN]; + char pr_host[MAXHOSTNAMELEN]; + u_int32_t pr_ip; +}; +#endif + +struct xprison { + int pr_version; + int pr_id; + int pr_state; + cpusetid_t pr_cpusetid; + char pr_path[MAXPATHLEN]; + char pr_host[MAXHOSTNAMELEN]; + char pr_name[MAXHOSTNAMELEN]; + uint32_t pr_ip4s; + uint32_t pr_ip6s; +#if 0 + /* + * sizeof(xprison) will be malloced + size needed for all + * IPv4 and IPv6 addesses. Offsets are based numbers of addresses. + */ + struct in_addr pr_ip4[]; + struct in6_addr pr_ip6[]; +#endif +}; +#define XPRISON_VERSION 3 + +#define PRISON_STATE_INVALID 0 +#define PRISON_STATE_ALIVE 1 +#define PRISON_STATE_DYING 2 + +/* + * Flags for jail_set and jail_get. + */ +#define JAIL_CREATE 0x01 /* Create jail if it doesn't exist */ +#define JAIL_UPDATE 0x02 /* Update parameters of existing jail */ +#define JAIL_ATTACH 0x04 /* Attach to jail upon creation */ +#define JAIL_DYING 0x08 /* Allow getting a dying jail */ +#define JAIL_SET_MASK 0x0f +#define JAIL_GET_MASK 0x08 + +#define JAIL_SYS_DISABLE 0 +#define JAIL_SYS_NEW 1 +#define JAIL_SYS_INHERIT 2 + +#ifndef _KERNEL + +struct iovec; + +int jail(struct jail *); +int jail_set(struct iovec *, unsigned int, int); +int jail_get(struct iovec *, unsigned int, int); +int jail_attach(int); +int jail_remove(int); + +#else /* _KERNEL */ + +#include <rtems/freebsd/sys/queue.h> +#include <rtems/freebsd/sys/sysctl.h> +#include <rtems/freebsd/sys/lock.h> +#include <rtems/freebsd/sys/mutex.h> +#include <rtems/freebsd/sys/_task.h> + +#define JAIL_MAX 999999 + +#ifdef MALLOC_DECLARE +MALLOC_DECLARE(M_PRISON); +#endif +#endif /* _KERNEL */ + +#if defined(_KERNEL) || defined(_WANT_PRISON) + +#include <rtems/freebsd/sys/osd.h> + +#define HOSTUUIDLEN 64 + +/* + * This structure describes a prison. It is pointed to by all struct + * ucreds's of the inmates. pr_ref keeps track of them and is used to + * delete the struture when the last inmate is dead. + * + * Lock key: + * (a) allprison_lock + * (p) locked by pr_mtx + * (c) set only during creation before the structure is shared, no mutex + * required to read + * (d) set only during destruction of jail, no mutex needed + */ +struct prison { + TAILQ_ENTRY(prison) pr_list; /* (a) all prisons */ + int pr_id; /* (c) prison id */ + int pr_ref; /* (p) refcount */ + int pr_uref; /* (p) user (alive) refcount */ + unsigned pr_flags; /* (p) PR_* flags */ + LIST_HEAD(, prison) pr_children; /* (a) list of child jails */ + LIST_ENTRY(prison) pr_sibling; /* (a) next in parent's list */ + struct prison *pr_parent; /* (c) containing jail */ + struct mtx pr_mtx; + struct task pr_task; /* (d) destroy task */ + struct osd pr_osd; /* (p) additional data */ + struct cpuset *pr_cpuset; /* (p) cpuset */ + struct vnet *pr_vnet; /* (c) network stack */ + struct vnode *pr_root; /* (c) vnode to rdir */ + int pr_ip4s; /* (p) number of v4 IPs */ + int pr_ip6s; /* (p) number of v6 IPs */ + struct in_addr *pr_ip4; /* (p) v4 IPs of jail */ + struct in6_addr *pr_ip6; /* (p) v6 IPs of jail */ + void *pr_sparep[4]; + int pr_childcount; /* (a) number of child jails */ + int pr_childmax; /* (p) maximum child jails */ + unsigned pr_allow; /* (p) PR_ALLOW_* flags */ + int pr_securelevel; /* (p) securelevel */ + int pr_enforce_statfs; /* (p) statfs permission */ + int pr_spare[5]; + unsigned long pr_hostid; /* (p) jail hostid */ + char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ + char pr_path[MAXPATHLEN]; /* (c) chroot path */ + char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ + char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ + char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ +}; +#endif /* _KERNEL || _WANT_PRISON */ + +#ifdef _KERNEL +/* Flag bits set via options */ +#define PR_PERSIST 0x00000001 /* Can exist without processes */ +#define PR_HOST 0x00000002 /* Virtualize hostname et al */ +#define PR_IP4_USER 0x00000004 /* Restrict IPv4 addresses */ +#define PR_IP6_USER 0x00000008 /* Restrict IPv6 addresses */ +#define PR_VNET 0x00000010 /* Virtual network stack */ +#define PR_IP4_DISABLE 0x00000020 /* Disable IPv4 */ +#define PR_IP6_DISABLE 0x00000040 /* Disable IPv6 */ +#define PR_IP4_SADDRSEL 0x00000080 /* Do IPv4 src addr sel. or use the */ + /* primary jail address. */ +#define PR_IP6_SADDRSEL 0x00000100 /* Do IPv6 src addr sel. or use the */ + /* primary jail address. */ + +/* Internal flag bits */ +#define PR_REMOVE 0x01000000 /* In process of being removed */ +#define PR_IP4 0x02000000 /* IPv4 restricted or disabled */ + /* by this jail or an ancestor */ +#define PR_IP6 0x04000000 /* IPv6 restricted or disabled */ + /* by this jail or an ancestor */ + +/* Flags for pr_allow */ +#define PR_ALLOW_SET_HOSTNAME 0x0001 +#define PR_ALLOW_SYSVIPC 0x0002 +#define PR_ALLOW_RAW_SOCKETS 0x0004 +#define PR_ALLOW_CHFLAGS 0x0008 +#define PR_ALLOW_MOUNT 0x0010 +#define PR_ALLOW_QUOTAS 0x0020 +#define PR_ALLOW_SOCKET_AF 0x0040 +#define PR_ALLOW_ALL 0x007f + +/* + * OSD methods + */ +#define PR_METHOD_CREATE 0 +#define PR_METHOD_GET 1 +#define PR_METHOD_SET 2 +#define PR_METHOD_CHECK 3 +#define PR_METHOD_ATTACH 4 +#define PR_MAXMETHOD 5 + +/* + * Lock/unlock a prison. + * XXX These exist not so much for general convenience, but to be useable in + * the FOREACH_PRISON_DESCENDANT_LOCKED macro which can't handle them in + * non-function form as currently defined. + */ +static __inline void +prison_lock(struct prison *pr) +{ + + mtx_lock(&pr->pr_mtx); +} + +static __inline void +prison_unlock(struct prison *pr) +{ + + mtx_unlock(&pr->pr_mtx); +} + +/* Traverse a prison's immediate children. */ +#define FOREACH_PRISON_CHILD(ppr, cpr) \ + LIST_FOREACH(cpr, &(ppr)->pr_children, pr_sibling) + +/* + * Preorder traversal of all of a prison's descendants. + * This ugly loop allows the macro to be followed by a single block + * as expected in a looping primitive. + */ +#define FOREACH_PRISON_DESCENDANT(ppr, cpr, descend) \ + for ((cpr) = (ppr), (descend) = 1; \ + ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ + ? LIST_FIRST(&(cpr)->pr_children) \ + : ((cpr) == (ppr) \ + ? NULL \ + : (((descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ + ? LIST_NEXT(cpr, pr_sibling) \ + : (cpr)->pr_parent))));) \ + if (!(descend)) \ + ; \ + else + +/* + * As above, but lock descendants on the way down and unlock on the way up. + */ +#define FOREACH_PRISON_DESCENDANT_LOCKED(ppr, cpr, descend) \ + for ((cpr) = (ppr), (descend) = 1; \ + ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ + ? LIST_FIRST(&(cpr)->pr_children) \ + : ((cpr) == (ppr) \ + ? NULL \ + : ((prison_unlock(cpr), \ + (descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ + ? LIST_NEXT(cpr, pr_sibling) \ + : (cpr)->pr_parent))));) \ + if ((descend) ? (prison_lock(cpr), 0) : 1) \ + ; \ + else + +/* + * As above, but also keep track of the level descended to. + */ +#define FOREACH_PRISON_DESCENDANT_LOCKED_LEVEL(ppr, cpr, descend, level)\ + for ((cpr) = (ppr), (descend) = 1, (level) = 0; \ + ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ + ? (level++, LIST_FIRST(&(cpr)->pr_children)) \ + : ((cpr) == (ppr) \ + ? NULL \ + : ((prison_unlock(cpr), \ + (descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ + ? LIST_NEXT(cpr, pr_sibling) \ + : (level--, (cpr)->pr_parent)))));) \ + if ((descend) ? (prison_lock(cpr), 0) : 1) \ + ; \ + else + +/* + * Attributes of the physical system, and the root of the jail tree. + */ +extern struct prison prison0; + +TAILQ_HEAD(prisonlist, prison); +extern struct prisonlist allprison; +extern struct sx allprison_lock; + +/* + * Sysctls to describe jail parameters. + */ +SYSCTL_DECL(_security_jail_param); + +#define SYSCTL_JAIL_PARAM(module, param, type, fmt, descr) \ + SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ + (type) | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, fmt, descr) +#define SYSCTL_JAIL_PARAM_STRING(module, param, access, len, descr) \ + SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ + CTLTYPE_STRING | CTLFLAG_MPSAFE | (access), NULL, len, \ + sysctl_jail_param, "A", descr) +#define SYSCTL_JAIL_PARAM_STRUCT(module, param, access, len, fmt, descr)\ + SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ + CTLTYPE_STRUCT | CTLFLAG_MPSAFE | (access), NULL, len, \ + sysctl_jail_param, fmt, descr) +#define SYSCTL_JAIL_PARAM_NODE(module, descr) \ + SYSCTL_NODE(_security_jail_param, OID_AUTO, module, 0, 0, descr) +#define SYSCTL_JAIL_PARAM_SYS_NODE(module, access, descr) \ + SYSCTL_JAIL_PARAM_NODE(module, descr); \ + SYSCTL_JAIL_PARAM(_##module, , CTLTYPE_INT | (access), "E,jailsys", \ + descr) + +/* + * Kernel support functions for jail(). + */ +struct ucred; +struct mount; +struct sockaddr; +struct statfs; +int jailed(struct ucred *cred); +int jailed_without_vnet(struct ucred *); +void getcredhostname(struct ucred *, char *, size_t); +void getcreddomainname(struct ucred *, char *, size_t); +void getcredhostuuid(struct ucred *, char *, size_t); +void getcredhostid(struct ucred *, unsigned long *); +int prison_allow(struct ucred *, unsigned); +int prison_check(struct ucred *cred1, struct ucred *cred2); +int prison_owns_vnet(struct ucred *); +int prison_canseemount(struct ucred *cred, struct mount *mp); +void prison_enforce_statfs(struct ucred *cred, struct mount *mp, + struct statfs *sp); +struct prison *prison_find(int prid); +struct prison *prison_find_child(struct prison *, int); +struct prison *prison_find_name(struct prison *, const char *); +int prison_flag(struct ucred *, unsigned); +void prison_free(struct prison *pr); +void prison_free_locked(struct prison *pr); +void prison_hold(struct prison *pr); +void prison_hold_locked(struct prison *pr); +void prison_proc_hold(struct prison *); +void prison_proc_free(struct prison *); +int prison_ischild(struct prison *, struct prison *); +int prison_equal_ip4(struct prison *, struct prison *); +int prison_get_ip4(struct ucred *cred, struct in_addr *ia); +int prison_local_ip4(struct ucred *cred, struct in_addr *ia); +int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); +int prison_check_ip4(struct ucred *cred, struct in_addr *ia); +int prison_saddrsel_ip4(struct ucred *, struct in_addr *); +#ifdef INET6 +int prison_equal_ip6(struct prison *, struct prison *); +int prison_get_ip6(struct ucred *, struct in6_addr *); +int prison_local_ip6(struct ucred *, struct in6_addr *, int); +int prison_remote_ip6(struct ucred *, struct in6_addr *); +int prison_check_ip6(struct ucred *, struct in6_addr *); +int prison_saddrsel_ip6(struct ucred *, struct in6_addr *); +#endif +int prison_check_af(struct ucred *cred, int af); +int prison_if(struct ucred *cred, struct sockaddr *sa); +char *prison_name(struct prison *, struct prison *); +int prison_priv_check(struct ucred *cred, int priv); +int sysctl_jail_param(struct sysctl_oid *, void *, int , struct sysctl_req *); + +#endif /* _KERNEL */ +#endif /* !_SYS_JAIL_HH_ */ |