Author: jamie
Date: Tue Dec 15 20:56:35 2020
New Revision: 368676
URL: https://svnweb.freebsd.org/changeset/base/368676
Log:
Bugfix to not hide jailparam flags, which for example changes the output
"vnet=2" to the less opaque "vnet=inherit"
Reported by: kevans
MFC after:5 days
Mod
Author: jamie
Date: Sat Aug 29 22:24:41 2020
New Revision: 364970
URL: https://svnweb.freebsd.org/changeset/base/364970
Log:
Add __BEGIN_DECLS to jail.h to keep C++ happy.
PR: 238928
Reported by: yuri@
Modified:
head/sys/sys/jail.h
Modified: head/sys/sys/jail.h
Author: jamie
Date: Thu Aug 27 17:04:55 2020
New Revision: 364874
URL: https://svnweb.freebsd.org/changeset/base/364874
Log:
Disregard jails in jail.conf that have bad parameters (parameter/variable
clash, or redefining name/jid). The current behvaior, of merely warning
and moving on, can l
Author: jamie
Date: Thu Aug 27 00:17:17 2020
New Revision: 364850
URL: https://svnweb.freebsd.org/changeset/base/364850
Log:
Don't allow jail.conf variables to have the same names as jail parameters.
It was already not allowed in many cases, but crashed instead of giving an
error.
PR:
Author: jamie
Date: Wed Aug 26 18:35:32 2020
New Revision: 364828
URL: https://svnweb.freebsd.org/changeset/base/364828
Log:
Back out r364791 to unbreak jails. Lesson learned: "compile and test" means
running the test on the same executable that you just compiled.
PR: 248444
Author: jamie
Date: Wed Aug 26 00:42:59 2020
New Revision: 364791
URL: https://svnweb.freebsd.org/changeset/base/364791
Log:
Handle jail.conf variables that have the same names as parameters.
PR: 248444
Submitted by: Akos Somfai
Reported by: Markus Stoff
Modified:
head/usr
Author: jamie
Date: Tue Nov 27 17:51:50 2018
New Revision: 341084
URL: https://svnweb.freebsd.org/changeset/base/341084
Log:
In hardened systems, where the security.bsd.unprivileged_proc_debug sysctl
node is set, allow setting security.bsd.unprivileged_proc_debug per-jail.
In part, this is n
Author: jamie
Date: Thu Oct 18 15:02:57 2018
New Revision: 339420
URL: https://svnweb.freebsd.org/changeset/base/339420
Log:
Fix typos from r339409.
Reported by: maxim
Approved by: re (gjb)
Modified:
head/sys/kern/kern_jail.c
head/usr.sbin/jail/jail.8
Modified: head/sys/kern/kern_
Author: jamie
Date: Wed Oct 17 16:11:43 2018
New Revision: 339409
URL: https://svnweb.freebsd.org/changeset/base/339409
Log:
Add a new jail permission, allow.read_msgbuf. When true, jailed processes
can see the dmesg buffer (this is the current behavior). When false (the
new default), dmes
Author: jamie
Date: Sat Oct 6 02:10:32 2018
New Revision: 339211
URL: https://svnweb.freebsd.org/changeset/base/339211
Log:
Fix the test prohibiting jails from sharing IP addresses.
It's not supposed to be legal for two jails to contain the same IP address,
unless both jails contain only
Author: jamie
Date: Thu Aug 16 19:09:43 2018
New Revision: 337925
URL: https://svnweb.freebsd.org/changeset/base/337925
Log:
Revert r337922, except for some documention-only bits. This needs to wait
until user is changed to stop using jail(2).
Differential Revision:D14791
Modifi
Author: jamie
Date: Thu Aug 16 18:40:16 2018
New Revision: 337922
URL: https://svnweb.freebsd.org/changeset/base/337922
Log:
Put jail(2) under COMPAT_FREEBSD11. It has been the "old" way of creating
jails since FreeBSD 7.
Along with the system call, put the various security.jail.allow_fo
Author: jamie
Date: Thu Aug 16 18:30:49 2018
New Revision: 337919
URL: https://svnweb.freebsd.org/changeset/base/337919
Log:
security.jail.enforce_statfs is handled by jail_set(2), so handling it in
userspace jail(8) is redundant.
Differential Revision:D14791
Modified:
head/usr
Author: jamie
Date: Wed Aug 15 20:23:17 2018
New Revision: 337867
URL: https://svnweb.freebsd.org/changeset/base/337867
Log:
Don't let clobber jailparam values when checking for modification of
init-only parameters.
Compare string parameter values with strncmp, not memcmp.
PR:
Author: jamie
Date: Fri Jul 6 18:50:22 2018
New Revision: 336038
URL: https://svnweb.freebsd.org/changeset/base/336038
Log:
Change prison_add_vfs() to the more generic prison_add_allow(), which
can add any dynamic allow.* or allow.*.* parameter. Also keep
prison_add_vfs() as a wrapper.
Author: jamie
Date: Fri Jul 6 16:23:30 2018
New Revision: 336035
URL: https://svnweb.freebsd.org/changeset/base/336035
Log:
Missed a bit of doc change from r335921.
PR: 229266
Modified:
head/usr.bin/cpuset/cpuset.1
Modified: head/usr.bin/cpuset/cpuset.1
==
Author: jamie
Date: Tue Jul 3 23:47:20 2018
New Revision: 335921
URL: https://svnweb.freebsd.org/changeset/base/335921
Log:
Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't wo
Author: jamie
Date: Fri May 4 20:54:27 2018
New Revision: 333263
URL: https://svnweb.freebsd.org/changeset/base/333263
Log:
Make it easier for filesystems to count themselves as jail-enabled,
by doing most of the work in a new function prison_add_vfs in kern_jail.c
Now a jail-enabled filesy
Author: jamie
Date: Wed Mar 21 23:50:46 2018
New Revision: 331332
URL: https://svnweb.freebsd.org/changeset/base/331332
Log:
If a jail parameter isn't found, try loading a related kernel module.
Modified:
head/lib/libjail/jail.c
Modified: head/lib/libjail/jail.c
=
Author: jamie
Date: Tue Mar 20 23:08:42 2018
New Revision: 331278
URL: https://svnweb.freebsd.org/changeset/base/331278
Log:
Represent boolean jail options as an array of structures containing the
flag and both the regular and "no" names, instead of two different string
arrays whose indices
Author: jamie
Date: Sat Mar 10 20:13:07 2018
New Revision: 330743
URL: https://svnweb.freebsd.org/changeset/base/330743
Log:
Don't warn when the "hostname" rc variable is unset, but the hostname
is already non-empty (common in jails).
Modified:
head/etc/rc.d/hostname
head/share/man/man5/r
Author: jamie
Date: Mon Jul 31 15:29:44 2017
New Revision: 321796
URL: https://svnweb.freebsd.org/changeset/base/321796
Log:
Add myself to the birthday calendar.
Reminded by: mckusick
Modified:
head/usr.bin/calendar/calendars/calendar.freebsd
Modified: head/usr.bin/calendar/calendars/c
Author: jamie
Date: Mon Mar 27 13:37:40 2017
New Revision: 316023
URL: https://svnweb.freebsd.org/changeset/base/316023
Log:
Same as r316022 (Fix hexadecimal escape codes in jail.conf(5)),
but do it right this time.
Reported by: Kyle Evans
MFC after:3 days
Modified:
head/usr.sb
Author: jamie
Date: Mon Mar 27 13:27:39 2017
New Revision: 316022
URL: https://svnweb.freebsd.org/changeset/base/316022
Log:
Fix hexadecimal escape codes in jail.conf(5).
PR: 218154
Submitted by: Masahiro Konishi
MFC after:3 days
Modified:
head/usr.sbin/jail/jaillex.l
Author: jamie
Date: Sat Dec 24 23:51:27 2016
New Revision: 310530
URL: https://svnweb.freebsd.org/changeset/base/310530
Log:
Improve IP address list representation in libxo output.
Extract decision-making about special-case printing of certain
jail parameters into a function.
Refacto
Author: jamie
Date: Thu Jul 14 20:17:08 2016
New Revision: 302857
URL: https://svnweb.freebsd.org/changeset/base/302857
Log:
Start jails non-parallel if jail_parallel_start is NO. This was true
for an explicitly specified jail list; now it's also true for all jails.
PR: 209112
Author: jamie
Date: Thu Jul 14 20:15:55 2016
New Revision: 302856
URL: https://svnweb.freebsd.org/changeset/base/302856
Log:
Fix up the order in which jail creation processes are run, to preserve
the config file's order in the non-parallel-start case.
PR: 209112
MFC after:
Author: jamie
Date: Thu Jul 14 19:51:54 2016
New Revision: 302855
URL: https://svnweb.freebsd.org/changeset/base/302855
Log:
Wait for jails to complete startup if jail_parallel_start is YES,
instead of assuming they'll take less than one second.
PR: 203172
Submitted by: dmitry
Author: jamie
Date: Thu Jun 9 21:59:11 2016
New Revision: 301764
URL: https://svnweb.freebsd.org/changeset/base/301764
Log:
Fix a vnode leak when giving a child jail a too-long path when
debug.disablefullpath=1.
Modified:
head/sys/kern/kern_jail.c
Modified: head/sys/kern/kern_jail.c
=
Author: jamie
Date: Thu Jun 9 20:43:14 2016
New Revision: 301760
URL: https://svnweb.freebsd.org/changeset/base/301760
Log:
Re-order some jail parameter reading to prevent a vnode leak.
Modified:
head/sys/kern/kern_jail.c
Modified: head/sys/kern/kern_jail.c
=
Author: jamie
Date: Thu Jun 9 20:39:57 2016
New Revision: 301758
URL: https://svnweb.freebsd.org/changeset/base/301758
Log:
Clean up some logic in jail error messages, replacing a missing test and
a redundant test with a single correct test.
Modified:
head/sys/kern/kern_jail.c
Modified: h
Author: jamie
Date: Thu Jun 9 16:41:41 2016
New Revision: 301745
URL: https://svnweb.freebsd.org/changeset/base/301745
Log:
Make sure the OSD methods for jail set and remove can't run concurrently,
by holding allprison_lock exclusively (even if only for a moment before
downgrading) on all p
Author: jamie
Date: Thu Jun 9 15:34:33 2016
New Revision: 301737
URL: https://svnweb.freebsd.org/changeset/base/301737
Log:
Remove a comment that was part of copied code, and is misleading in
the new location.
Modified:
head/sys/kern/sysv_msg.c
Modified: head/sys/kern/sysv_msg.c
=
Author: jamie
Date: Mon May 30 05:21:24 2016
New Revision: 300983
URL: https://svnweb.freebsd.org/changeset/base/300983
Log:
Mark jail(2), and the sysctls that it (and only it) uses as deprecated.
jail(8) has long used jail_set(2), and those sysctl only cause confusion.
Modified:
head/lib/l
Author: jamie
Date: Sun May 1 16:48:03 2016
New Revision: 29
URL: https://svnweb.freebsd.org/changeset/base/29
Log:
typo
Submitted by: Jimmy Olgeni
Modified:
head/usr.sbin/jail/jail.8
Modified: head/usr.sbin/jail/jail.8
==
Author: jamie
Date: Sat Apr 30 21:27:41 2016
New Revision: 298863
URL: https://svnweb.freebsd.org/changeset/base/298863
Log:
Clarify when happens when there is a "depend" parameter in jail.conf,
and how this affects the "jail_list" option in rc.conf.
Modified:
head/share/man/man5/rc.conf.5
Author: jamie
Date: Wed Apr 27 02:25:21 2016
New Revision: 298683
URL: https://svnweb.freebsd.org/changeset/base/298683
Log:
Delay revmoing the last jail reference in prison_proc_free, and instead
put it off into the pr_task. This is similar to prison_free, and in fact
uses the same task ev
Author: jamie
Date: Tue Apr 26 21:19:12 2016
New Revision: 298668
URL: https://svnweb.freebsd.org/changeset/base/298668
Log:
Use crcopysafe in jail_attach.
Modified:
head/sys/kern/kern_jail.c
Modified: head/sys/kern/kern_jail.c
Author: jamie
Date: Tue Apr 26 18:17:44 2016
New Revision: 298656
URL: https://svnweb.freebsd.org/changeset/base/298656
Log:
Redo the changes to the SYSV IPC sysctl functions from r298585, so they
don't (mis)use sbufs.
PR: 48471
Modified:
head/sys/kern/sysv_msg.c
head/sys/k
Author: jamie
Date: Mon Apr 25 22:30:10 2016
New Revision: 298597
URL: https://svnweb.freebsd.org/changeset/base/298597
Log:
Fix the logic in r298585: shm_prison_cansee returns an errno, so is
the opposite of a boolean.
PR: 48471
Modified:
head/sys/kern/sysv_shm.c
Modified:
Author: jamie
Date: Mon Apr 25 17:06:50 2016
New Revision: 298585
URL: https://svnweb.freebsd.org/changeset/base/298585
Log:
Encapsulate SYSV IPC objects in jails. Define per-module parameters
sysvmsg, sysvsem, and sysvshm, with the following bahavior:
inherit: allow full access to the I
Author: jamie
Date: Mon Apr 25 17:01:13 2016
New Revision: 298584
URL: https://svnweb.freebsd.org/changeset/base/298584
Log:
Note the existence of module-specific jail paramters, starting with the
linux.* parameters when linux emulation is loaded.
MFC after:5 days
Modified:
head/us
Author: jamie
Date: Mon Apr 25 06:08:45 2016
New Revision: 298573
URL: https://svnweb.freebsd.org/changeset/base/298573
Log:
linux_map_osrel doesn't need to be checked in linux_prison_set,
since it already was in linux_prison_check.
Modified:
head/sys/compat/linux/linux_mib.c
Modified: hea
Author: jamie
Date: Mon Apr 25 04:36:54 2016
New Revision: 298567
URL: https://svnweb.freebsd.org/changeset/base/298567
Log:
Use the new PR_METHOD_REMOVE to clean up jail handling in POSIX
message queues.
Modified:
head/sys/kern/uipc_mqueue.c
Modified: head/sys/kern/uipc_mqueue.c
=
Author: jamie
Date: Mon Apr 25 04:27:58 2016
New Revision: 298566
URL: https://svnweb.freebsd.org/changeset/base/298566
Log:
Pass the current/new jail to PR_METHOD_CHECK, which pushes the call
until after the jail is found or created. This requires unlocking the
jail for the call and re-loc
Author: jamie
Date: Mon Apr 25 04:24:00 2016
New Revision: 298565
URL: https://svnweb.freebsd.org/changeset/base/298565
Log:
Add a new jail OSD method, PR_METHOD_REMOVE. It's called when a jail is
removed from the user perspective, i.e. when the last pr_uref goes away,
even though the jail
Author: jamie
Date: Mon Apr 25 03:58:08 2016
New Revision: 298564
URL: https://svnweb.freebsd.org/changeset/base/298564
Log:
Remove the PR_REMOVE flag, which was meant as a temporary marker for
a jail that might be seen mid-removal. It hasn't been doing the right
thing since at least the ab
Author: jamie
Date: Mon Apr 25 03:24:48 2016
New Revision: 298562
URL: https://svnweb.freebsd.org/changeset/base/298562
Log:
Make jail(8) interpret escape codes in fstab the same as getfsent(3).
PR: 208663
MFC after:3 days
Modified:
head/usr.sbin/jail/command.c
Modified:
Author: jamie
Date: Sat Apr 23 16:23:01 2016
New Revision: 298516
URL: https://svnweb.freebsd.org/changeset/base/298516
Log:
Don't remove the /var/run/jail_name.id file if a jail fails to start.
This messes up ezjail (and possibly others), when attempting to start
a jail that already exists.
Author: jamie
Date: Thu Apr 14 17:07:26 2016
New Revision: 297976
URL: https://svnweb.freebsd.org/changeset/base/297976
Log:
Clean up some style(9) violations.
Modified:
head/sys/kern/uipc_mqueue.c
head/sys/kern/uipc_sem.c
head/sys/kern/uipc_shm.c
Modified: head/sys/kern/uipc_mqueue.c
==
Author: jamie
Date: Wed Apr 13 20:15:49 2016
New Revision: 297936
URL: https://svnweb.freebsd.org/changeset/base/297936
Log:
Separate POSIX mqueue objects in jails; actually, separate them by the
jail's root, so jails that don't have their own filesystem directory
also won't have their own m
Author: jamie
Date: Wed Apr 13 20:14:13 2016
New Revision: 297935
URL: https://svnweb.freebsd.org/changeset/base/297935
Log:
Separate POSIX sem/shm objects in jails, by prepending the jail's path
name to the object's "path". While the objects don't have real path
names, it's a filesystem-li
Author: jamie
Date: Wed Mar 30 17:05:04 2016
New Revision: 297424
URL: https://svnweb.freebsd.org/changeset/base/297424
Log:
Use osd_reserve / osd_jail_set_reserved, which is known to succeed.
Also don't work around nonexistent osd_register failure.
Modified:
head/sys/compat/linux/linux_mib
Author: jamie
Date: Wed Mar 30 16:57:28 2016
New Revision: 297422
URL: https://svnweb.freebsd.org/changeset/base/297422
Log:
Add osd_reserve() and osd_set_reserved(), which allow M_WAITOK allocation
of an OSD array,
Modified:
head/share/man/man9/osd.9
head/sys/kern/kern_osd.c
head/sys/s
Author: jamie
Date: Mon Mar 28 22:18:37 2016
New Revision: 297367
URL: https://svnweb.freebsd.org/changeset/base/297367
Log:
Move the various per-type arrays of OSD data into a single structure array.
Modified:
head/sys/kern/kern_osd.c
Modified: head/sys/kern/kern_osd.c
=
Author: jamie
Date: Wed Feb 10 14:48:49 2016
New Revision: 295468
URL: https://svnweb.freebsd.org/changeset/base/295468
Log:
Remove man page references to rndassociates.com, which has been taken over
by a domain squatter.
Modified:
head/lib/libc/sys/jail.2
head/usr.sbin/jail/jail.8
head
Author: jamie
Date: Mon Jan 25 22:14:31 2016
New Revision: 294749
URL: https://svnweb.freebsd.org/changeset/base/294749
Log:
Allow the (old rc-style) exec_afterstart jail parameters to start numbering
at 0, like exec_prestart and the others do. Make param0 optional, i.e.
still look for para
Author: jamie
Date: Sat Jan 16 22:32:57 2016
New Revision: 294196
URL: https://svnweb.freebsd.org/changeset/base/294196
Log:
Don't bother checking an ip[46].addr netmask/prefixlen. This is already
handled by ifconfig, and it was doing it wrong when the paramater included
extra ifconfig opti
Author: jamie
Date: Sat Jan 16 18:13:28 2016
New Revision: 294183
URL: https://svnweb.freebsd.org/changeset/base/294183
Log:
Clear errno before calling getpw*.
Modified:
head/usr.sbin/jail/command.c
Modified: head/usr.sbin/jail/command.c
==
Author: jamie
Date: Sat Dec 26 23:01:34 2015
New Revision: 292759
URL: https://svnweb.freebsd.org/changeset/base/292759
Log:
Let old-style (shell-based) jail configuration handle jail names that
contain characters not allowed in a shell variable (such as "-").
These will be replaced by an un
Author: jamie
Date: Tue Dec 15 17:25:00 2015
New Revision: 292277
URL: https://svnweb.freebsd.org/changeset/base/292277
Log:
Fix jail name checking that disallowed anything that starts with '0'.
The intention was to just limit leading zeroes on numeric names. That
check is now improved to a
Author: jamie
Date: Sat Aug 22 05:04:36 2015
New Revision: 287012
URL: https://svnweb.freebsd.org/changeset/base/287012
Log:
Make pkill/pgrep -j ARG take jname, not just jid.
PR: 201588
Submitted by: Daniel Shahaf
MFC after:3 days
Modified:
head/bin/pkill/Makefile
he
Author: jamie
Date: Sun Jul 12 17:03:50 2015
New Revision: 285420
URL: https://svnweb.freebsd.org/changeset/base/285420
Log:
Run a shell in the jail when no command is specified.
Add a new flag, -l, for a clean environment, same as jail(8) exec.clean.
Change the GET_USER_INFO macro into a fu
Author: jamie
Date: Sun Feb 22 00:00:10 2015
New Revision: 279123
URL: https://svnweb.freebsd.org/changeset/base/279123
Log:
Allow for parameters added with the JP_OPT flag to not exist.
That's why the flag exists in the first place.
MFC after:1 week
Modified:
head/usr.sbin/jls/jls
Author: jamie
Date: Fri Feb 20 20:12:05 2015
New Revision: 279083
URL: https://svnweb.freebsd.org/changeset/base/279083
Log:
Fix the logic for skipping parameters (with -s) that have "jailsys"
parents (such as host.hostname); these were being skipped all the time.
That it went this long with
Author: jamie
Date: Fri Feb 20 19:48:24 2015
New Revision: 279081
URL: https://svnweb.freebsd.org/changeset/base/279081
Log:
Allow parameters listed on the command line to override the -v option,
instead of crashing.
PR: 197701
MFC after:1 week
Modified:
head/usr.sbin/j
Author: jamie
Date: Tue Feb 10 00:48:51 2015
New Revision: 278480
URL: https://svnweb.freebsd.org/changeset/base/278480
Log:
Un-revert the r278323 again - whatever Jenkins/kyua is up it, it has
nothing to do with this.
Modified:
head/etc/rc.d/jail
Modified: head/etc/rc.d/jail
=
Author: jamie
Date: Sat Feb 7 05:02:10 2015
New Revision: 278343
URL: https://svnweb.freebsd.org/changeset/base/278343
Log:
Revert the rc part of r278323 until I can figure out what Jenkins is doing.
Modified:
head/etc/rc.d/jail
Modified: head/etc/rc.d/jail
=
Author: jamie
Date: Fri Feb 6 17:54:53 2015
New Revision: 278323
URL: https://svnweb.freebsd.org/changeset/base/278323
Log:
Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.
Also fix a typo while I'm at it.
PR: 197237 197066
Author: jamie
Date: Wed Jan 28 21:08:09 2015
New Revision: 277855
URL: https://svnweb.freebsd.org/changeset/base/277855
Log:
Add allow.mount.fdescfs jail flag.
PR: 192951
Submitted by: ru...@verweg.com
MFC after:3 days
Modified:
head/sys/fs/fdescfs/fdesc_vfsops.c
head
Author: jamie
Date: Wed Jan 14 04:50:28 2015
New Revision: 277159
URL: https://svnweb.freebsd.org/changeset/base/277159
Log:
Remove the prison flags PR_IP4_DISABLE and PR_IP6_DISABLE, which have been
write-only for as long as they've existed.
Modified:
head/sys/kern/kern_jail.c
head/sys/s
Author: jamie
Date: Wed Jan 14 03:52:41 2015
New Revision: 277158
URL: https://svnweb.freebsd.org/changeset/base/277158
Log:
Don't set prison's pr_ip4s or pr_ip6s to -1.
PR: 196474
MFC after:3 days
Modified:
head/sys/kern/kern_jail.c
Modified: head/sys/kern/kern_jail.c
=
Author: jamie
Date: Thu Dec 18 18:10:39 2014
New Revision: 275906
URL: https://svnweb.freebsd.org/changeset/base/275906
Log:
Setgid before running a command as a specified user. Previously only
initgroups(3) was called, what isn't quite enough. This brings jail(8)
in line with jexec(8), wh
Author: jamie
Date: Tue Nov 25 21:01:08 2014
New Revision: 275073
URL: https://svnweb.freebsd.org/changeset/base/275073
Log:
In preparation for using clang's -Wcast-qual:
Use __DECONST (instead of my own attempted re-invention) for the iov
parameters to jail_get/set(2). Similarly remove
Author: jamie
Date: Fri Jan 31 17:39:51 2014
New Revision: 261326
URL: http://svnweb.freebsd.org/changeset/base/261326
Log:
Back out r261266 pending security buy-in.
r261266:
Add a jail parameter, allow.kmem, which lets jailed processes access
/dev/kmem and related devices (i.e. g
Author: jamie
Date: Wed Jan 29 13:41:13 2014
New Revision: 261266
URL: http://svnweb.freebsd.org/changeset/base/261266
Log:
Add a jail parameter, allow.kmem, which lets jailed processes access
/dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE).
This in conjunction with c
Author: jamie
Date: Fri Sep 6 17:32:29 2013
New Revision: 255316
URL: http://svnweb.freebsd.org/changeset/base/255316
Log:
Keep PRIV_KMEM_READ permitted inside jails as it is on the outside.
Modified:
head/sys/kern/kern_jail.c
Modified: head/sys/kern/kern_jail.c
On 09/06/13 12:18, Gleb Smirnoff wrote:
> On Fri, Sep 06, 2013 at 05:32:29PM +0000, Jamie Gritton wrote:
> J> Author: jamie
> J> Date: Fri Sep 6 17:32:29 2013
> J> New Revision: 255316
> J> URL: http://svnweb.freebsd.org/changeset/base/255316
> J>
> J> Lo
On 08/30/13 11:13, Jase Thew wrote:
> On 05/07/2013 22:31, Jamie Gritton wrote:
>> Author: jamie
>> Date: Fri Jul 5 21:31:16 2013
>> New Revision: 252841
>> URL: http://svnweb.freebsd.org/changeset/base/252841
>>
>> Log:
>>Add new privileges
Author: jamie
Date: Sat Jul 6 00:10:52 2013
New Revision: 252855
URL: http://svnweb.freebsd.org/changeset/base/252855
Log:
Make the comments a little more clear about PRIV_KMEM_*, explicitly
referring to /dev/[k]mem and noting it's about opening the files rather
than actually reading and wr
Author: jamie
Date: Fri Jul 5 21:41:05 2013
New Revision: 252845
URL: http://svnweb.freebsd.org/changeset/base/252845
Log:
Bump up _PRIV_HIGHEST to account for PRIV_KMEM_READ/WRITE.
Submitted by: mdf
Modified:
head/sys/sys/priv.h
Modified: head/sys/sys/priv.h
==
Author: jamie
Date: Fri Jul 5 21:31:16 2013
New Revision: 252841
URL: http://svnweb.freebsd.org/changeset/base/252841
Log:
Add new privileges, PRIV_KMEM_READ and PRIV_KMEM_WRITE, used in opening
/dev/kmem and /dev/mem (in addition to traditional file permission checks).
PRIV_KMEM_READ is di
Author: jamie
Date: Fri May 24 14:57:38 2013
New Revision: 250968
URL: http://svnweb.freebsd.org/changeset/base/250968
Log:
Mention the "nojailvnet" keyword.
MFC after:3 days
Modified:
head/share/man/man8/rc.8
Modified: head/share/man/man8/rc.8
==
Author: jamie
Date: Sun May 19 04:10:34 2013
New Revision: 250804
URL: http://svnweb.freebsd.org/changeset/base/250804
Log:
Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't
apply to most jails but do apply to vnet jails. This includes adding
a new sysctl "security.ja
Author: jamie
Date: Thu Mar 28 21:02:49 2013
New Revision: 248854
URL: http://svnweb.freebsd.org/changeset/base/248854
Log:
Reverse the order of some implicit commands (FS mounts and ifconfigs)
when stopping jails. This matters particularly for nested filesystem
mounts.
PR: k
Author: jamie
Date: Thu Feb 21 02:41:37 2013
New Revision: 247071
URL: http://svnweb.freebsd.org/changeset/base/247071
Log:
Don't worry if a module is already loaded when looking for a fstype to mount
(possible in a race condition).
Reviewed by: kib
MFC after:1 week
Modified:
he
Author: jamie
Date: Thu Feb 14 19:27:52 2013
New Revision: 246804
URL: http://svnweb.freebsd.org/changeset/base/246804
Log:
Handle (ignore) when a process disappears before it can be tracked.
Modified:
head/usr.sbin/jail/command.c
Modified: head/usr.sbin/jail/command.c
==
Author: jamie
Date: Thu Oct 4 19:07:05 2012
New Revision: 241197
URL: http://svn.freebsd.org/changeset/base/241197
Log:
Fix some memory allocation errors:
* jail_setv will leak a parameter name if jailparam_import fails.
* jailparam_all loses the jailparam pointer on realloc error
(a
Author: jamie
Date: Thu Oct 4 18:59:46 2012
New Revision: 241196
URL: http://svn.freebsd.org/changeset/base/241196
Log:
Move properly to the next parameter when jailparam_init fails
(i.e. on an unknown parameter), to avoid freeing bogus pointers.
Modified:
head/usr.sbin/jail/config.c
Mod
Author: jamie
Date: Thu Aug 23 19:39:23 2012
New Revision: 239621
URL: http://svn.freebsd.org/changeset/base/239621
Log:
Partially roll back r239601 - keep parameter strings both length-delimited
and null-terminated at the same time, because they're later passed to
libjail as null-terminated
Author: jamie
Date: Thu Aug 23 01:43:01 2012
New Revision: 239601
URL: http://svn.freebsd.org/changeset/base/239601
Log:
Remember that I'm using length-defined strings in parameters:
Remove a bogus null terminator when stripping the netmask from
IP addresses. This was causing later add
Author: jamie
Date: Thu Aug 23 01:43:22 2012
New Revision: 239602
URL: http://svn.freebsd.org/changeset/base/239602
Log:
Pre-separate IP addresses passed on the command line, so they can be
properly parsed for interface prefixes and netmask suffixes. This was
already done for the old-style
Author: jamie
Date: Mon May 28 20:44:11 2012
New Revision: 236198
URL: http://svn.freebsd.org/changeset/base/236198
Log:
When writing the jid via the -i flag, do it right when the jail is created,
before any commands run. /etc/rc.d/jail depends on this.
Modified:
head/usr.sbin/jail/command
Author: jamie
Date: Fri May 25 00:38:06 2012
New Revision: 235949
URL: http://svn.freebsd.org/changeset/base/235949
Log:
Don't try to set a null TERM environment.
Submitted by: Mateusz Guzik
Modified:
head/usr.sbin/jail/command.c
Modified: head/usr.sbin/jail/command.c
=
Author: jamie
Date: Wed May 23 15:30:13 2012
New Revision: 235840
URL: http://svn.freebsd.org/changeset/base/235840
Log:
Note that the new jail(8) will be appearing in 9.1.
Modified:
head/usr.sbin/jail/jail.8
head/usr.sbin/jail/jail.conf.5
Modified: head/usr.sbin/jail/jail.8
==
Author: jamie
Date: Tue May 22 18:30:32 2012
New Revision: 235799
URL: http://svn.freebsd.org/changeset/base/235799
Log:
The fix in r235291 re-broke the "allow.nomount" case. Re-fix it
by testing for the right parameter name.
Modified:
head/lib/libjail/jail.c
Modified: head/lib/libjail/ja
Author: jamie
Date: Fri May 11 21:22:52 2012
New Revision: 235291
URL: http://svn.freebsd.org/changeset/base/235291
Log:
The linker isn't consistent in the ordering of dynamic sysctls, so don't
assume that the unnamed final component of "security.jail.param.foo." is
one less than the "foo" c
Author: jamie
Date: Thu May 3 21:39:23 2012
New Revision: 234988
URL: http://svn.freebsd.org/changeset/base/234988
Log:
Add a meta-parameter IP__NULL to enum intparam, instead of mixing
enum values and zeroes. This keeps clang happy (and is just good form).
Submitted by: dim
Modified:
Author: jamie
Date: Wed May 2 21:24:08 2012
New Revision: 234934
URL: http://svn.freebsd.org/changeset/base/234934
Log:
Add YY_NO_INPUT so clang doesn't complain about "input" not being used.
Modified:
head/usr.sbin/jail/jaillex.l
Modified: head/usr.sbin/jail/jaillex.l
=
Author: jamie
Date: Fri Apr 27 23:39:21 2012
New Revision: 234744
URL: http://svn.freebsd.org/changeset/base/234744
Log:
Fix the dates and history as of the move to HEAD.
Modified:
head/usr.sbin/jail/jail.conf.5
Modified: head/usr.sbin/jail/jail.conf.5
===
1 - 100 of 117 matches
Mail list logo
