Hi,
I want to check credentials of the thread setting the IP address
with SIOCAIFADDR ioctl.
If the thread is jailed (jailed(td_ucred) == 1), I'm applying some checks
on ip address.
My expectation was that (cred->cr_prison != &prison0) for an ifconfig call
made by the jail.
However, it is showing me some weird behavior. Here are the logs for a
tweaked kernel:
@@ -339,7 +343,7 @@ in_control(struct socket *so, u_long cmd, void *data,
struct ifnet *ifp,
return (EADDRNOTAVAIL);
struct ucred *cred = (td != NULL) ? td->td_ucred : NULL;
-
+ printf("in_control jailed? %d jid %d prison_owns_vnet?
%d\n",jailed(cred),cred->cr_prison->pr_id,prison_owns_vnet(cred));
# jexec 1 ifconfig epair0b inet 169.254.123.101/24 up
Dmesg logs:
*[256] in_control jailed? 0 jid 0 prison_owns_vnet? 1*
Cred value indicates host and jail is 0 but the PR_VNET flag is set.
Is this behavior expected? or something going wrong - what's the next debug
step?
I greatly appreciate your help!
Thanks,
Shivank
