jail - Rework sysctl configuration variables

Operating Systems / DragonFlyBSD - Antonio Huete Jimenez [quantumachine.net] - 28 August 2019 10:37 EDT

- Jail sysctls are now jail-specific so that different jails can have different settings. Each jail will have its own subtree which can be operated directly with sysctl(8).

Naming convention:

jail..

- All previous sysctls are now moved to 'jail.defaults' and they are used as a template for any newly created jail.

Example:

# jls JID Hostname Path IPs 2 t02.local /jails/02 10.0.0.3 1 t01.local /jails/01 10.0.0.2

# sysctl jail jail.jailed: 0 jail.list: 2 t02.local /jails/02 10.0.0.3 1 t01.local /jails/01 10.0.0.2 jail.defaults.allow_raw_sockets: 0 jail.defaults.chflags_allowed: 0 jail.defaults.sysvipc_allowed: 0 jail.defaults.socket_unixiproute_only: 1 jail.defaults.set_hostname_allowed: 1 jail.1.set_hostname_allowed: 1 jail.1.socket_unixiproute_only: 1 jail.1.sysvipc_allowed: 0 jail.1.chflags_allowed: 0 jail.1.allow_raw_sockets: 0 jail.2.set_hostname_allowed: 1 jail.2.socket_unixiproute_only: 1 jail.2.sysvipc_allowed: 0 jail.2.chflags_allowed: 0 jail.2.allow_raw_sockets: 0

# sysctl jail.2.allow_raw_sockets=1 jail.2.allow_raw_sockets: 0 -> 1

# jexec 2 ping -q -c 1 10.0.0.1 PING 10.0.0.1 (10.0.0.1): 56 data bytes

--- 10.0.0.1 ping statistics ---1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.766/0.766/0.766/0.000 ms

# jexec 1 ping -q -c 1 10.0.0.1 ping: socket: Operation not permitted

# service jail stop Stopping jails: t01.local t02.local.

# sysctl jail jail.jailed: 0 jail.defaults.allow_raw_sockets: 0 jail.defaults.chflags_allowed: 0 jail.defaults.sysvipc_allowed: 0 jail.defaults.socket_unixiproute_only: 1 jail.defaults.set_hostname_allowed: 1

7104f31219 jail - Rework sysctl configuration variables
sys/kern/kern_jail.c | 223 +++++++++++++++++++++++++++++++++++++++++++++----
sys/kern/kern_mib.c | 7 +-
sys/kern/sysv_msg.c | 12 ++-
sys/kern/sysv_sem.c | 9 +-
sys/kern/sysv_shm.c | 13 ++-
sys/kern/uipc_socket.c | 3 +-
sys/kern/vfs_helper.c | 2 +-
sys/sys/jail.h | 15 ++++
8 files changed, 255 insertions(+), 29 deletions(-)

Upstream: gitweb.dragonflybsd.org


  • Share