From owner-freebsd-hackers@FreeBSD.ORG Thu Jul 17 09:02:05 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B0D0C37B404 for ; Thu, 17 Jul 2003 09:02:05 -0700 (PDT) Received: from milla.ask33.net (milla.ask33.net [217.197.166.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0053B43FBF for ; Thu, 17 Jul 2003 09:02:05 -0700 (PDT) (envelope-from nick@milla.ask33.net) Received: by milla.ask33.net (Postfix, from userid 1001) id C0EF13ABB4C; Thu, 17 Jul 2003 18:07:48 +0200 (CEST) Date: Thu, 17 Jul 2003 18:07:48 +0200 From: Pawel Jakub Dawidek To: freebsd-hackers@freebsd.org Message-ID: <20030717160748.GA4973@garage.freebsd.pl> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="uK33WqSSB+BCC2RS" Content-Disposition: inline X-PGP-Key-URL: http://garage.freebsd.pl/jules.asc X-OS: FreeBSD 4.8-RELEASE i386 X-URL: http://garage.freebsd.pl User-Agent: Mutt/1.5.1i Subject: Jail sysctls and new flags to sysctls. X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Jul 2003 16:02:06 -0000 --uK33WqSSB+BCC2RS Content-Type: text/plain; charset=iso-8859-2 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello hackers. I've prepare a quite handy patch. This patch adds sysctls for every jails. Sysctls are created automatically when jail is created and destroyed when jail is removed. If jail with ID 3 is created we got new sysctls: security.jails.3.path (RD) security.jails.3.host (RW) security.jails.3.ip (RD) security.jails.3.securelevel (RW) Patch add also two flags to sysctls: CTLFLAG_USERINV - sysctl is invisible for unprivileged users CTLFLAG_JAILINV - sysctl is invisible in jail environment So newly created sysctls aren't visable in jails. it also provides changing host of running jail and its securelevel. Jail's securelevel could be even downgraded if it stay bigger or equal to main securelevel. With this functionality jls(8) could be rewritten to use this and xprison struct could be removed from kernel. Patch against FreeBSD 5.1-CURRENT, kern.osreldate: 501102. It is avaliable at: http://garage.freebsd.pl/patches/jail_sysctls.patch --=20 Pawel Jakub Dawidek pawel@dawidek.net UNIX Systems Programmer/Administrator http://garage.freebsd.pl Am I Evil? Yes, I Am! http://cerber.sourceforge.net --uK33WqSSB+BCC2RS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPxbJ1D/PhmMH/Mf1AQHIKgQApjwUd72jGWY+V0NDwDXU216wiRB471M+ jaJdI7BPLt4OcjJkhxPYEnrzX/uya95edTF3M0jypweTpCNnBW0YHPWRQhaWZDS7 TWURD6Qu5yAYw6WLYDAhR1FPGLyHbFnH0TQhd3mJ8gmcfcZkDO0Yx3UN5nPKgmZS CAFc3XAwVzQ= =FrGx -----END PGP SIGNATURE----- --uK33WqSSB+BCC2RS--