MFC r339211:

Fix the test prohibiting jails from sharing IP addresses.

It's not supposed to be legal for two jails to contain the same IP address,
unless both jails contain only that one address. This is the behavior
documented in jail(8), and is there to prevent confusion when multiple
jails are listening on IADDR_ANY.

VIMAGE jails (now the default for GENERIC kernels) test this correctly,
but non-VIMAGE jails have been performing an incomplete test when nested
jails are used.

MFC r298819:

sys/kern: spelling fixes in comments.

MFC r280130:

cred: add proc_set_cred helper

MFC r301764:

Fix a vnode leak when giving a child jail a too-long path when
debug.disablefullpath=1.

MFC r301760:

Re-order some jail parameter reading to prevent a vnode leak.

MFC r301758:

Clean up some logic in jail error messages, replacing a missing test and
a redundant test with a single correct test.

MFC r301745:

Make sure the OSD methods for jail set and remove can't run concurrently,
by holding allprison_lock exclusively (even if only for a moment before
downgrading) on all paths that call PR_METHOD_REMOVE. Since they may run
on a downgraded lock, it's still possible for them to run concurrently
with PR_METHOD_GET, which will need to use the prison lock.

MFC r300983:

Mark jail(2), and the sysctls that it (and only it) uses as deprecated.
jail(8) has long used jail_set(2), and those sysctl only cause confusion.

MFC r298565:

Add a new jail OSD method, PR_METHOD_REMOVE. It's called when a jail is
removed from the user perspective, i.e. when the last pr_uref goes away,
even though the jail mail still exist in the dying state. It will also
be called if either PR_METHOD_CREATE or PR_METHOD_SET fail.

MFC r298683:

Delay removing the last jail reference in prison_proc_free, and instead
put it off into the pr_task. This is similar to prison_free, and in fact
uses the same task even though they do something slightly different.

MFC r298566:

Pass the current/new jail to PR_METHOD_CHECK, which pushes the call
until after the jail is found or created. This requires unlocking the
jail for the call and re-locking it afterward, but that works because
nothing in the jail has been changed yet, and other processes won't
change the important fields as long as allprison_lock remains held.

Keep better track of name vs namelc in kern_jail_set. Name should
always be the hierarchical name (relative to the caller), and namelc
the last component.

MFC r298668:

Use crcopysafe in jail_attach.

PR: 48471

MFC r298564:

Remove the PR_REMOVE flag, which was meant as a temporary marker for
a jail that might be seen mid-removal. It hasn't been doing the right
thing since at least the ability to resurrect dying jails, and such
resurrection also makes it unnecessary.

MFH: 285685
Add support to the jail framework to be able to mount linsysfs(5) and linprocfs(5).

PR: 207179
Requested by: thomas@gibfest.dk
Reviewed by: jamie, bapt
Approved by: re (gjb)
Sponsored by: gandi.net
Differential Revision: https://reviews.freebsd.org/D5390

MFC r292277:

Fix jail name checking that disallowed anything that starts with '0'.
The intention was to just limit leading zeroes on numeric names. That
check is now improved to also catch the leading spaces and '+' that
strtoul can pass through.

PR: 204897

MFC r282213:

Add kern.racct.enable tunable and RACCT_DISABLED config option.
The point of this is to be able to add RACCT (with RACCT_DISABLED)
to GENERIC, to avoid having to rebuild the kernel to use rctl(8).

MFC r282901:

Build GENERIC with RACCT/RCTL support by default. Note that it still
needs to be enabled by adding "kern.racct.enable=1" to /boot/loader.conf.

Note those two are MFC-ed together, because the latter one changes the
name of RACCT_DISABLED option to RACCT_DEFAULT_TO_DISABLED. Should have
committed the renaming separately...

Relnotes: yes
Sponsored by: The FreeBSD Foundation

MFC r279361, r279395, r279396:

Allow the kern.osrelease and kern.osreldate sysctl values to be set in a
jail's creation parameters. This allows the kernel version to be reliably
spoofed within the jail whether examined directly with sysctl or
indirectly with the uname -r and -K options.

Export the new osreldate and osrelease jail parms in jail_get(2).

Fix line wrap.

MFC r277855:

Add allow.mount.fdescfs jail flag.

PR: 192951
Submitted by: ruben@verweg.com

MFC r277158:

Don't set prison's pr_ip4s or pr_ip6s to -1.

PR: 196474

MFC r271317:

Avoid unlocking unlocked mutex in RCTL jail code. Specific test case
is attached to PR.

PR: 193457
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation

MFC r259520:
Fix copy/paste typo.

MFC: r258718: fix emulated jail_v0 byte order

Approved by: re (gjb)

MFC r282213:

Add kern.racct.enable tunable and RACCT_DISABLED config option.
The point of this is to be able to add RACCT (with RACCT_DISABLED)
to GENERIC, to avoid having to rebuild the kernel to use rctl(8).

MFC r282901:

Build GENERIC with RACCT/RCTL support by default. Note that it still
needs to be enabled by adding "kern.racct.enable=1" to /boot/loader.conf.

Note those two are MFC-ed together, because the latter one changes the
name of RACCT_DISABLED option to RACCT_DEFAULT_TO_DISABLED. Should have
committed the renaming separately...

Relnotes: yes
Sponsored by: The FreeBSD Foundation

MFC r279361, r279395, r279396:

Allow the kern.osrelease and kern.osreldate sysctl values to be set in a
jail's creation parameters. This allows the kernel version to be reliably
spoofed within the jail whether examined directly with sysctl or
indirectly with the uname -r and -K options.

Export the new osreldate and osrelease jail parms in jail_get(2).

Fix line wrap.

MFC r277855:

Add allow.mount.fdescfs jail flag.

PR: 192951
Submitted by: ruben@verweg.com

MFC r277158:

Don't set prison's pr_ip4s or pr_ip6s to -1.

PR: 196474

MFC r271317:

Avoid unlocking unlocked mutex in RCTL jail code. Specific test case
is attached to PR.

PR: 193457
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation

MFC r259520:
Fix copy/paste typo.

MFC: r258718: fix emulated jail_v0 byte order

Approved by: re (gjb)