Context Navigation

source: rtems-libbsd/freebsd/sys/sys/jail.h @ 36e8ad4

5

Last change on this file since 36e8ad4 was 36e8ad4, checked in by Sebastian Huber <sebastian.huber@…>, on 05/10/19 at 13:59:04

Use static inline functions for jail and prison

This helps the compiler to optimize away dead code.

Property mode set to 100644

File size: 17.8 KB

Rev	Line
[a9153ec]	1	/*-
[bb80d9d]	2	* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
	3	*
[a9153ec]	4	* Copyright (c) 1999 Poul-Henning Kamp.
	5	* Copyright (c) 2009 James Gritton.
	6	* All rights reserved.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	* 1. Redistributions of source code must retain the above copyright
	12	* notice, this list of conditions and the following disclaimer.
	13	* 2. Redistributions in binary form must reproduce the above copyright
	14	* notice, this list of conditions and the following disclaimer in the
	15	* documentation and/or other materials provided with the distribution.
	16	*
	17	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
	18	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	19	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	20	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	21	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	22	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	23	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	24	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	25	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	26	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	27	* SUCH DAMAGE.
	28	*
	29	* $FreeBSD$
	30	*/
	31
[e599318]	32	#ifndef _SYS_JAIL_H_
	33	#define _SYS_JAIL_H_
[a9153ec]	34
	35	#ifdef _KERNEL
	36	struct jail_v0 {
	37	u_int32_t version;
	38	char *path;
	39	char *hostname;
	40	u_int32_t ip_number;
	41	};
	42	#endif
	43
	44	struct jail {
	45	uint32_t version;
	46	char *path;
	47	char *hostname;
	48	char *jailname;
	49	uint32_t ip4s;
	50	uint32_t ip6s;
	51	struct in_addr *ip4;
	52	struct in6_addr *ip6;
	53	};
	54	#define JAIL_API_VERSION 2
	55
	56	/*
	57	* For all xprison structs, always keep the pr_version an int and
	58	* the first variable so userspace can easily distinguish them.
	59	*/
	60	#ifndef _KERNEL
	61	struct xprison_v1 {
	62	int pr_version;
	63	int pr_id;
	64	char pr_path[MAXPATHLEN];
	65	char pr_host[MAXHOSTNAMELEN];
	66	u_int32_t pr_ip;
	67	};
	68	#endif
	69
	70	struct xprison {
	71	int pr_version;
	72	int pr_id;
	73	int pr_state;
	74	cpusetid_t pr_cpusetid;
	75	char pr_path[MAXPATHLEN];
	76	char pr_host[MAXHOSTNAMELEN];
	77	char pr_name[MAXHOSTNAMELEN];
	78	uint32_t pr_ip4s;
	79	uint32_t pr_ip6s;
	80	#if 0
	81	/*
	82	* sizeof(xprison) will be malloced + size needed for all
	83	* IPv4 and IPv6 addesses. Offsets are based numbers of addresses.
	84	*/
	85	struct in_addr pr_ip4[];
	86	struct in6_addr pr_ip6[];
	87	#endif
	88	};
	89	#define XPRISON_VERSION 3
	90
	91	#define PRISON_STATE_INVALID 0
	92	#define PRISON_STATE_ALIVE 1
	93	#define PRISON_STATE_DYING 2
	94
	95	/*
	96	* Flags for jail_set and jail_get.
	97	*/
	98	#define JAIL_CREATE 0x01 /* Create jail if it doesn't exist */
	99	#define JAIL_UPDATE 0x02 /* Update parameters of existing jail */
	100	#define JAIL_ATTACH 0x04 /* Attach to jail upon creation */
	101	#define JAIL_DYING 0x08 /* Allow getting a dying jail */
	102	#define JAIL_SET_MASK 0x0f
	103	#define JAIL_GET_MASK 0x08
	104
	105	#define JAIL_SYS_DISABLE 0
	106	#define JAIL_SYS_NEW 1
	107	#define JAIL_SYS_INHERIT 2
	108
	109	#ifndef _KERNEL
	110
	111	struct iovec;
	112
	113	int jail(struct jail *);
	114	int jail_set(struct iovec *, unsigned int, int);
	115	int jail_get(struct iovec *, unsigned int, int);
	116	int jail_attach(int);
	117	int jail_remove(int);
	118
	119	#else /* _KERNEL */
	120
[e599318]	121	#include <sys/queue.h>
	122	#include <sys/sysctl.h>
[3c967ca]	123	#include <sys/lock.h>
[e599318]	124	#include <sys/mutex.h>
	125	#include <sys/_task.h>
[a9153ec]	126
	127	#define JAIL_MAX 999999
	128
	129	#ifdef MALLOC_DECLARE
	130	MALLOC_DECLARE(M_PRISON);
	131	#endif
	132	#endif /* _KERNEL */
	133
	134	#if defined(_KERNEL) \|\| defined(_WANT_PRISON)
	135
[e599318]	136	#include <sys/osd.h>
[a9153ec]	137
	138	#define HOSTUUIDLEN 64
[c40e45b]	139	#define OSRELEASELEN 32
[a9153ec]	140
[66659ff]	141	struct racct;
	142	struct prison_racct;
	143
[a9153ec]	144	/*
	145	* This structure describes a prison. It is pointed to by all struct
	146	* ucreds's of the inmates. pr_ref keeps track of them and is used to
	147	* delete the struture when the last inmate is dead.
	148	*
	149	* Lock key:
	150	* (a) allprison_lock
	151	* (p) locked by pr_mtx
	152	* (c) set only during creation before the structure is shared, no mutex
	153	* required to read
	154	*/
	155	struct prison {
	156	TAILQ_ENTRY(prison) pr_list; /* (a) all prisons */
	157	int pr_id; /* (c) prison id */
	158	int pr_ref; /* (p) refcount */
	159	int pr_uref; /* (p) user (alive) refcount */
	160	unsigned pr_flags; /* (p) PR_* flags */
	161	LIST_HEAD(, prison) pr_children; /* (a) list of child jails */
	162	LIST_ENTRY(prison) pr_sibling; /* (a) next in parent's list */
	163	struct prison pr_parent; / (c) containing jail */
	164	struct mtx pr_mtx;
[c40e45b]	165	struct task pr_task; /* (c) destroy task */
[a9153ec]	166	struct osd pr_osd; /* (p) additional data */
	167	struct cpuset pr_cpuset; / (p) cpuset */
	168	struct vnet pr_vnet; / (c) network stack */
	169	struct vnode pr_root; / (c) vnode to rdir */
	170	int pr_ip4s; /* (p) number of v4 IPs */
	171	int pr_ip6s; /* (p) number of v6 IPs */
	172	struct in_addr pr_ip4; / (p) v4 IPs of jail */
	173	struct in6_addr pr_ip6; / (p) v6 IPs of jail */
[66659ff]	174	struct prison_racct pr_prison_racct; / (c) racct jail proxy */
	175	void *pr_sparep[3];
[a9153ec]	176	int pr_childcount; /* (a) number of child jails */
	177	int pr_childmax; /* (p) maximum child jails */
	178	unsigned pr_allow; /* (p) PR_ALLOW_* flags */
	179	int pr_securelevel; /* (p) securelevel */
	180	int pr_enforce_statfs; /* (p) statfs permission */
[66659ff]	181	int pr_devfs_rsnum; /* (p) devfs ruleset */
[c40e45b]	182	int pr_spare[3];
	183	int pr_osreldate; /* (c) kern.osreldate value */
[a9153ec]	184	unsigned long pr_hostid; /* (p) jail hostid */
	185	char pr_name[MAXHOSTNAMELEN]; /* (p) admin jail name */
	186	char pr_path[MAXPATHLEN]; /* (c) chroot path */
	187	char pr_hostname[MAXHOSTNAMELEN]; /* (p) jail hostname */
	188	char pr_domainname[MAXHOSTNAMELEN]; /* (p) jail domainname */
	189	char pr_hostuuid[HOSTUUIDLEN]; /* (p) jail hostuuid */
[c40e45b]	190	char pr_osrelease[OSRELEASELEN]; /* (c) kern.osrelease value */
[a9153ec]	191	};
[66659ff]	192
	193	struct prison_racct {
	194	LIST_ENTRY(prison_racct) prr_next;
	195	char prr_name[MAXHOSTNAMELEN];
	196	u_int prr_refcount;
	197	struct racct *prr_racct;
	198	};
[a9153ec]	199	#endif /* _KERNEL \|\| _WANT_PRISON */
	200
	201	#ifdef _KERNEL
	202	/* Flag bits set via options */
	203	#define PR_PERSIST 0x00000001 /* Can exist without processes */
	204	#define PR_HOST 0x00000002 /* Virtualize hostname et al */
	205	#define PR_IP4_USER 0x00000004 /* Restrict IPv4 addresses */
	206	#define PR_IP6_USER 0x00000008 /* Restrict IPv6 addresses */
	207	#define PR_VNET 0x00000010 /* Virtual network stack */
	208	#define PR_IP4_SADDRSEL 0x00000080 /* Do IPv4 src addr sel. or use the */
	209	/* primary jail address. */
	210	#define PR_IP6_SADDRSEL 0x00000100 /* Do IPv6 src addr sel. or use the */
	211	/* primary jail address. */
	212
	213	/* Internal flag bits */
	214	#define PR_IP4 0x02000000 /* IPv4 restricted or disabled */
	215	/* by this jail or an ancestor */
	216	#define PR_IP6 0x04000000 /* IPv6 restricted or disabled */
	217	/* by this jail or an ancestor */
	218
[bcdce02]	219	/*
	220	* Flags for pr_allow
	221	* Bits not noted here may be used for dynamic allow.mount.xxxfs.
	222	*/
[c37f9fb]	223	#define PR_ALLOW_SET_HOSTNAME 0x00000001
	224	#define PR_ALLOW_SYSVIPC 0x00000002
	225	#define PR_ALLOW_RAW_SOCKETS 0x00000004
	226	#define PR_ALLOW_CHFLAGS 0x00000008
	227	#define PR_ALLOW_MOUNT 0x00000010
	228	#define PR_ALLOW_QUOTAS 0x00000020
	229	#define PR_ALLOW_SOCKET_AF 0x00000040
[3489e3b]	230	#define PR_ALLOW_MLOCK 0x00000080
[b3169c2]	231	#define PR_ALLOW_READ_MSGBUF 0x00000100
[2b2563d]	232	#define PR_ALLOW_UNPRIV_DEBUG 0x00000200
[c37f9fb]	233	#define PR_ALLOW_RESERVED_PORTS 0x00008000
	234	#define PR_ALLOW_KMEM_ACCESS 0x00010000 /* reserved, not used yet */
[2b2563d]	235	#define PR_ALLOW_ALL_STATIC 0x000183ff
	236
	237	/*
	238	* PR_ALLOW_DIFFERENCES determines which flags are able to be
	239	* different between the parent and child jail upon creation.
	240	*/
	241	#define PR_ALLOW_DIFFERENCES (PR_ALLOW_UNPRIV_DEBUG)
[a9153ec]	242
	243	/*
	244	* OSD methods
	245	*/
	246	#define PR_METHOD_CREATE 0
	247	#define PR_METHOD_GET 1
	248	#define PR_METHOD_SET 2
	249	#define PR_METHOD_CHECK 3
	250	#define PR_METHOD_ATTACH 4
[c40e45b]	251	#define PR_METHOD_REMOVE 5
	252	#define PR_MAXMETHOD 6
[a9153ec]	253
	254	/*
	255	* Lock/unlock a prison.
	256	* XXX These exist not so much for general convenience, but to be useable in
	257	* the FOREACH_PRISON_DESCENDANT_LOCKED macro which can't handle them in
	258	* non-function form as currently defined.
	259	*/
	260	static __inline void
	261	prison_lock(struct prison *pr)
	262	{
	263
	264	mtx_lock(&pr->pr_mtx);
	265	}
	266
	267	static __inline void
	268	prison_unlock(struct prison *pr)
	269	{
	270
	271	mtx_unlock(&pr->pr_mtx);
	272	}
	273
	274	/* Traverse a prison's immediate children. */
	275	#define FOREACH_PRISON_CHILD(ppr, cpr) \
	276	LIST_FOREACH(cpr, &(ppr)->pr_children, pr_sibling)
	277
	278	/*
	279	* Preorder traversal of all of a prison's descendants.
	280	* This ugly loop allows the macro to be followed by a single block
	281	* as expected in a looping primitive.
	282	*/
	283	#define FOREACH_PRISON_DESCENDANT(ppr, cpr, descend) \
	284	for ((cpr) = (ppr), (descend) = 1; \
	285	((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \
	286	? LIST_FIRST(&(cpr)->pr_children) \
	287	: ((cpr) == (ppr) \
	288	? NULL \
	289	: (((descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \
	290	? LIST_NEXT(cpr, pr_sibling) \
	291	: (cpr)->pr_parent))));) \
	292	if (!(descend)) \
	293	; \
	294	else
	295
	296	/*
	297	* As above, but lock descendants on the way down and unlock on the way up.
	298	*/
	299	#define FOREACH_PRISON_DESCENDANT_LOCKED(ppr, cpr, descend) \
	300	for ((cpr) = (ppr), (descend) = 1; \
	301	((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \
	302	? LIST_FIRST(&(cpr)->pr_children) \
	303	: ((cpr) == (ppr) \
	304	? NULL \
	305	: ((prison_unlock(cpr), \
	306	(descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \
	307	? LIST_NEXT(cpr, pr_sibling) \
	308	: (cpr)->pr_parent))));) \
	309	if ((descend) ? (prison_lock(cpr), 0) : 1) \
	310	; \
	311	else
	312
	313	/*
	314	* As above, but also keep track of the level descended to.
	315	*/
	316	#define FOREACH_PRISON_DESCENDANT_LOCKED_LEVEL(ppr, cpr, descend, level)\
	317	for ((cpr) = (ppr), (descend) = 1, (level) = 0; \
	318	((cpr) = (((descend) && !LIST_EMPTY(&(cpr)->pr_children)) \
	319	? (level++, LIST_FIRST(&(cpr)->pr_children)) \
	320	: ((cpr) == (ppr) \
	321	? NULL \
	322	: ((prison_unlock(cpr), \
	323	(descend) = LIST_NEXT(cpr, pr_sibling) != NULL) \
	324	? LIST_NEXT(cpr, pr_sibling) \
	325	: (level--, (cpr)->pr_parent)))));) \
	326	if ((descend) ? (prison_lock(cpr), 0) : 1) \
	327	; \
	328	else
	329
	330	/*
	331	* Attributes of the physical system, and the root of the jail tree.
	332	*/
	333	extern struct prison prison0;
	334
	335	TAILQ_HEAD(prisonlist, prison);
	336	extern struct prisonlist allprison;
	337	extern struct sx allprison_lock;
	338
	339	/*
	340	* Sysctls to describe jail parameters.
	341	*/
	342	SYSCTL_DECL(_security_jail_param);
	343
	344	#define SYSCTL_JAIL_PARAM(module, param, type, fmt, descr) \
	345	SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \
	346	(type) \| CTLFLAG_MPSAFE, NULL, 0, sysctl_jail_param, fmt, descr)
	347	#define SYSCTL_JAIL_PARAM_STRING(module, param, access, len, descr) \
	348	SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \
	349	CTLTYPE_STRING \| CTLFLAG_MPSAFE \| (access), NULL, len, \
	350	sysctl_jail_param, "A", descr)
	351	#define SYSCTL_JAIL_PARAM_STRUCT(module, param, access, len, fmt, descr)\
	352	SYSCTL_PROC(_security_jail_param ## module, OID_AUTO, param, \
	353	CTLTYPE_STRUCT \| CTLFLAG_MPSAFE \| (access), NULL, len, \
	354	sysctl_jail_param, fmt, descr)
	355	#define SYSCTL_JAIL_PARAM_NODE(module, descr) \
	356	SYSCTL_NODE(_security_jail_param, OID_AUTO, module, 0, 0, descr)
[66659ff]	357	#define SYSCTL_JAIL_PARAM_SUBNODE(parent, module, descr) \
	358	SYSCTL_NODE(_security_jail_param_##parent, OID_AUTO, module, 0, 0, descr)
[a9153ec]	359	#define SYSCTL_JAIL_PARAM_SYS_NODE(module, access, descr) \
	360	SYSCTL_JAIL_PARAM_NODE(module, descr); \
	361	SYSCTL_JAIL_PARAM(_##module, , CTLTYPE_INT \| (access), "E,jailsys", \
	362	descr)
	363
	364	/*
	365	* Kernel support functions for jail().
	366	*/
	367	struct ucred;
	368	struct mount;
	369	struct sockaddr;
	370	struct statfs;
[bcdce02]	371	struct vfsconf;
[36e8ad4]	372	#ifndef __rtems__
[a9153ec]	373	int jailed(struct ucred *cred);
[36e8ad4]	374	#else /* __rtems__ */
	375	static inline int
	376	jailed(struct ucred *cred)
	377	{
	378
	379	(void)cred;
	380	return (0);
	381	}
	382	#endif /* __rtems__ */
	383	#ifndef __rtems__
[a9153ec]	384	int jailed_without_vnet(struct ucred *);
[36e8ad4]	385	#else /* __rtems__ */
	386	static inline int
	387	jailed_without_vnet(struct ucred *cred)
	388	{
	389
	390	(void)cred;
	391	return (0);
	392	}
	393	#endif /* __rtems__ */
[a9153ec]	394	void getcredhostname(struct ucred , char , size_t);
	395	void getcreddomainname(struct ucred , char , size_t);
	396	void getcredhostuuid(struct ucred , char , size_t);
[36e8ad4]	397	#ifndef __rtems__
[a9153ec]	398	void getcredhostid(struct ucred , unsigned long );
[36e8ad4]	399	#else /* __rtems__ */
	400	static inline void
	401	getcredhostid(struct ucred cred, unsigned long hostid)
	402	{
	403
	404	(void)cred;
	405	*hostid = 0;
	406	}
	407	#endif /* __rtems__ */
[c40e45b]	408	void prison0_init(void);
[a9153ec]	409	int prison_allow(struct ucred *, unsigned);
[36e8ad4]	410	#ifndef __rtems__
[a9153ec]	411	int prison_check(struct ucred cred1, struct ucred cred2);
[36e8ad4]	412	#else /* __rtems__ */
	413	static inline int
	414	prison_check(struct ucred cred1, struct ucred cred2)
	415	{
	416
	417	(void)cred1;
	418	(void)cred2;
	419	return (0);
	420	}
	421	#endif /* __rtems__ */
[a9153ec]	422	int prison_owns_vnet(struct ucred *);
	423	int prison_canseemount(struct ucred cred, struct mount mp);
	424	void prison_enforce_statfs(struct ucred cred, struct mount mp,
	425	struct statfs *sp);
	426	struct prison *prison_find(int prid);
	427	struct prison prison_find_child(struct prison , int);
	428	struct prison prison_find_name(struct prison , const char *);
[36e8ad4]	429	#ifndef __rtems__
[a9153ec]	430	int prison_flag(struct ucred *, unsigned);
[36e8ad4]	431	#else /* __rtems__ */
	432	static inline int
	433	prison_flag(struct ucred *cred, unsigned flag)
	434	{
	435
	436	(void)cred;
	437	return (prison0.pr_flags & flag);
	438	}
	439	#endif /* __rtems__ */
	440	#ifndef __rtems__
[a9153ec]	441	void prison_free(struct prison *pr);
[36e8ad4]	442	#else /* __rtems__ */
	443	static inline void
	444	prison_free(struct prison *pr)
	445	{
	446
	447	(void)pr;
	448	}
	449	#endif /* __rtems__ */
[a9153ec]	450	void prison_free_locked(struct prison *pr);
[36e8ad4]	451	#ifndef __rtems__
[a9153ec]	452	void prison_hold(struct prison *pr);
[36e8ad4]	453	#else /* __rtems__ */
	454	static inline void
	455	prison_hold(struct prison *pr)
	456	{
	457
	458	(void)pr;
	459	}
	460	#endif /* __rtems__ */
[a9153ec]	461	void prison_hold_locked(struct prison *pr);
	462	void prison_proc_hold(struct prison *);
	463	void prison_proc_free(struct prison *);
	464	int prison_ischild(struct prison , struct prison );
[69b29a0]	465	#ifndef __rtems__
[a9153ec]	466	int prison_equal_ip4(struct prison , struct prison );
[69b29a0]	467	#else /* __rtems__ */
	468	#define prison_equal_ip4(p1, p2) 1
	469	#endif /* __rtems__ */
[36e8ad4]	470	#ifndef __rtems__
[a9153ec]	471	int prison_get_ip4(struct ucred cred, struct in_addr ia);
[36e8ad4]	472	#else /* __rtems__ */
	473	static inline int
	474	prison_get_ip4(struct ucred cred, struct in_addr ia)
	475	{
	476
	477	(void)cred;
	478	(void)ia;
	479	return (EAFNOSUPPORT);
	480	}
	481	#endif /* __rtems__ */
	482	#ifndef __rtems__
[a9153ec]	483	int prison_local_ip4(struct ucred cred, struct in_addr ia);
[36e8ad4]	484	#else /* __rtems__ */
	485	static inline int
	486	prison_local_ip4(struct ucred cred, struct in_addr ia)
	487	{
	488
	489	(void)cred;
	490	(void)ia;
	491	return (0);
	492	}
	493	#endif /* __rtems__ */
	494	#ifndef __rtems__
[a9153ec]	495	int prison_remote_ip4(struct ucred cred, struct in_addr ia);
[36e8ad4]	496	#else /* __rtems__ */
	497	static inline int
	498	prison_remote_ip4(struct ucred cred, struct in_addr ia)
	499	{
	500
	501	(void)cred;
	502	(void)ia;
	503	return (0);
	504	}
	505	#endif /* __rtems__ */
	506	#ifndef __rtems__
[c40e45b]	507	int prison_check_ip4(const struct ucred , const struct in_addr );
[36e8ad4]	508	#else /* __rtems__ */
	509	static inline int
	510	prison_check_ip4(const struct ucred cred, const struct in_addr ia)
	511	{
	512
	513	(void)cred;
	514	(void)ia;
	515	return (0);
	516	}
	517	#endif /* __rtems__ */
[c40e45b]	518	int prison_check_ip4_locked(const struct prison , const struct in_addr );
[36e8ad4]	519	#ifndef __rtems__
[a9153ec]	520	int prison_saddrsel_ip4(struct ucred , struct in_addr );
[36e8ad4]	521	#else /* __rtems__ */
	522	static inline int
	523	prison_saddrsel_ip4(struct ucred cred, struct in_addr ia)
	524	{
	525
	526	(void)cred;
	527	(void)ia;
	528	return (1);
	529	}
	530	#endif /* __rtems__ */
[c40e45b]	531	int prison_restrict_ip4(struct prison , struct in_addr );
	532	int prison_qcmp_v4(const void , const void );
[a9153ec]	533	#ifdef INET6
[69b29a0]	534	#ifndef __rtems__
[a9153ec]	535	int prison_equal_ip6(struct prison , struct prison );
[69b29a0]	536	#else /* __rtems__ */
	537	#define prison_equal_ip6(p1, p2) 1
	538	#endif /* __rtems__ */
[36e8ad4]	539	#ifndef __rtems__
[a9153ec]	540	int prison_get_ip6(struct ucred , struct in6_addr );
[36e8ad4]	541	#else /* __rtems__ */
	542	static inline int
	543	prison_get_ip6(struct ucred cred, struct in6_addr ia6)
	544	{
	545
	546	(void)cred;
	547	(void)ia6;
	548	return (EAFNOSUPPORT);
	549	}
	550	#endif /* __rtems__ */
	551	#ifndef __rtems__
[a9153ec]	552	int prison_local_ip6(struct ucred , struct in6_addr , int);
[36e8ad4]	553	#else /* __rtems__ */
	554	static inline int
	555	prison_local_ip6(struct ucred cred, struct in6_addr ia6, int v6only)
	556	{
	557
	558	(void)cred;
	559	(void)ia6;
	560	(void)v6only;
	561	return (0);
	562	}
	563	#endif /* __rtems__ */
	564	#ifndef __rtems__
[a9153ec]	565	int prison_remote_ip6(struct ucred , struct in6_addr );
[36e8ad4]	566	#else /* __rtems__ */
	567	static inline int
	568	prison_remote_ip6(struct ucred cred, struct in6_addr ia6)
	569	{
	570
	571	(void)cred;
	572	(void)ia6;
	573	return (0);
	574	}
	575	#endif /* __rtems__ */
	576	#ifndef __rtems__
[c40e45b]	577	int prison_check_ip6(const struct ucred , const struct in6_addr );
[36e8ad4]	578	#else /* __rtems__ */
	579	static inline int
	580	prison_check_ip6(const struct ucred cred, const struct in6_addr ia6)
	581	{
	582
	583	(void)cred;
	584	(void)ia6;
	585	return (0);
	586	}
	587	#endif /* __rtems__ */
[c40e45b]	588	int prison_check_ip6_locked(const struct prison , const struct in6_addr );
[36e8ad4]	589	#ifndef __rtems__
[a9153ec]	590	int prison_saddrsel_ip6(struct ucred , struct in6_addr );
[36e8ad4]	591	#else /* __rtems__ */
	592	static inline int
	593	prison_saddrsel_ip6(struct ucred cred, struct in6_addr ia6)
	594	{
	595
	596	(void)cred;
	597	(void)ia6;
	598	return (EAFNOSUPPORT);
	599	}
	600	#endif /* __rtems__ */
[c40e45b]	601	int prison_restrict_ip6(struct prison , struct in6_addr );
	602	int prison_qcmp_v6(const void , const void );
[a9153ec]	603	#endif
[36e8ad4]	604	#ifndef __rtems__
[a9153ec]	605	int prison_check_af(struct ucred *cred, int af);
[36e8ad4]	606	#else /* __rtems__ */
	607	static inline int
	608	prison_check_af(struct ucred *cred, int af)
	609	{
	610
	611	(void)cred;
	612	(void)af;
	613	return (0);
	614	}
	615	#endif /* __rtems__ */
	616	#ifndef __rtems__
[a9153ec]	617	int prison_if(struct ucred cred, struct sockaddr sa);
[36e8ad4]	618	#else /* __rtems__ */
	619	static inline int
	620	prison_if(struct ucred cred, struct sockaddr sa)
	621	{
	622
	623	(void)cred;
	624	(void)sa;
	625	return (0);
	626	}
	627	#endif /* __rtems__ */
[a9153ec]	628	char prison_name(struct prison , struct prison *);
	629	int prison_priv_check(struct ucred *cred, int priv);
[66659ff]	630	int sysctl_jail_param(SYSCTL_HANDLER_ARGS);
[3489e3b]	631	unsigned prison_add_allow(const char prefix, const char name,
	632	const char prefix_descr, const char descr);
[bcdce02]	633	void prison_add_vfs(struct vfsconf *vfsp);
[66659ff]	634	void prison_racct_foreach(void (callback)(struct racct racct,
[c40e45b]	635	void arg2, void arg3), void (pre)(void), void (post)(void),
	636	void arg2, void arg3);
[66659ff]	637	struct prison_racct prison_racct_find(const char name);
	638	void prison_racct_hold(struct prison_racct *prr);
	639	void prison_racct_free(struct prison_racct *prr);
[a9153ec]	640
	641	#endif /* _KERNEL */
[e599318]	642	#endif /* !_SYS_JAIL_H_ */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: