jail.h revision 295951
1/*- 2 * Copyright (c) 1999 Poul-Henning Kamp. 3 * Copyright (c) 2009 James Gritton. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * 27 * $FreeBSD: stable/10/sys/sys/jail.h 295951 2016-02-24 02:34:11Z araujo $ 28 */ 29 30#ifndef _SYS_JAIL_H_ 31#define _SYS_JAIL_H_ 32 33#ifdef _KERNEL 34struct jail_v0 { 35 u_int32_t version; 36 char *path; 37 char *hostname; 38 u_int32_t ip_number; 39}; 40#endif 41 42struct jail { 43 uint32_t version; 44 char *path; 45 char *hostname; 46 char *jailname; 47 uint32_t ip4s; 48 uint32_t ip6s; 49 struct in_addr *ip4; 50 struct in6_addr *ip6; 51}; 52#define JAIL_API_VERSION 2 53 54/* 55 * For all xprison structs, always keep the pr_version an int and 56 * the first variable so userspace can easily distinguish them. 57 */ 58#ifndef _KERNEL 59struct xprison_v1 { 60 int pr_version; 61 int pr_id; 62 char pr_path[MAXPATHLEN]; 63 char pr_host[MAXHOSTNAMELEN]; 64 u_int32_t pr_ip; 65}; 66#endif 67 68struct xprison { 69 int pr_version; 70 int pr_id; 71 int pr_state; 72 cpusetid_t pr_cpusetid; 73 char pr_path[MAXPATHLEN]; 74 char pr_host[MAXHOSTNAMELEN]; 75 char pr_name[MAXHOSTNAMELEN]; 76 uint32_t pr_ip4s; 77 uint32_t pr_ip6s; 78#if 0 79 /* 80 * sizeof(xprison) will be malloced + size needed for all 81 * IPv4 and IPv6 addesses. Offsets are based numbers of addresses. 82 */ 83 struct in_addr pr_ip4[]; 84 struct in6_addr pr_ip6[]; 85#endif 86}; 87#define XPRISON_VERSION 3 88 89#define PRISON_STATE_INVALID 0 90#define PRISON_STATE_ALIVE 1 91#define PRISON_STATE_DYING 2 92 93/* 94 * Flags for jail_set and jail_get. 95 */ 96#define JAIL_CREATE 0x01 /* Create jail if it doesn't exist */ 97#define JAIL_UPDATE 0x02 /* Update parameters of existing jail */ 98#define JAIL_ATTACH 0x04 /* Attach to jail upon creation */ 99#define JAIL_DYING 0x08 /* Allow getting a dying jail */ 100#define JAIL_SET_MASK 0x0f 101#define JAIL_GET_MASK 0x08 102 103#define JAIL_SYS_DISABLE 0 104#define JAIL_SYS_NEW 1 105#define JAIL_SYS_INHERIT 2 106 107#ifndef _KERNEL 108 109struct iovec; 110 111int jail(struct jail *); 112int jail_set(struct iovec *, unsigned int, int); 113int jail_get(struct iovec *, unsigned int, int); 114int jail_attach(int); 115int jail_remove(int); 116 117#else /* _KERNEL */ 118 119#include <sys/queue.h> 120#include <sys/sysctl.h> 121#include <sys/lock.h> 122#include <sys/mutex.h> 123#include <sys/_task.h> 124 125#define JAIL_MAX 999999 126 127#ifdef MALLOC_DECLARE 128MALLOC_DECLARE(M_PRISON); 129#endif 130#endif /* _KERNEL */ 131 132#if defined(_KERNEL) || defined(_WANT_PRISON) 133 134#include <sys/osd.h> 135 136#define HOSTUUIDLEN 64 137#define OSRELEASELEN 32 138 139struct racct; 140struct prison_racct; 141 142/* 143 * This structure describes a prison. It is pointed to by all struct 144 * ucreds's of the inmates. pr_ref keeps track of them and is used to 145 * delete the struture when the last inmate is dead. 146 * 147 * Lock key: 148 * (a) allprison_lock 149 * (p) locked by pr_mtx 150 * (c) set only during creation before the structure is shared, no mutex 151 * required to read 152 * (d) set only during destruction of jail, no mutex needed 153 */ 154struct prison { 155 TAILQ_ENTRY(prison) pr_list; /* (a) all prisons */ 156 int pr_id; /* (c) prison id */ 157 int pr_ref; /* (p) refcount */ 158 int pr_uref; /* (p) user (alive) refcount */ 159 unsigned pr_flags; /* (p) PR_* flags */ 160 LIST_HEAD(, prison) pr_children; /* (a) list of child jails */ 161 LIST_ENTRY(prison) pr_sibling; /* (a) next in parent's list */ 162 struct prison *pr_parent; /* (c) containing jail */ 163 struct mtx pr_mtx; 164 struct task pr_task; /* (d) destroy task */ 165 struct osd pr_osd; /* (p) additional data */ 166 struct cpuset *pr_cpuset; /* (p) cpuset */ 167 struct vnet *pr_vnet; /* (c) network stack */ 168 struct vnode *pr_root; /* (c) vnode to rdir */ 169 int pr_ip4s; /* (p) number of v4 IPs */ 170 int pr_ip6s; /* (p) number of v6 IPs */ 171 struct in_addr *pr_ip4; /* (p) v4 IPs of jail */ 172 struct in6_addr *pr_ip6; /* (p) v6 IPs of jail */ 173 struct prison_racct *pr_prison_racct; /* (c) racct jail proxy */ 174 void *pr_sparep[3]; 175 int pr_childcount; /* (a) number of child jails */ 176 int pr_childmax; /* (p) maximum child jails */ 177 unsigned pr_allow; /* (p) PR_ALLOW_* flags */ 178 int pr_securelevel; /* (p) securelevel */ 179 int pr_enforce_statfs; /* (p) statfs permission */ 180 int pr_devfs_rsnum; /* (p) devfs ruleset */ 181 int pr_spare[3]; 182 int pr_osreldate; /* (c) kern.osreldate value */ 183 unsigned long pr_hostid; /* (p) jail hostid */ 184 char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */ 185 char pr_path[MAXPATHLEN]; /* (c) chroot path */ 186 char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */ 187 char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */ 188 char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */ 189 char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */ 190}; 191 192struct prison_racct { 193 LIST_ENTRY(prison_racct) prr_next; 194 char prr_name[MAXHOSTNAMELEN]; 195 u_int prr_refcount; 196 struct racct *prr_racct; 197}; 198#endif /* _KERNEL || _WANT_PRISON */ 199 200#ifdef _KERNEL 201/* Flag bits set via options */ 202#define PR_PERSIST 0x00000001 /* Can exist without processes */ 203#define PR_HOST 0x00000002 /* Virtualize hostname et al */ 204#define PR_IP4_USER 0x00000004 /* Restrict IPv4 addresses */ 205#define PR_IP6_USER 0x00000008 /* Restrict IPv6 addresses */ 206#define PR_VNET 0x00000010 /* Virtual network stack */ 207#define PR_IP4_DISABLE 0x00000020 /* Disable IPv4 */ 208#define PR_IP6_DISABLE 0x00000040 /* Disable IPv6 */ 209#define PR_IP4_SADDRSEL 0x00000080 /* Do IPv4 src addr sel. or use the */ 210 /* primary jail address. */ 211#define PR_IP6_SADDRSEL 0x00000100 /* Do IPv6 src addr sel. or use the */ 212 /* primary jail address. */ 213 214/* Internal flag bits */ 215#define PR_REMOVE 0x01000000 /* In process of being removed */ 216#define PR_IP4 0x02000000 /* IPv4 restricted or disabled */ 217 /* by this jail or an ancestor */ 218#define PR_IP6 0x04000000 /* IPv6 restricted or disabled */ 219 /* by this jail or an ancestor */ 220 221/* Flags for pr_allow */ 222#define PR_ALLOW_SET_HOSTNAME 0x0001 223#define PR_ALLOW_SYSVIPC 0x0002 224#define PR_ALLOW_RAW_SOCKETS 0x0004 225#define PR_ALLOW_CHFLAGS 0x0008 226#define PR_ALLOW_MOUNT 0x0010 227#define PR_ALLOW_QUOTAS 0x0020 228#define PR_ALLOW_SOCKET_AF 0x0040 229#define PR_ALLOW_MOUNT_DEVFS 0x0080 230#define PR_ALLOW_MOUNT_NULLFS 0x0100 231#define PR_ALLOW_MOUNT_ZFS 0x0200 232#define PR_ALLOW_MOUNT_PROCFS 0x0400 233#define PR_ALLOW_MOUNT_TMPFS 0x0800 234#define PR_ALLOW_MOUNT_FDESCFS 0x1000 235#define PR_ALLOW_MOUNT_LINPROCFS 0x2000 236#define PR_ALLOW_MOUNT_LINSYSFS 0x4000 237#define PR_ALLOW_ALL 0x7fff 238 239/* 240 * OSD methods 241 */ 242#define PR_METHOD_CREATE 0 243#define PR_METHOD_GET 1 244#define PR_METHOD_SET 2 245#define PR_METHOD_CHECK 3 246#define PR_METHOD_ATTACH 4 247#define PR_MAXMETHOD 5 248 249/* 250 * Lock/unlock a prison. 251 * XXX These exist not so much for general convenience, but to be useable in 252 * the FOREACH_PRISON_DESCENDANT_LOCKED macro which can't handle them in 253 * non-function form as currently defined. 254 */ 255static __inline void 256prison_lock(struct prison *pr) 257{ 258 259 mtx_lock(&pr->pr_mtx); 260} 261 262static __inline void 263prison_unlock(struct prison *pr) 264{ 265 266 mtx_unlock(&pr->pr_mtx); 267} 268 269/* Traverse a prison's immediate children. */ 270#define FOREACH_PRISON_CHILD(ppr, cpr) \ 271 LIST_FOREACH(cpr, &(ppr)->pr_children, pr_sibling) 272 273/* 274 * Preorder traversal of all of a prison's descendants. 275 * This ugly loop allows the macro to be followed by a single block 276 * as expected in a looping primitive. 277 */ 278#define FOREACH_PRISON_DESCENDANT(ppr, cpr, descend) \ 279 for ((cpr) = (ppr), (descend) = 1; \ 280 ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ 281 ? LIST_FIRST(&(cpr)->pr_children) \ 282 : ((cpr) == (ppr) \ 283 ? NULL \ 284 : (((descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ 285 ? LIST_NEXT(cpr, pr_sibling) \ 286 : (cpr)->pr_parent))));) \ 287 if (!(descend)) \ 288 ; \ 289 else 290 291/* 292 * As above, but lock descendants on the way down and unlock on the way up. 293 */ 294#define FOREACH_PRISON_DESCENDANT_LOCKED(ppr, cpr, descend) \ 295 for ((cpr) = (ppr), (descend) = 1; \ 296 ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ 297 ? LIST_FIRST(&(cpr)->pr_children) \ 298 : ((cpr) == (ppr) \ 299 ? NULL \ 300 : ((prison_unlock(cpr), \ 301 (descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ 302 ? LIST_NEXT(cpr, pr_sibling) \ 303 : (cpr)->pr_parent))));) \ 304 if ((descend) ? (prison_lock(cpr), 0) : 1) \ 305 ; \ 306 else 307 308/* 309 * As above, but also keep track of the level descended to. 310 */ 311#define FOREACH_PRISON_DESCENDANT_LOCKED_LEVEL(ppr, cpr, descend, level)\ 312 for ((cpr) = (ppr), (descend) = 1, (level) = 0; \ 313 ((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \ 314 ? (level++, LIST_FIRST(&(cpr)->pr_children)) \ 315 : ((cpr) == (ppr) \ 316 ? NULL \ 317 : ((prison_unlock(cpr), \ 318 (descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \ 319 ? LIST_NEXT(cpr, pr_sibling) \ 320 : (level--, (cpr)->pr_parent)))));) \ 321 if ((descend) ? (prison_lock(cpr), 0) : 1) \ 322 ; \ 323 else 324 325/* 326 * Attributes of the physical system, and the root of the jail tree. 327 */ 328extern struct prison prison0; 329 330TAILQ_HEAD(prisonlist, prison); 331extern struct prisonlist allprison; 332extern struct sx allprison_lock; 333 334/* 335 * Sysctls to describe jail parameters. 336 */ 337SYSCTL_DECL(_security_jail_param); 338 339#define SYSCTL_JAIL_PARAM(module, param, type, fmt, descr) \ 340 SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ 341 (type) | CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, fmt, descr) 342#define SYSCTL_JAIL_PARAM_STRING(module, param, access, len, descr) \ 343 SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ 344 CTLTYPE_STRING | CTLFLAG_MPSAFE | (access), NULL, len, \ 345 sysctl_jail_param, "A", descr) 346#define SYSCTL_JAIL_PARAM_STRUCT(module, param, access, len, fmt, descr)\ 347 SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \ 348 CTLTYPE_STRUCT | CTLFLAG_MPSAFE | (access), NULL, len, \ 349 sysctl_jail_param, fmt, descr) 350#define SYSCTL_JAIL_PARAM_NODE(module, descr) \ 351 SYSCTL_NODE(_security_jail_param, OID_AUTO, module, 0, 0, descr) 352#define SYSCTL_JAIL_PARAM_SUBNODE(parent, module, descr) \ 353 SYSCTL_NODE(_security_jail_param_##parent, OID_AUTO, module, 0, 0, descr) 354#define SYSCTL_JAIL_PARAM_SYS_NODE(module, access, descr) \ 355 SYSCTL_JAIL_PARAM_NODE(module, descr); \ 356 SYSCTL_JAIL_PARAM(_##module, , CTLTYPE_INT | (access), "E,jailsys", \ 357 descr) 358 359/* 360 * Kernel support functions for jail(). 361 */ 362struct ucred; 363struct mount; 364struct sockaddr; 365struct statfs; 366int jailed(struct ucred *cred); 367int jailed_without_vnet(struct ucred *); 368void getcredhostname(struct ucred *, char *, size_t); 369void getcreddomainname(struct ucred *, char *, size_t); 370void getcredhostuuid(struct ucred *, char *, size_t); 371void getcredhostid(struct ucred *, unsigned long *); 372void prison0_init(void); 373int prison_allow(struct ucred *, unsigned); 374int prison_check(struct ucred *cred1, struct ucred *cred2); 375int prison_owns_vnet(struct ucred *); 376int prison_canseemount(struct ucred *cred, struct mount *mp); 377void prison_enforce_statfs(struct ucred *cred, struct mount *mp, 378 struct statfs *sp); 379struct prison *prison_find(int prid); 380struct prison *prison_find_child(struct prison *, int); 381struct prison *prison_find_name(struct prison *, const char *); 382int prison_flag(struct ucred *, unsigned); 383void prison_free(struct prison *pr); 384void prison_free_locked(struct prison *pr); 385void prison_hold(struct prison *pr); 386void prison_hold_locked(struct prison *pr); 387void prison_proc_hold(struct prison *); 388void prison_proc_free(struct prison *); 389int prison_ischild(struct prison *, struct prison *); 390int prison_equal_ip4(struct prison *, struct prison *); 391int prison_get_ip4(struct ucred *cred, struct in_addr *ia); 392int prison_local_ip4(struct ucred *cred, struct in_addr *ia); 393int prison_remote_ip4(struct ucred *cred, struct in_addr *ia); 394int prison_check_ip4(struct ucred *cred, struct in_addr *ia); 395int prison_saddrsel_ip4(struct ucred *, struct in_addr *); 396#ifdef INET6 397int prison_equal_ip6(struct prison *, struct prison *); 398int prison_get_ip6(struct ucred *, struct in6_addr *); 399int prison_local_ip6(struct ucred *, struct in6_addr *, int); 400int prison_remote_ip6(struct ucred *, struct in6_addr *); 401int prison_check_ip6(struct ucred *, struct in6_addr *); 402int prison_saddrsel_ip6(struct ucred *, struct in6_addr *); 403#endif 404int prison_check_af(struct ucred *cred, int af); 405int prison_if(struct ucred *cred, struct sockaddr *sa); 406char *prison_name(struct prison *, struct prison *); 407int prison_priv_check(struct ucred *cred, int priv); 408int sysctl_jail_param(SYSCTL_HANDLER_ARGS); 409void prison_racct_foreach(void (*callback)(struct racct *racct, 410 void *arg2, void *arg3), void *arg2, void *arg3); 411struct prison_racct *prison_racct_find(const char *name); 412void prison_racct_hold(struct prison_racct *prr); 413void prison_racct_free(struct prison_racct *prr); 414 415#endif /* _KERNEL */ 416#endif /* !_SYS_JAIL_H_ */ 417