Date: Tue, 28 Dec 2010 18:29:47 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 187258 for review Message-ID: <201012281829.oBSITlPS005600@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@187258?ac=10 Change 187258 by trasz@trasz_victim on 2010/12/28 18:29:43 Fix per-jail rules storage. Affected files ... .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#101 edit .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_jail.c#27 edit .. //depot/projects/soc2009/trasz_limits/sys/sys/jail.h#16 edit Differences ... ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_hrl.c#101 (text+ko) ==== @@ -949,6 +949,9 @@ error = ui_container_foreach(hrl_rule_remove_callback, filter, (void *)&found); KASSERT(error == 0, ("ui_container_foreach failed")); + error = prison_container_foreach(hrl_rule_remove_callback, filter, + (void *)&found); + KASSERT(error == 0, ("prison_container_foreach failed")); sx_assert(&allproc_lock, SA_LOCKED); FOREACH_PROC_IN_SYSTEM(p) { @@ -1210,6 +1213,7 @@ mtx_lock(&hrl_lock); loginclass_container_foreach(hrl_get_rules_callback, filter, sb); ui_container_foreach(hrl_get_rules_callback, filter, sb); + prison_container_foreach(hrl_get_rules_callback, filter, sb); mtx_unlock(&hrl_lock); if (sbuf_error(sb) == ENOMEM) { sbuf_delete(sb); ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_jail.c#27 (text+ko) ==== @@ -4252,6 +4252,28 @@ SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW, "B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route"); +#ifdef HRL +int +prison_container_foreach(int (*callback)(struct container *container, + const struct hrl_rule *filter, void *arg3), + const struct hrl_rule *filter, void *arg3) +{ + int error; + struct prison *pr; + + sx_slock(&allprison_lock); + TAILQ_FOREACH(pr, &allprison, pr_list) { + error = (callback)(&pr->pr_container, filter, arg3); + if (error != 0) { + sx_sunlock(&allprison_lock); + return (error); + } + } + sx_sunlock(&allprison_lock); + + return (0); +} +#endif #ifdef DDB ==== //depot/projects/soc2009/trasz_limits/sys/sys/jail.h#16 (text+ko) ==== @@ -341,6 +341,8 @@ struct mount; struct sockaddr; struct statfs; +struct container; +struct hrl_rule; int jailed(struct ucred *cred); int jailed_without_vnet(struct ucred *); void getcredhostname(struct ucred *, char *, size_t); @@ -383,6 +385,9 @@ char *prison_name(struct prison *, struct prison *); int prison_priv_check(struct ucred *cred, int priv); int sysctl_jail_param(struct sysctl_oid *, void *, int , struct sysctl_req *); +int prison_container_foreach(int (*callback)(struct container *container, + const struct hrl_rule *filter, void *arg3), + const struct hrl_rule *filter, void *arg3); #endif /* _KERNEL */ #endif /* !_SYS_JAIL_H_ */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201012281829.oBSITlPS005600>