Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 17 Oct 2018 16:17:57 +0000 (UTC)
From:      Jamie Gritton <jamie@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r339410 - stable/10/sys/kern
Message-ID:  <201810171617.w9HGHvqJ031721@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jamie
Date: Wed Oct 17 16:17:56 2018
New Revision: 339410
URL: https://svnweb.freebsd.org/changeset/base/339410

Log:
  MFC r339211:
  
    Fix the test prohibiting jails from sharing IP addresses.
  
    It's not supposed to be legal for two jails to contain the same IP address,
    unless both jails contain only that one address.  This is the behavior
    documented in jail(8), and is there to prevent confusion when multiple
    jails are listening on IADDR_ANY.
  
    VIMAGE jails (now the default for GENERIC kernels) test this correctly,
    but non-VIMAGE jails have been performing an incomplete test when nested
    jails are used.

Modified:
  stable/10/sys/kern/kern_jail.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/sys/kern/kern_jail.c
==============================================================================
--- stable/10/sys/kern/kern_jail.c	Wed Oct 17 16:11:43 2018	(r339409)
+++ stable/10/sys/kern/kern_jail.c	Wed Oct 17 16:17:56 2018	(r339410)
@@ -1478,11 +1478,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i
 		 * there is a duplicate on a jail with more than one
 		 * IP stop checking and return error.
 		 */
-		tppr = ppr;
 #ifdef VIMAGE
-		for (; tppr != &prison0; tppr = tppr->pr_parent)
+		for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
 			if (tppr->pr_flags & PR_VNET)
 				break;
+#else
+		tppr = &prison0;
 #endif
 		FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
 			if (tpr == pr ||
@@ -1544,11 +1545,12 @@ kern_jail_set(struct thread *td, struct uio *optuio, i
 			}
 		}
 		/* Check for conflicting IP addresses. */
-		tppr = ppr;
 #ifdef VIMAGE
-		for (; tppr != &prison0; tppr = tppr->pr_parent)
+		for (tppr = ppr; tppr != &prison0; tppr = tppr->pr_parent)
 			if (tppr->pr_flags & PR_VNET)
 				break;
+#else
+		tppr = &prison0;
 #endif
 		FOREACH_PRISON_DESCENDANT(tppr, tpr, descend) {
 			if (tpr == pr ||



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201810171617.w9HGHvqJ031721>