Date: Thu, 17 Jul 2003 18:07:48 +0200 From: Pawel Jakub Dawidek <nick@garage.freebsd.pl> To: freebsd-hackers@freebsd.org Subject: Jail sysctls and new flags to sysctls. Message-ID: <20030717160748.GA4973@garage.freebsd.pl>
next in thread | raw e-mail | index | archive | help
--uK33WqSSB+BCC2RS Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello hackers. I've prepare a quite handy patch. This patch adds sysctls for every jails. Sysctls are created automatically when jail is created and destroyed when jail is removed. If jail with ID 3 is created we got new sysctls: security.jails.3.path (RD) security.jails.3.host (RW) security.jails.3.ip (RD) security.jails.3.securelevel (RW) Patch add also two flags to sysctls: CTLFLAG_USERINV - sysctl is invisible for unprivileged users CTLFLAG_JAILINV - sysctl is invisible in jail environment So newly created sysctls aren't visable in jails. it also provides changing host of running jail and its securelevel. Jail's securelevel could be even downgraded if it stay bigger or equal to main securelevel. With this functionality jls(8) could be rewritten to use this and xprison struct could be removed from kernel. Patch against FreeBSD 5.1-CURRENT, kern.osreldate: 501102. It is avaliable at: http://garage.freebsd.pl/patches/jail_sysctls.patch --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --uK33WqSSB+BCC2RS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPxbJ1D/PhmMH/Mf1AQHIKgQApjwUd72jGWY+V0NDwDXU216wiRB471M+ jaJdI7BPLt4OcjJkhxPYEnrzX/uya95edTF3M0jypweTpCNnBW0YHPWRQhaWZDS7 TWURD6Qu5yAYw6WLYDAhR1FPGLyHbFnH0TQhd3mJ8gmcfcZkDO0Yx3UN5nPKgmZS CAFc3XAwVzQ= =FrGx -----END PGP SIGNATURE----- --uK33WqSSB+BCC2RS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030717160748.GA4973>