#
339410 |
|
17-Oct-2018 |
jamie |
MFC r339211:
Fix the test prohibiting jails from sharing IP addresses.
It's not supposed to be legal for two jails to contain the same IP address, unless both jails contain only that one address. This is the behavior documented in jail(8), and is there to prevent confusion when multiple jails are listening on IADDR_ANY.
VIMAGE jails (now the default for GENERIC kernels) test this correctly, but non-VIMAGE jails have been performing an incomplete test when nested jails are used.
|
#
302234 |
|
27-Jun-2016 |
bdrewery |
MFC r298819:
sys/kern: spelling fixes in comments.
|
#
302229 |
|
27-Jun-2016 |
bdrewery |
MFC r280130:
cred: add proc_set_cred helper
|
#
301910 |
|
15-Jun-2016 |
jamie |
MFC r301764:
Fix a vnode leak when giving a child jail a too-long path when debug.disablefullpath=1.
|
#
301909 |
|
15-Jun-2016 |
jamie |
MFC r301760:
Re-order some jail parameter reading to prevent a vnode leak.
|
#
301908 |
|
15-Jun-2016 |
jamie |
MFC r301758:
Clean up some logic in jail error messages, replacing a missing test and a redundant test with a single correct test.
|
#
301907 |
|
14-Jun-2016 |
jamie |
MFC r301745:
Make sure the OSD methods for jail set and remove can't run concurrently, by holding allprison_lock exclusively (even if only for a moment before downgrading) on all paths that call PR_METHOD_REMOVE. Since they may run on a downgraded lock, it's still possible for them to run concurrently with PR_METHOD_GET, which will need to use the prison lock.
|
#
301905 |
|
15-Jun-2016 |
jamie |
MFC r300983:
Mark jail(2), and the sysctls that it (and only it) uses as deprecated. jail(8) has long used jail_set(2), and those sysctl only cause confusion.
|
#
298833 |
|
30-Apr-2016 |
jamie |
MFC r298565:
Add a new jail OSD method, PR_METHOD_REMOVE. It's called when a jail is removed from the user perspective, i.e. when the last pr_uref goes away, even though the jail mail still exist in the dying state. It will also be called if either PR_METHOD_CREATE or PR_METHOD_SET fail.
MFC r298683:
Delay removing the last jail reference in prison_proc_free, and instead put it off into the pr_task. This is similar to prison_free, and in fact uses the same task even though they do something slightly different.
MFC r298566:
Pass the current/new jail to PR_METHOD_CHECK, which pushes the call until after the jail is found or created. This requires unlocking the jail for the call and re-locking it afterward, but that works because nothing in the jail has been changed yet, and other processes won't change the important fields as long as allprison_lock remains held.
Keep better track of name vs namelc in kern_jail_set. Name should always be the hierarchical name (relative to the caller), and namelc the last component.
MFC r298668:
Use crcopysafe in jail_attach.
PR: 48471
|
#
298832 |
|
30-Apr-2016 |
jamie |
MFC r298564:
Remove the PR_REMOVE flag, which was meant as a temporary marker for a jail that might be seen mid-removal. It hasn't been doing the right thing since at least the ability to resurrect dying jails, and such resurrection also makes it unnecessary.
|
#
295951 |
|
24-Feb-2016 |
araujo |
MFH: 285685 Add support to the jail framework to be able to mount linsysfs(5) and linprocfs(5).
PR: 207179 Requested by: thomas@gibfest.dk Reviewed by: jamie, bapt Approved by: re (gjb) Sponsored by: gandi.net Differential Revision: https://reviews.freebsd.org/D5390
|
#
292416 |
|
17-Dec-2015 |
jamie |
MFC r292277:
Fix jail name checking that disallowed anything that starts with '0'. The intention was to just limit leading zeroes on numeric names. That check is now improved to also catch the leading spaces and '+' that strtoul can pass through.
PR: 204897
|
#
284665 |
|
21-Jun-2015 |
trasz |
MFC r282213:
Add kern.racct.enable tunable and RACCT_DISABLED config option. The point of this is to be able to add RACCT (with RACCT_DISABLED) to GENERIC, to avoid having to rebuild the kernel to use rctl(8).
MFC r282901:
Build GENERIC with RACCT/RCTL support by default. Note that it still needs to be enabled by adding "kern.racct.enable=1" to /boot/loader.conf.
Note those two are MFC-ed together, because the latter one changes the name of RACCT_DISABLED option to RACCT_DEFAULT_TO_DISABLED. Should have committed the renaming separately...
Relnotes: yes Sponsored by: The FreeBSD Foundation
|
#
280632 |
|
25-Mar-2015 |
ian |
MFC r279361, r279395, r279396:
Allow the kern.osrelease and kern.osreldate sysctl values to be set in a jail's creation parameters. This allows the kernel version to be reliably spoofed within the jail whether examined directly with sysctl or indirectly with the uname -r and -K options.
Export the new osreldate and osrelease jail parms in jail_get(2).
Fix line wrap.
|
#
277985 |
|
31-Jan-2015 |
jamie |
MFC r277855:
Add allow.mount.fdescfs jail flag.
PR: 192951 Submitted by: ruben@verweg.com
|
#
277279 |
|
16-Jan-2015 |
jamie |
MFC r277158:
Don't set prison's pr_ip4s or pr_ip6s to -1.
PR: 196474
|
#
271622 |
|
15-Sep-2014 |
trasz |
MFC r271317:
Avoid unlocking unlocked mutex in RCTL jail code. Specific test case is attached to PR.
PR: 193457 Approved by: re (kib) Sponsored by: The FreeBSD Foundation
|
#
259847 |
|
24-Dec-2013 |
ae |
MFC r259520: Fix copy/paste typo.
|
#
258929 |
|
04-Dec-2013 |
peter |
MFC: r258718: fix emulated jail_v0 byte order
Approved by: re (gjb)
|
#
284665 |
|
21-Jun-2015 |
trasz |
MFC r282213:
Add kern.racct.enable tunable and RACCT_DISABLED config option. The point of this is to be able to add RACCT (with RACCT_DISABLED) to GENERIC, to avoid having to rebuild the kernel to use rctl(8).
MFC r282901:
Build GENERIC with RACCT/RCTL support by default. Note that it still needs to be enabled by adding "kern.racct.enable=1" to /boot/loader.conf.
Note those two are MFC-ed together, because the latter one changes the name of RACCT_DISABLED option to RACCT_DEFAULT_TO_DISABLED. Should have committed the renaming separately...
Relnotes: yes Sponsored by: The FreeBSD Foundation
|
#
280632 |
|
25-Mar-2015 |
ian |
MFC r279361, r279395, r279396:
Allow the kern.osrelease and kern.osreldate sysctl values to be set in a jail's creation parameters. This allows the kernel version to be reliably spoofed within the jail whether examined directly with sysctl or indirectly with the uname -r and -K options.
Export the new osreldate and osrelease jail parms in jail_get(2).
Fix line wrap.
|
#
277985 |
|
31-Jan-2015 |
jamie |
MFC r277855:
Add allow.mount.fdescfs jail flag.
PR: 192951 Submitted by: ruben@verweg.com
|
#
277279 |
|
16-Jan-2015 |
jamie |
MFC r277158:
Don't set prison's pr_ip4s or pr_ip6s to -1.
PR: 196474
|
#
271622 |
|
15-Sep-2014 |
trasz |
MFC r271317:
Avoid unlocking unlocked mutex in RCTL jail code. Specific test case is attached to PR.
PR: 193457 Approved by: re (kib) Sponsored by: The FreeBSD Foundation
|
#
259847 |
|
24-Dec-2013 |
ae |
MFC r259520: Fix copy/paste typo.
|
#
258929 |
|
04-Dec-2013 |
peter |
MFC: r258718: fix emulated jail_v0 byte order
Approved by: re (gjb)
|