003 File Manager
Current Path:
/usr/src/sys/sys
usr
/
src
/
sys
/
sys
/
📁
..
📄
_atomic64e.h
(2.91 KB)
📄
_atomic_subword.h
(7.27 KB)
📄
_bitset.h
(2.3 KB)
📄
_blockcount.h
(1.97 KB)
📄
_bus_dma.h
(2.15 KB)
📄
_callout.h
(2.68 KB)
📄
_cpuset.h
(1.76 KB)
📄
_cscan_atomic.h
(18.1 KB)
📄
_cscan_bus.h
(10.22 KB)
📄
_domainset.h
(2.04 KB)
📄
_eventhandler.h
(2.81 KB)
📄
_ffcounter.h
(1.84 KB)
📄
_iovec.h
(1.93 KB)
📄
_lock.h
(2.98 KB)
📄
_lockmgr.h
(1.82 KB)
📄
_mutex.h
(2.63 KB)
📄
_null.h
(1.7 KB)
📄
_pctrie.h
(1.65 KB)
📄
_pthreadtypes.h
(3.51 KB)
📄
_rangeset.h
(1.86 KB)
📄
_rmlock.h
(2.59 KB)
📄
_rwlock.h
(2.39 KB)
📄
_semaphore.h
(2.05 KB)
📄
_seqc.h
(160 B)
📄
_sigset.h
(2.46 KB)
📄
_smr.h
(1.94 KB)
📄
_sockaddr_storage.h
(2.37 KB)
📄
_stack.h
(1.53 KB)
📄
_stdarg.h
(2.15 KB)
📄
_stdint.h
(2.6 KB)
📄
_sx.h
(1.73 KB)
📄
_task.h
(2.62 KB)
📄
_termios.h
(7.64 KB)
📄
_timespec.h
(2 KB)
📄
_timeval.h
(1.88 KB)
📄
_types.h
(5.66 KB)
📄
_ucontext.h
(2.08 KB)
📄
_uio.h
(1.99 KB)
📄
_umtx.h
(2.5 KB)
📄
_unrhdr.h
(1.92 KB)
📄
_winsize.h
(2.14 KB)
📄
aac_ioctl.h
(7.56 KB)
📄
abi_compat.h
(2.42 KB)
📄
acct.h
(4.95 KB)
📄
acl.h
(14.62 KB)
📄
agpio.h
(5.78 KB)
📄
aio.h
(7.69 KB)
📄
alq.h
(4.5 KB)
📄
apm.h
(88 B)
📄
arb.h
(28.88 KB)
📄
assym.h
(2.7 KB)
📄
ata.h
(45.35 KB)
📄
atomic_common.h
(3.26 KB)
📄
auxv.h
(1.58 KB)
📄
backlight.h
(2.02 KB)
📄
bio.h
(6.77 KB)
📄
bitset.h
(8.53 KB)
📄
bitstring.h
(12.16 KB)
📄
blist.h
(3.74 KB)
📄
blockcount.h
(3.03 KB)
📄
boot.h
(1.8 KB)
📄
buf.h
(20.73 KB)
📄
buf_ring.h
(10.6 KB)
📄
bufobj.h
(5.03 KB)
📄
bus.h
(38.2 KB)
📄
bus_dma.h
(13.68 KB)
📄
bus_dma_internal.h
(2.42 KB)
📄
busdma_bufalloc.h
(4.7 KB)
📄
callout.h
(6.62 KB)
📄
caprights.h
(4.17 KB)
📄
capsicum.h
(17.54 KB)
📄
cdefs.h
(27.79 KB)
📄
cdio.h
(7.09 KB)
📄
cdrio.h
(4.88 KB)
📄
cfictl.h
(2.21 KB)
📄
chio.h
(9.53 KB)
📄
ck.h
(251 B)
📄
clock.h
(8.07 KB)
📄
cnv.h
(4.25 KB)
📄
compressor.h
(2.05 KB)
📄
condvar.h
(3.42 KB)
📄
conf.h
(12.4 KB)
📄
cons.h
(5.22 KB)
📄
consio.h
(14.01 KB)
📄
copyright.h
(1.97 KB)
📄
counter.h
(3.02 KB)
📄
coverage.h
(2.36 KB)
📄
cpu.h
(7.02 KB)
📄
cpuctl.h
(2.29 KB)
📄
cpuset.h
(5.93 KB)
📄
csan.h
(1.71 KB)
📄
ctype.h
(2.81 KB)
📄
devctl.h
(1.76 KB)
📄
devicestat.h
(6.97 KB)
📄
devmap.h
(4.04 KB)
📄
dirent.h
(4.78 KB)
📁
disk
📄
disk.h
(6.31 KB)
📄
disk_zone.h
(6.52 KB)
📄
disklabel.h
(4.39 KB)
📄
diskmbr.h
(1.84 KB)
📄
dkstat.h
(2.05 KB)
📄
dnv.h
(3.39 KB)
📄
domain.h
(3.64 KB)
📄
domainset.h
(5.05 KB)
📄
dtrace_bsd.h
(6.93 KB)
📄
dvdio.h
(3.43 KB)
📄
efi.h
(6.21 KB)
📄
efiio.h
(2.06 KB)
📄
elf.h
(1.6 KB)
📄
elf32.h
(7.46 KB)
📄
elf64.h
(7.79 KB)
📄
elf_common.h
(59.51 KB)
📄
elf_generic.h
(2.83 KB)
📄
endian.h
(4.98 KB)
📄
epoch.h
(4.01 KB)
📄
errno.h
(8.29 KB)
📄
eui64.h
(2.05 KB)
📄
event.h
(12.61 KB)
📄
eventfd.h
(1.86 KB)
📄
eventhandler.h
(11.8 KB)
📄
eventvar.h
(2.46 KB)
📄
exec.h
(4.56 KB)
📄
extattr.h
(4.08 KB)
📄
fail.h
(13.1 KB)
📄
fbio.h
(19.95 KB)
📄
fcntl.h
(12.02 KB)
📄
fdcio.h
(7.6 KB)
📄
file.h
(14.06 KB)
📄
filedesc.h
(12.13 KB)
📄
filio.h
(3.67 KB)
📄
firmware.h
(3.11 KB)
📄
fnv_hash.h
(1.41 KB)
📄
font.h
(3.85 KB)
📄
gmon.h
(7.16 KB)
📄
gpio.h
(9.85 KB)
📄
gpt.h
(1.51 KB)
📄
gsb_crc32.h
(998 B)
📄
gtaskqueue.h
(4.21 KB)
📄
hash.h
(3.55 KB)
📄
hhook.h
(5.86 KB)
📄
iconv.h
(8.22 KB)
📄
imgact.h
(5.22 KB)
📄
imgact_aout.h
(5.65 KB)
📄
imgact_binmisc.h
(6.95 KB)
📄
imgact_elf.h
(4.13 KB)
📄
interrupt.h
(8.07 KB)
📄
intr.h
(5.36 KB)
📄
ioccom.h
(3.82 KB)
📄
ioctl.h
(2.24 KB)
📄
ioctl_compat.h
(6.42 KB)
📄
iov.h
(11.67 KB)
📄
iov_schema.h
(2.33 KB)
📄
ipc.h
(4.93 KB)
📄
ipmi.h
(5.4 KB)
📄
jail.h
(14.98 KB)
📄
joystick.h
(2.12 KB)
📄
kbio.h
(7.81 KB)
📄
kcov.h
(2.36 KB)
📄
kdb.h
(5.04 KB)
📄
kenv.h
(2.02 KB)
📄
kern_prefetch.h
(1.67 KB)
📄
kernel.h
(16.18 KB)
📄
kerneldump.h
(4.85 KB)
📄
khelp.h
(3.08 KB)
📄
kobj.h
(6.92 KB)
📄
kpilite.h
(2.01 KB)
📄
ksem.h
(2.34 KB)
📄
kthread.h
(3.04 KB)
📄
ktls.h
(6.52 KB)
📄
ktr.h
(10.92 KB)
📄
ktr_class.h
(3.8 KB)
📄
ktrace.h
(8.13 KB)
📄
libkern.h
(7.74 KB)
📄
limits.h
(3.69 KB)
📄
link_aout.h
(10.2 KB)
📄
link_elf.h
(4.06 KB)
📄
linker.h
(11.88 KB)
📄
linker_set.h
(3.85 KB)
📄
lock.h
(12.24 KB)
📄
lock_profile.h
(2.6 KB)
📄
lockf.h
(5.55 KB)
📄
lockmgr.h
(7 KB)
📄
lockstat.h
(5.13 KB)
📄
loginclass.h
(2.08 KB)
📄
mac.h
(3.96 KB)
📄
malloc.h
(11.76 KB)
📄
mbuf.h
(50.74 KB)
📄
mchain.h
(4.21 KB)
📄
md4.h
(1.63 KB)
📄
md5.h
(1.81 KB)
📄
mdioctl.h
(3.73 KB)
📄
memdesc.h
(3.79 KB)
📄
memrange.h
(2.36 KB)
📄
mman.h
(10.41 KB)
📄
module.h
(8.77 KB)
📄
module_khelp.h
(3.45 KB)
📄
mount.h
(42.05 KB)
📄
mouse.h
(12.69 KB)
📄
mpt_ioctl.h
(4.27 KB)
📄
mqueue.h
(1.86 KB)
📄
msg.h
(4.78 KB)
📄
msgbuf.h
(3.49 KB)
📄
mtio.h
(11.94 KB)
📄
mutex.h
(19.18 KB)
📄
namei.h
(11.27 KB)
📄
nlist_aout.h
(4.23 KB)
📄
nv.h
(10.62 KB)
📄
osd.h
(4.02 KB)
📄
param.h
(12.23 KB)
📄
pciio.h
(5.67 KB)
📄
pcpu.h
(9.79 KB)
📄
pctrie.h
(5.19 KB)
📄
physmem.h
(2.92 KB)
📄
pidctrl.h
(5.44 KB)
📄
pipe.h
(4.63 KB)
📄
pmc.h
(37.29 KB)
📄
pmckern.h
(8.01 KB)
📄
pmclog.h
(9.23 KB)
📄
poll.h
(4.03 KB)
📄
posix4.h
(3.71 KB)
📄
power.h
(2.34 KB)
📄
priority.h
(4.39 KB)
📄
priv.h
(19.73 KB)
📄
prng.h
(354 B)
📄
proc.h
(50.73 KB)
📄
procctl.h
(4.89 KB)
📄
procdesc.h
(4.46 KB)
📄
procfs.h
(4.2 KB)
📄
protosw.h
(14.56 KB)
📄
ptio.h
(1.57 KB)
📄
ptrace.h
(8.61 KB)
📄
qmath.h
(22.07 KB)
📄
queue.h
(28.61 KB)
📄
racct.h
(7.48 KB)
📄
random.h
(5.41 KB)
📄
rangelock.h
(3.86 KB)
📄
rangeset.h
(2.96 KB)
📄
rctl.h
(5.91 KB)
📄
reboot.h
(3.41 KB)
📄
refcount.h
(5.72 KB)
📄
regression.h
(1.62 KB)
📄
resource.h
(5.32 KB)
📄
resourcevar.h
(6.33 KB)
📄
rman.h
(6.41 KB)
📄
rmlock.h
(5.56 KB)
📄
rtprio.h
(3.08 KB)
📄
runq.h
(2.54 KB)
📄
rwlock.h
(10.61 KB)
📄
sbuf.h
(4.68 KB)
📄
sched.h
(9.06 KB)
📄
sdt.h
(17.89 KB)
📄
select.h
(3.5 KB)
📄
selinfo.h
(2.39 KB)
📄
sem.h
(4.31 KB)
📄
sema.h
(2.61 KB)
📄
seqc.h
(3.26 KB)
📄
serial.h
(3.49 KB)
📄
sf_buf.h
(5.87 KB)
📄
sglist.h
(3.89 KB)
📄
shm.h
(5.69 KB)
📄
sigio.h
(2.83 KB)
📄
signal.h
(15.83 KB)
📄
signalvar.h
(12.95 KB)
📄
sleepqueue.h
(5.61 KB)
📄
slicer.h
(2.19 KB)
📄
smp.h
(8.88 KB)
📄
smr.h
(7.64 KB)
📄
smr_types.h
(4.87 KB)
📄
snoop.h
(1014 B)
📄
sockbuf.h
(9.9 KB)
📄
socket.h
(23.43 KB)
📄
socketvar.h
(18.75 KB)
📄
sockio.h
(7.97 KB)
📄
sockopt.h
(2.98 KB)
📄
soundcard.h
(69.38 KB)
📄
specialfd.h
(1.56 KB)
📄
spigenio.h
(2.28 KB)
📄
stack.h
(2.65 KB)
📄
stat.h
(13.44 KB)
📄
stats.h
(34.73 KB)
📄
statvfs.h
(3.08 KB)
📄
stdatomic.h
(13.94 KB)
📄
stddef.h
(1.7 KB)
📄
stdint.h
(2.63 KB)
📄
sx.h
(11.04 KB)
📄
syscall.h
(13.99 KB)
📄
syscall.mk
(6.56 KB)
📄
syscallsubr.h
(16.94 KB)
📄
sysctl.h
(47.96 KB)
📄
sysent.h
(10.82 KB)
📄
syslimits.h
(3.14 KB)
📄
syslog.h
(7.25 KB)
📄
sysproto.h
(153.38 KB)
📄
systm.h
(21.97 KB)
📄
taskqueue.h
(7.65 KB)
📄
terminal.h
(8.25 KB)
📄
termios.h
(151 B)
📄
thr.h
(2.87 KB)
📄
tiio.h
(12.62 KB)
📄
tim_filter.h
(4.61 KB)
📄
time.h
(16.87 KB)
📄
timeb.h
(2.59 KB)
📄
timeet.h
(3.65 KB)
📄
timeffc.h
(11.94 KB)
📄
timepps.h
(6.48 KB)
📄
timers.h
(3.56 KB)
📄
times.h
(2.46 KB)
📄
timespec.h
(2.4 KB)
📄
timetc.h
(3.16 KB)
📄
timex.h
(6.61 KB)
📄
tree.h
(27.93 KB)
📄
tslog.h
(2.3 KB)
📄
tty.h
(8.98 KB)
📄
ttycom.h
(6.48 KB)
📄
ttydefaults.h
(3.92 KB)
📄
ttydevsw.h
(5.28 KB)
📄
ttydisc.h
(2.93 KB)
📄
ttyhook.h
(3.98 KB)
📄
ttyqueue.h
(5.26 KB)
📄
turnstile.h
(4.83 KB)
📄
types.h
(11.64 KB)
📄
ucontext.h
(2.91 KB)
📄
ucred.h
(5.4 KB)
📄
uio.h
(4.15 KB)
📄
umtx.h
(5.94 KB)
📄
un.h
(2.96 KB)
📄
unistd.h
(7.34 KB)
📄
unpcb.h
(6.77 KB)
📄
user.h
(21.58 KB)
📄
utsname.h
(2.47 KB)
📄
uuid.h
(3.17 KB)
📄
vdso.h
(4.26 KB)
📄
vmem.h
(4.91 KB)
📄
vmmeter.h
(7.72 KB)
📄
vnode.h
(40.87 KB)
📄
vtoc.h
(89 B)
📄
wait.h
(6.11 KB)
📄
watchdog.h
(4.22 KB)
Editing: jail.h
/*- * SPDX-License-Identifier: BSD-2-Clause-FreeBSD * * Copyright (c) 1999 Poul-Henning Kamp. * Copyright (c) 2009 James Gritton. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $FreeBSD$ */ #ifndef _SYS_JAIL_H_ #define _SYS_JAIL_H_ #ifdef _KERNEL struct jail_v0 { u_int32_t version; char *path; char *hostname; u_int32_t ip_number; }; #endif struct jail { uint32_t version; char *path; char *hostname; char *jailname; uint32_t ip4s; uint32_t ip6s; struct in_addr *ip4; struct in6_addr *ip6; }; #define JAIL_API_VERSION 2 /* * For all xprison structs, always keep the pr_version an int and * the first variable so userspace can easily distinguish them. */ #ifndef _KERNEL struct xprison_v1 { int pr_version; int pr_id; char pr_path[MAXPATHLEN]; char pr_host[MAXHOSTNAMELEN]; u_int32_t pr_ip; }; #endif struct xprison { int pr_version; int pr_id; int pr_state; cpusetid_t pr_cpusetid; char pr_path[MAXPATHLEN]; char pr_host[MAXHOSTNAMELEN]; char pr_name[MAXHOSTNAMELEN]; uint32_t pr_ip4s; uint32_t pr_ip6s; #if 0 /* * sizeof(xprison) will be malloced + size needed for all * IPv4 and IPv6 addesses. Offsets are based numbers of addresses. */ struct in_addr pr_ip4[]; struct in6_addr pr_ip6[]; #endif }; #define XPRISON_VERSION 3 #define PRISON_STATE_INVALID 0 #define PRISON_STATE_ALIVE 1 #define PRISON_STATE_DYING 2 /* * Flags for jail_set and jail_get. */ #define JAIL_CREATE 0x01 /* Create jail if it doesn't exist */ #define JAIL_UPDATE 0x02 /* Update parameters of existing jail */ #define JAIL_ATTACH 0x04 /* Attach to jail upon creation */ #define JAIL_DYING 0x08 /* Allow getting a dying jail */ #define JAIL_SET_MASK 0x0f #define JAIL_GET_MASK 0x08 #define JAIL_SYS_DISABLE 0 #define JAIL_SYS_NEW 1 #define JAIL_SYS_INHERIT 2 #ifndef _KERNEL struct iovec; __BEGIN_DECLS int jail(struct jail *); int jail_set(struct iovec *, unsigned int, int); int jail_get(struct iovec *, unsigned int, int); int jail_attach(int); int jail_remove(int); __END_DECLS #else /* _KERNEL */ #include <sys/queue.h> #include <sys/sysctl.h> #include <sys/lock.h> #include <sys/mutex.h> #include <sys/_task.h> #define JAIL_MAX 999999 #ifdef MALLOC_DECLARE MALLOC_DECLARE(M_PRISON); #endif #endif /* _KERNEL */ #if defined(_KERNEL) || defined(_WANT_PRISON) #include <sys/osd.h> #define HOSTUUIDLEN 64 #define OSRELEASELEN 32 struct racct; struct prison_racct; /* * This structure describes a prison. It is pointed to by all struct * ucreds's of the inmates. pr_ref keeps track of them and is used to * delete the struture when the last inmate is dead. * * Lock key: * (a) allprison_lock * (c) set only during creation before the structure is shared, no mutex * required to read * (m) locked by pr_mtx * (p) locked by pr_mtx, and also at least shared allprison_lock required * to update * (r) atomic via refcount(9), pr_mtx required to decrement to zero */ struct prison { TAILQ_ENTRY(prison) pr_list; /* (a) all prisons */ int pr_id; /* (c) prison id */ volatile u_int pr_ref; /* (r) refcount */ volatile u_int pr_uref; /* (r) user (alive) refcount */ unsigned pr_flags; /* (p) PR_* flags */ LIST_HEAD(, prison) pr_children; /* (a) list of child jails */ LIST_ENTRY(prison) pr_sibling; /* (a) next in parent's list */ struct prison *pr_parent; /* (c) containing jail */ struct mtx pr_mtx; struct task pr_task; /* (c) destroy task */ struct osd pr_osd; /* (p) additional data */ struct cpuset *pr_cpuset; /* (p) cpuset */ struct vnet *pr_vnet; /* (c) network stack */ struct vnode *pr_root; /* (c) vnode to rdir */ int pr_ip4s; /* (p) number of v4 IPs */ int pr_ip6s; /* (p) number of v6 IPs */ struct in_addr *pr_ip4; /* (p) v4 IPs of jail */ struct in6_addr *pr_ip6; /* (p) v6 IPs of jail */ struct prison_racct *pr_prison_racct; /* (c) racct jail proxy */ void *pr_sparep[3]; int pr_childcount; /* (a) number of child jails */ int pr_childmax; /* (p) maximum child jails */ unsigned pr_allow; /* (p) PR_ALLOW_* flags */ int pr_securelevel; /* (p) securelevel */ int pr_enforce_statfs; /* (p) statfs permission */ int pr_devfs_rsnum; /* (p) devfs ruleset */ int pr_spare[3]; int pr_osreldate; /* (c) kern.osreldate value */ unsigned long pr_hostid; /* (p) jail hostid */ char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ char pr_path[MAXPATHLEN]; /* (c) chroot path */ char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */ }; struct prison_racct { LIST_ENTRY(prison_racct) prr_next; char prr_name[MAXHOSTNAMELEN]; u_int prr_refcount; struct racct *prr_racct; }; #endif /* _KERNEL || _WANT_PRISON */ #ifdef _KERNEL /* Flag bits set via options */ #define PR_PERSIST 0x00000001 /* Can exist without processes */ #define PR_HOST 0x00000002 /* Virtualize hostname et al */ #define PR_IP4_USER 0x00000004 /* Restrict IPv4 addresses */ #define PR_IP6_USER 0x00000008 /* Restrict IPv6 addresses */ #define PR_VNET 0x00000010 /* Virtual network stack */ #define PR_IP4_SADDRSEL 0x00000080 /* Do IPv4 src addr sel. or use the */ /* primary jail address. */ #define PR_IP6_SADDRSEL 0x00000100 /* Do IPv6 src addr sel. or use the */ /* primary jail address. */ /* Internal flag bits */ #define PR_REMOVE 0x01000000 /* In process of being removed */ #define PR_IP4 0x02000000 /* IPv4 restricted or disabled */ /* by this jail or an ancestor */ #define PR_IP6 0x04000000 /* IPv6 restricted or disabled */ /* by this jail or an ancestor */ /* * Flags for pr_allow * Bits not noted here may be used for dynamic allow.mount.xxxfs. */ #define PR_ALLOW_SET_HOSTNAME 0x00000001 #define PR_ALLOW_SYSVIPC 0x00000002 #define PR_ALLOW_RAW_SOCKETS 0x00000004 #define PR_ALLOW_CHFLAGS 0x00000008 #define PR_ALLOW_MOUNT 0x00000010 #define PR_ALLOW_QUOTAS 0x00000020 #define PR_ALLOW_SOCKET_AF 0x00000040 #define PR_ALLOW_MLOCK 0x00000080 #define PR_ALLOW_READ_MSGBUF 0x00000100 #define PR_ALLOW_UNPRIV_DEBUG 0x00000200 #define PR_ALLOW_SUSER 0x00000400 #define PR_ALLOW_RESERVED_PORTS 0x00008000 #define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */ #define PR_ALLOW_ALL_STATIC 0x000187ff /* * PR_ALLOW_DIFFERENCES determines which flags are able to be * different between the parent and child jail upon creation. */ #define PR_ALLOW_DIFFERENCES (PR_ALLOW_UNPRIV_DEBUG) /* * OSD methods */ #define PR_METHOD_CREATE 0 #define PR_METHOD_GET 1 #define PR_METHOD_SET 2 #define PR_METHOD_CHECK 3 #define PR_METHOD_ATTACH 4 #define PR_METHOD_REMOVE 5 #define PR_MAXMETHOD 6 /* * Lock/unlock a prison. * XXX These exist not so much for general convenience, but to be useable in * the FOREACH_PRISON_DESCENDANT_LOCKED macro which can't handle them in * non-function form as currently defined. */ static __inline void prison_lock(struct prison *pr) { mtx_lock(&pr->pr_mtx); } static __inline void prison_unlock(struct prison *pr) { mtx_unlock(&pr->pr_mtx); } /* Traverse a prison's immediate children. */ #define FOREACH_PRISON_CHILD(ppr, cpr) \ LIST_FOREACH(cpr, &(ppr)->pr_children, pr_sibling) /* * Preorder traversal of all of a prison's descendants. * This ugly loop allows the macro to be followed by a single block * as expected in a looping primitive. */ #define FOREACH_PRISON_DESCENDANT(ppr, cpr, descend) \ for ((cpr) = (ppr), (descend) = 1; \ ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ ? LIST_FIRST(&(cpr)->pr_children) \ : ((cpr) == (ppr) \ ? NULL \ : (((descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ ? LIST_NEXT(cpr, pr_sibling) \ : (cpr)->pr_parent))));) \ if (!(descend)) \ ; \ else /* * As above, but lock descendants on the way down and unlock on the way up. */ #define FOREACH_PRISON_DESCENDANT_LOCKED(ppr, cpr, descend) \ for ((cpr) = (ppr), (descend) = 1; \ ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ ? LIST_FIRST(&(cpr)->pr_children) \ : ((cpr) == (ppr) \ ? NULL \ : ((prison_unlock(cpr), \ (descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ ? LIST_NEXT(cpr, pr_sibling) \ : (cpr)->pr_parent))));) \ if ((descend) ? (prison_lock(cpr), 0) : 1) \ ; \ else /* * As above, but also keep track of the level descended to. */ #define FOREACH_PRISON_DESCENDANT_LOCKED_LEVEL(ppr, cpr, descend, level)\ for ((cpr) = (ppr), (descend) = 1, (level) = 0; \ ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ ? (level++, LIST_FIRST(&(cpr)->pr_children)) \ : ((cpr) == (ppr) \ ? NULL \ : ((prison_unlock(cpr), \ (descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ ? LIST_NEXT(cpr, pr_sibling) \ : (level--, (cpr)->pr_parent)))));) \ if ((descend) ? (prison_lock(cpr), 0) : 1) \ ; \ else /* * Attributes of the physical system, and the root of the jail tree. */ extern struct prison prison0; TAILQ_HEAD(prisonlist, prison); extern struct prisonlist allprison; extern struct sx allprison_lock; /* * Sysctls to describe jail parameters. */ SYSCTL_DECL(_security_jail_param); #define SYSCTL_JAIL_PARAM(module, param, type, fmt, descr) \ SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ (type) | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, fmt, descr) #define SYSCTL_JAIL_PARAM_STRING(module, param, access, len, descr) \ SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ CTLTYPE_STRING | CTLFLAG_MPSAFE | (access), NULL, len, \ sysctl_jail_param, "A", descr) #define SYSCTL_JAIL_PARAM_STRUCT(module, param, access, len, fmt, descr)\ SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ CTLTYPE_STRUCT | CTLFLAG_MPSAFE | (access), NULL, len, \ sysctl_jail_param, fmt, descr) #define SYSCTL_JAIL_PARAM_NODE(module, descr) \ SYSCTL_NODE(_security_jail_param, OID_AUTO, module, CTLFLAG_MPSAFE, \ 0, descr) #define SYSCTL_JAIL_PARAM_SUBNODE(parent, module, descr) \ SYSCTL_NODE(_security_jail_param_##parent, OID_AUTO, module, \ CTLFLAG_MPSAFE, 0, descr) #define SYSCTL_JAIL_PARAM_SYS_NODE(module, access, descr) \ SYSCTL_JAIL_PARAM_NODE(module, descr); \ SYSCTL_JAIL_PARAM(_##module, , CTLTYPE_INT | (access), "E,jailsys", \ descr) /* * Kernel support functions for jail(). */ struct ucred; struct mount; struct sockaddr; struct statfs; struct vfsconf; /* * Return 1 if the passed credential is in a jail, otherwise 0. */ #define jailed(cred) (cred->cr_prison != &prison0) int jailed_without_vnet(struct ucred *); void getcredhostname(struct ucred *, char *, size_t); void getcreddomainname(struct ucred *, char *, size_t); void getcredhostuuid(struct ucred *, char *, size_t); void getcredhostid(struct ucred *, unsigned long *); void getjailname(struct ucred *cred, char *name, size_t len); void prison0_init(void); int prison_allow(struct ucred *, unsigned); int prison_check(struct ucred *cred1, struct ucred *cred2); int prison_owns_vnet(struct ucred *); int prison_canseemount(struct ucred *cred, struct mount *mp); void prison_enforce_statfs(struct ucred *cred, struct mount *mp, struct statfs *sp); struct prison *prison_find(int prid); struct prison *prison_find_child(struct prison *, int); struct prison *prison_find_name(struct prison *, const char *); int prison_flag(struct ucred *, unsigned); void prison_free(struct prison *pr); void prison_free_locked(struct prison *pr); void prison_hold(struct prison *pr); void prison_hold_locked(struct prison *pr); void prison_proc_hold(struct prison *); void prison_proc_free(struct prison *); void prison_set_allow(struct ucred *cred, unsigned flag, int enable); int prison_ischild(struct prison *, struct prison *); bool prison_isalive(struct prison *); bool prison_isvalid(struct prison *); int prison_equal_ip4(struct prison *, struct prison *); int prison_get_ip4(struct ucred *cred, struct in_addr *ia); int prison_local_ip4(struct ucred *cred, struct in_addr *ia); int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); int prison_check_ip4(const struct ucred *, const struct in_addr *); int prison_check_ip4_locked(const struct prison *, const struct in_addr *); int prison_saddrsel_ip4(struct ucred *, struct in_addr *); int prison_restrict_ip4(struct prison *, struct in_addr *); int prison_qcmp_v4(const void *, const void *); #ifdef INET6 int prison_equal_ip6(struct prison *, struct prison *); int prison_get_ip6(struct ucred *, struct in6_addr *); int prison_local_ip6(struct ucred *, struct in6_addr *, int); int prison_remote_ip6(struct ucred *, struct in6_addr *); int prison_check_ip6(const struct ucred *, const struct in6_addr *); int prison_check_ip6_locked(const struct prison *, const struct in6_addr *); int prison_saddrsel_ip6(struct ucred *, struct in6_addr *); int prison_restrict_ip6(struct prison *, struct in6_addr *); int prison_qcmp_v6(const void *, const void *); #endif int prison_check_af(struct ucred *cred, int af); int prison_if(struct ucred *cred, const struct sockaddr *sa); char *prison_name(struct prison *, struct prison *); int prison_priv_check(struct ucred *cred, int priv); int sysctl_jail_param(SYSCTL_HANDLER_ARGS); unsigned prison_add_allow(const char *prefix, const char *name, const char *prefix_descr, const char *descr); void prison_add_vfs(struct vfsconf *vfsp); void prison_racct_foreach(void (*callback)(struct racct *racct, void *arg2, void *arg3), void (*pre)(void), void (*post)(void), void *arg2, void *arg3); struct prison_racct *prison_racct_find(const char *name); void prison_racct_hold(struct prison_racct *prr); void prison_racct_free(struct prison_racct *prr); #endif /* _KERNEL */ #endif /* !_SYS_JAIL_H_ */
Upload File
Create Folder