mis...

Bjoern A. Zeeb Thu, 13 Aug 2009 03:31:38 -0700

Author: bz
Date: Thu Aug 13 10:31:02 2009
New Revision: 196178
URL: http://svn.freebsd.org/changeset/base/196178


Log:
  MFC r196176:
  
    Make it possible to change the vnet sysctl variables on jails
    with their own virtual network stack. Jails only inheriting a
    network stack cannot change anything that cannot be changed from
    within a prison.
  
    Reviewed by:  rwatson, zec
  
  Approved by:  re (kib)

Modified:
  stable/8/sys/   (props changed)
  stable/8/sys/amd64/include/xen/   (props changed)
  stable/8/sys/cddl/contrib/opensolaris/   (props changed)
  stable/8/sys/contrib/dev/acpica/   (props changed)
  stable/8/sys/contrib/pf/   (props changed)
  stable/8/sys/dev/ata/   (props changed)
  stable/8/sys/dev/ata/ata-usb.c   (props changed)
  stable/8/sys/dev/cxgb/   (props changed)
  stable/8/sys/dev/sound/usb/uaudio.c   (props changed)
  stable/8/sys/dev/sound/usb/uaudio.h   (props changed)
  stable/8/sys/dev/sound/usb/uaudio_pcm.c   (props changed)
  stable/8/sys/dev/sound/usb/uaudioreg.h   (props changed)
  stable/8/sys/dev/usb/controller/at91dci.c   (props changed)
  stable/8/sys/dev/usb/controller/at91dci.h   (props changed)
  stable/8/sys/dev/usb/controller/at91dci_atmelarm.c   (props changed)
  stable/8/sys/dev/usb/controller/atmegadci.c   (props changed)
  stable/8/sys/dev/usb/controller/atmegadci.h   (props changed)
  stable/8/sys/dev/usb/controller/atmegadci_atmelarm.c   (props changed)
  stable/8/sys/dev/usb/controller/ehci.c   (props changed)
  stable/8/sys/dev/usb/controller/ehci.h   (props changed)
  stable/8/sys/dev/usb/controller/ehci_ixp4xx.c   (props changed)
  stable/8/sys/dev/usb/controller/ehci_mbus.c   (props changed)
  stable/8/sys/dev/usb/controller/ehci_pci.c   (props changed)
  stable/8/sys/dev/usb/controller/musb_otg.c   (props changed)
  stable/8/sys/dev/usb/controller/musb_otg.h   (props changed)
  stable/8/sys/dev/usb/controller/musb_otg_atmelarm.c   (props changed)
  stable/8/sys/dev/usb/controller/ohci.c   (props changed)
  stable/8/sys/dev/usb/controller/ohci.h   (props changed)
  stable/8/sys/dev/usb/controller/ohci_atmelarm.c   (props changed)
  stable/8/sys/dev/usb/controller/ohci_pci.c   (props changed)
  stable/8/sys/dev/usb/controller/uhci.c   (props changed)
  stable/8/sys/dev/usb/controller/uhci.h   (props changed)
  stable/8/sys/dev/usb/controller/uhci_pci.c   (props changed)
  stable/8/sys/dev/usb/controller/usb_controller.c   (props changed)
  stable/8/sys/dev/usb/controller/uss820dci.c   (props changed)
  stable/8/sys/dev/usb/controller/uss820dci.h   (props changed)
  stable/8/sys/dev/usb/controller/uss820dci_atmelarm.c   (props changed)
  stable/8/sys/dev/usb/input/uhid.c   (props changed)
  stable/8/sys/dev/usb/input/ukbd.c   (props changed)
  stable/8/sys/dev/usb/input/ums.c   (props changed)
  stable/8/sys/dev/usb/input/usb_rdesc.h   (props changed)
  stable/8/sys/dev/usb/misc/udbp.c   (props changed)
  stable/8/sys/dev/usb/misc/udbp.h   (props changed)
  stable/8/sys/dev/usb/misc/ufm.c   (props changed)
  stable/8/sys/dev/usb/net/if_aue.c   (props changed)
  stable/8/sys/dev/usb/net/if_auereg.h   (props changed)
  stable/8/sys/dev/usb/net/if_axe.c   (props changed)
  stable/8/sys/dev/usb/net/if_axereg.h   (props changed)
  stable/8/sys/dev/usb/net/if_cdce.c   (props changed)
  stable/8/sys/dev/usb/net/if_cdcereg.h   (props changed)
  stable/8/sys/dev/usb/net/if_cue.c   (props changed)
  stable/8/sys/dev/usb/net/if_cuereg.h   (props changed)
  stable/8/sys/dev/usb/net/if_kue.c   (props changed)
  stable/8/sys/dev/usb/net/if_kuefw.h   (props changed)
  stable/8/sys/dev/usb/net/if_kuereg.h   (props changed)
  stable/8/sys/dev/usb/net/if_rue.c   (props changed)
  stable/8/sys/dev/usb/net/if_ruereg.h   (props changed)
  stable/8/sys/dev/usb/net/if_udav.c   (props changed)
  stable/8/sys/dev/usb/net/if_udavreg.h   (props changed)
  stable/8/sys/dev/usb/net/usb_ethernet.c   (props changed)
  stable/8/sys/dev/usb/net/usb_ethernet.h   (props changed)
  stable/8/sys/dev/usb/quirk/usb_quirk.c   (props changed)
  stable/8/sys/dev/usb/quirk/usb_quirk.h   (props changed)
  stable/8/sys/dev/usb/serial/u3g.c   (props changed)
  stable/8/sys/dev/usb/serial/uark.c   (props changed)
  stable/8/sys/dev/usb/serial/ubsa.c   (props changed)
  stable/8/sys/dev/usb/serial/ubser.c   (props changed)
  stable/8/sys/dev/usb/serial/uchcom.c   (props changed)
  stable/8/sys/dev/usb/serial/ucycom.c   (props changed)
  stable/8/sys/dev/usb/serial/ufoma.c   (props changed)
  stable/8/sys/dev/usb/serial/uftdi.c   (props changed)
  stable/8/sys/dev/usb/serial/uftdi_reg.h   (props changed)
  stable/8/sys/dev/usb/serial/ugensa.c   (props changed)
  stable/8/sys/dev/usb/serial/uipaq.c   (props changed)
  stable/8/sys/dev/usb/serial/ulpt.c   (props changed)
  stable/8/sys/dev/usb/serial/umct.c   (props changed)
  stable/8/sys/dev/usb/serial/umodem.c   (props changed)
  stable/8/sys/dev/usb/serial/umoscom.c   (props changed)
  stable/8/sys/dev/usb/serial/uplcom.c   (props changed)
  stable/8/sys/dev/usb/serial/usb_serial.c   (props changed)
  stable/8/sys/dev/usb/serial/usb_serial.h   (props changed)
  stable/8/sys/dev/usb/serial/uslcom.c   (props changed)
  stable/8/sys/dev/usb/serial/uvisor.c   (props changed)
  stable/8/sys/dev/usb/serial/uvscom.c   (props changed)
  stable/8/sys/dev/usb/storage/rio500_usb.h   (props changed)
  stable/8/sys/dev/usb/storage/umass.c   (props changed)
  stable/8/sys/dev/usb/storage/urio.c   (props changed)
  stable/8/sys/dev/usb/storage/ustorage_fs.c   (props changed)
  stable/8/sys/dev/usb/template/usb_template.c   (props changed)
  stable/8/sys/dev/usb/template/usb_template.h   (props changed)
  stable/8/sys/dev/usb/template/usb_template_cdce.c   (props changed)
  stable/8/sys/dev/usb/template/usb_template_msc.c   (props changed)
  stable/8/sys/dev/usb/template/usb_template_mtp.c   (props changed)
  stable/8/sys/dev/usb/ufm_ioctl.h   (props changed)
  stable/8/sys/dev/usb/usb.h   (props changed)
  stable/8/sys/dev/usb/usb_bus.h   (props changed)
  stable/8/sys/dev/usb/usb_busdma.c   (props changed)
  stable/8/sys/dev/usb/usb_busdma.h   (props changed)
  stable/8/sys/dev/usb/usb_cdc.h   (props changed)
  stable/8/sys/dev/usb/usb_compat_linux.c   (props changed)
  stable/8/sys/dev/usb/usb_compat_linux.h   (props changed)
  stable/8/sys/dev/usb/usb_controller.h   (props changed)
  stable/8/sys/dev/usb/usb_core.c   (props changed)
  stable/8/sys/dev/usb/usb_core.h   (props changed)
  stable/8/sys/dev/usb/usb_debug.c   (props changed)
  stable/8/sys/dev/usb/usb_debug.h   (props changed)
  stable/8/sys/dev/usb/usb_dev.c   (props changed)
  stable/8/sys/dev/usb/usb_dev.h   (props changed)
  stable/8/sys/dev/usb/usb_device.c   (props changed)
  stable/8/sys/dev/usb/usb_device.h   (props changed)
  stable/8/sys/dev/usb/usb_dynamic.c   (props changed)
  stable/8/sys/dev/usb/usb_dynamic.h   (props changed)
  stable/8/sys/dev/usb/usb_endian.h   (props changed)
  stable/8/sys/dev/usb/usb_error.c   (props changed)
  stable/8/sys/dev/usb/usb_generic.c   (props changed)
  stable/8/sys/dev/usb/usb_generic.h   (props changed)
  stable/8/sys/dev/usb/usb_handle_request.c   (props changed)
  stable/8/sys/dev/usb/usb_hid.c   (props changed)
  stable/8/sys/dev/usb/usb_hub.c   (props changed)
  stable/8/sys/dev/usb/usb_hub.h   (props changed)
  stable/8/sys/dev/usb/usb_if.m   (props changed)
  stable/8/sys/dev/usb/usb_ioctl.h   (props changed)
  stable/8/sys/dev/usb/usb_lookup.c   (props changed)
  stable/8/sys/dev/usb/usb_mbuf.c   (props changed)
  stable/8/sys/dev/usb/usb_mbuf.h   (props changed)
  stable/8/sys/dev/usb/usb_msctest.c   (props changed)
  stable/8/sys/dev/usb/usb_msctest.h   (props changed)
  stable/8/sys/dev/usb/usb_parse.c   (props changed)
  stable/8/sys/dev/usb/usb_pci.h   (props changed)
  stable/8/sys/dev/usb/usb_process.c   (props changed)
  stable/8/sys/dev/usb/usb_process.h   (props changed)
  stable/8/sys/dev/usb/usb_request.c   (props changed)
  stable/8/sys/dev/usb/usb_request.h   (props changed)
  stable/8/sys/dev/usb/usb_transfer.c   (props changed)
  stable/8/sys/dev/usb/usb_transfer.h   (props changed)
  stable/8/sys/dev/usb/usb_util.c   (props changed)
  stable/8/sys/dev/usb/usb_util.h   (props changed)
  stable/8/sys/dev/usb/usbdevs   (props changed)
  stable/8/sys/dev/usb/usbhid.h   (props changed)
  stable/8/sys/dev/usb/wlan/if_rum.c   (props changed)
  stable/8/sys/dev/usb/wlan/if_rumfw.h   (props changed)
  stable/8/sys/dev/usb/wlan/if_rumreg.h   (props changed)
  stable/8/sys/dev/usb/wlan/if_rumvar.h   (props changed)
  stable/8/sys/dev/usb/wlan/if_ural.c   (props changed)
  stable/8/sys/dev/usb/wlan/if_uralreg.h   (props changed)
  stable/8/sys/dev/usb/wlan/if_uralvar.h   (props changed)
  stable/8/sys/dev/usb/wlan/if_zyd.c   (props changed)
  stable/8/sys/dev/usb/wlan/if_zydfw.h   (props changed)
  stable/8/sys/dev/usb/wlan/if_zydreg.h   (props changed)
  stable/8/sys/dev/xen/netfront/   (props changed)
  stable/8/sys/dev/xen/xenpci/   (props changed)
  stable/8/sys/kern/kern_jail.c
  stable/8/sys/kern/kern_sysctl.c
  stable/8/sys/modules/dtrace/dtnfsclient/   (props changed)
  stable/8/sys/modules/ip6_mroute_mod/   (props changed)
  stable/8/sys/modules/ipmi/ipmi_linux/   (props changed)
  stable/8/sys/net/vnet.h
  stable/8/sys/netgraph/bluetooth/drivers/ubt/ng_ubt.c   (props changed)
  stable/8/sys/netgraph/bluetooth/drivers/ubt/ng_ubt_var.h   (props changed)
  stable/8/sys/netgraph/bluetooth/drivers/ubtbcmfw/ubtbcmfw.c   (props changed)
  stable/8/sys/netinet/ipfw/ip_dummynet.c   (props changed)
  stable/8/sys/netinet/ipfw/ip_fw2.c   (props changed)
  stable/8/sys/netinet/ipfw/ip_fw_nat.c   (props changed)
  stable/8/sys/netinet/ipfw/ip_fw_pfil.c   (props changed)
  stable/8/sys/netipx/spx_reass.c   (props changed)
  stable/8/sys/sys/jail.h
  stable/8/sys/sys/sysctl.h
  stable/8/sys/xen/evtchn.h   (props changed)
  stable/8/sys/xen/hypervisor.h   (props changed)
  stable/8/sys/xen/xen_intr.h   (props changed)

Modified: stable/8/sys/kern/kern_jail.c
==============================================================================
--- stable/8/sys/kern/kern_jail.c       Thu Aug 13 10:27:22 2009        
(r196177)
+++ stable/8/sys/kern/kern_jail.c       Thu Aug 13 10:31:02 2009        
(r196178)
@@ -88,7 +88,11 @@ struct prison prison0 = {
        .pr_childmax    = JAIL_MAX,
        .pr_hostuuid    = DEFAULT_HOSTUUID,
        .pr_children    = LIST_HEAD_INITIALIZER(&prison0.pr_children),
+#ifdef VIMAGE
+       .pr_flags       = PR_HOST|PR_VNET,
+#else
        .pr_flags       = PR_HOST,
+#endif
        .pr_allow       = PR_ALLOW_ALL,
 };
 MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
@@ -3308,6 +3312,25 @@ getcredhostid(struct ucred *cred, unsign
        mtx_unlock(&cred->cr_prison->pr_mtx);
 }
 
+#ifdef VIMAGE
+/*
+ * Determine whether the prison represented by cred owns
+ * its vnet rather than having it inherited.
+ *
+ * Returns 1 in case the prison owns the vnet, 0 otherwise.
+ */
+int
+prison_owns_vnet(struct ucred *cred)
+{
+
+       /*
+        * vnets cannot be added/removed after jail creation,
+        * so no need to lock here.
+        */
+       return (cred->cr_prison->pr_flags & PR_VNET ? 1 : 0);
+}
+#endif
+
 /*
  * Determine whether the subject represented by cred can "see"
  * status of a mount point.

Modified: stable/8/sys/kern/kern_sysctl.c
==============================================================================
--- stable/8/sys/kern/kern_sysctl.c     Thu Aug 13 10:27:22 2009        
(r196177)
+++ stable/8/sys/kern/kern_sysctl.c     Thu Aug 13 10:31:02 2009        
(r196178)
@@ -1381,10 +1381,18 @@ sysctl_root(SYSCTL_HANDLER_ARGS)
 
        /* Is this sysctl writable by only privileged users? */
        if (req->newptr && !(oid->oid_kind & CTLFLAG_ANYBODY)) {
+               int priv;
+
                if (oid->oid_kind & CTLFLAG_PRISON)
-                       error = priv_check(req->td, PRIV_SYSCTL_WRITEJAIL);
+                       priv = PRIV_SYSCTL_WRITEJAIL;
+#ifdef VIMAGE
+               else if ((oid->oid_kind & CTLFLAG_VNET) &&
+                    prison_owns_vnet(req->td->td_ucred))
+                       priv = PRIV_SYSCTL_WRITEJAIL;
+#endif
                else
-                       error = priv_check(req->td, PRIV_SYSCTL_WRITE);
+                       priv = PRIV_SYSCTL_WRITE;
+               error = priv_check(req->td, priv);
                if (error)
                        return (error);
        }

Modified: stable/8/sys/net/vnet.h
==============================================================================
--- stable/8/sys/net/vnet.h     Thu Aug 13 10:27:22 2009        (r196177)
+++ stable/8/sys/net/vnet.h     Thu Aug 13 10:31:02 2009        (r196178)
@@ -232,21 +232,25 @@ int       vnet_sysctl_handle_string(SYSCTL_HAN
 int    vnet_sysctl_handle_uint(SYSCTL_HANDLER_ARGS);
 
 #define        SYSCTL_VNET_INT(parent, nbr, name, access, ptr, val, descr)     
\
-       SYSCTL_OID(parent, nbr, name, CTLTYPE_INT|CTLFLAG_MPSAFE|(access), \
+       SYSCTL_OID(parent, nbr, name,                                   \
+           CTLTYPE_INT|CTLFLAG_MPSAFE|CTLFLAG_VNET|(access),           \
            ptr, val, vnet_sysctl_handle_int, "I", descr)
 #define        SYSCTL_VNET_PROC(parent, nbr, name, access, ptr, arg, handler,  
\
            fmt, descr)                                                 \
-       SYSCTL_OID(parent, nbr, name, access, ptr, arg, handler, fmt,   \
-           descr)
+       SYSCTL_OID(parent, nbr, name, CTLFLAG_VNET|(access), ptr, arg,  \
+           handler, fmt, descr)
 #define        SYSCTL_VNET_STRING(parent, nbr, name, access, arg, len, descr)  
\
-       SYSCTL_OID(parent, nbr, name, CTLTYPE_STRING|(access), arg,     \
-           len, vnet_sysctl_handle_string, "A", descr)
+       SYSCTL_OID(parent, nbr, name,                                   \
+           CTLTYPE_STRING|CTLFLAG_VNET|(access),                       \
+           arg, len, vnet_sysctl_handle_string, "A", descr)
 #define        SYSCTL_VNET_STRUCT(parent, nbr, name, access, ptr, type, descr) 
\
-       SYSCTL_OID(parent, nbr, name, CTLTYPE_OPAQUE|(access), ptr,     \
+       SYSCTL_OID(parent, nbr, name,                                   \
+           CTLTYPE_OPAQUE|CTLFLAG_VNET|(access), ptr,                  \
            sizeof(struct type), vnet_sysctl_handle_opaque, "S," #type, \
            descr)
 #define        SYSCTL_VNET_UINT(parent, nbr, name, access, ptr, val, descr)    
\
-       SYSCTL_OID(parent, nbr, name, CTLTYPE_UINT|CTLFLAG_MPSAFE|(access), \
+       SYSCTL_OID(parent, nbr, name,                                   \
+           CTLTYPE_UINT|CTLFLAG_MPSAFE|CTLFLAG_VNET|(access),          \
            ptr, val, vnet_sysctl_handle_uint, "IU", descr)
 #define        VNET_SYSCTL_ARG(req, arg1) do {                                 
\
        if (arg1 != NULL)                                               \

Modified: stable/8/sys/sys/jail.h
==============================================================================
--- stable/8/sys/sys/jail.h     Thu Aug 13 10:27:22 2009        (r196177)
+++ stable/8/sys/sys/jail.h     Thu Aug 13 10:31:02 2009        (r196178)
@@ -341,6 +341,7 @@ void getcredhostuuid(struct ucred *, cha
 void getcredhostid(struct ucred *, unsigned long *);
 int prison_allow(struct ucred *, unsigned);
 int prison_check(struct ucred *cred1, struct ucred *cred2);
+int prison_owns_vnet(struct ucred *);
 int prison_canseemount(struct ucred *cred, struct mount *mp);
 void prison_enforce_statfs(struct ucred *cred, struct mount *mp,
     struct statfs *sp);

Modified: stable/8/sys/sys/sysctl.h
==============================================================================
--- stable/8/sys/sys/sysctl.h   Thu Aug 13 10:27:22 2009        (r196177)
+++ stable/8/sys/sys/sysctl.h   Thu Aug 13 10:31:02 2009        (r196178)
@@ -85,6 +85,7 @@ struct ctlname {
 #define CTLMASK_SECURE 0x00F00000      /* Secure level */
 #define CTLFLAG_TUN    0x00080000      /* Tunable variable */
 #define CTLFLAG_MPSAFE 0x00040000      /* Handler is MP safe */
+#define CTLFLAG_VNET   0x00020000      /* Prisons with vnet can fiddle */
 #define CTLFLAG_RDTUN  (CTLFLAG_RD|CTLFLAG_TUN)
 
 /*
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

svn commit: r196178 - in stable/8/sys: . amd64/include/xen cddl/contrib/opensolaris contrib/dev/acpica contrib/pf dev/ata dev/cxgb dev/sound/usb dev/usb dev/usb/controller dev/usb/input dev/usb/mis...

Reply via email to