commit 7104f312191ea81da6faa5e08691fbbdd2cf25a3 Author: Antonio Huete Jimenez <tuxi...@quantumachine.net> Date: Wed Aug 21 02:35:42 2019 +0200
jail - Rework sysctl configuration variables - Jail sysctls are now jail-specific so that different jails can have different settings. Each jail will have its own subtree which can be operated directly with sysctl(8). Naming convention: jail.<n>.<setting> - All previous sysctls are now moved to 'jail.defaults' and they are used as a template for any newly created jail. Example: # jls JID Hostname Path IPs 2 t02.local /jails/02 10.0.0.3 1 t01.local /jails/01 10.0.0.2 # sysctl jail jail.jailed: 0 jail.list: 2 t02.local /jails/02 10.0.0.3 1 t01.local /jails/01 10.0.0.2 jail.defaults.allow_raw_sockets: 0 jail.defaults.chflags_allowed: 0 jail.defaults.sysvipc_allowed: 0 jail.defaults.socket_unixiproute_only: 1 jail.defaults.set_hostname_allowed: 1 jail.1.set_hostname_allowed: 1 jail.1.socket_unixiproute_only: 1 jail.1.sysvipc_allowed: 0 jail.1.chflags_allowed: 0 jail.1.allow_raw_sockets: 0 jail.2.set_hostname_allowed: 1 jail.2.socket_unixiproute_only: 1 jail.2.sysvipc_allowed: 0 jail.2.chflags_allowed: 0 jail.2.allow_raw_sockets: 0 # sysctl jail.2.allow_raw_sockets=1 jail.2.allow_raw_sockets: 0 -> 1 # jexec 2 ping -q -c 1 10.0.0.1 PING 10.0.0.1 (10.0.0.1): 56 data bytes --- 10.0.0.1 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.766/0.766/0.766/0.000 ms # jexec 1 ping -q -c 1 10.0.0.1 ping: socket: Operation not permitted # service jail stop Stopping jails: t01.local t02.local. # sysctl jail jail.jailed: 0 jail.defaults.allow_raw_sockets: 0 jail.defaults.chflags_allowed: 0 jail.defaults.sysvipc_allowed: 0 jail.defaults.socket_unixiproute_only: 1 jail.defaults.set_hostname_allowed: 1 Summary of changes: sys/kern/kern_jail.c | 223 +++++++++++++++++++++++++++++++++++++++++++++---- sys/kern/kern_mib.c | 7 +- sys/kern/sysv_msg.c | 12 ++- sys/kern/sysv_sem.c | 9 +- sys/kern/sysv_shm.c | 13 ++- sys/kern/uipc_socket.c | 3 +- sys/kern/vfs_helper.c | 2 +- sys/sys/jail.h | 15 ++++ 8 files changed, 255 insertions(+), 29 deletions(-) http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/7104f312191ea81da6faa5e08691fbbdd2cf25a3 -- DragonFly BSD source repository