source: rtems-libbsd/rtemsbsd/src/rtems-bsd-jail.c @ 8420b94

4.1155-freebsd-126-freebsd-12freebsd-9.3
Last change on this file since 8420b94 was 8420b94, checked in by Jennifer Averett <jennifer.averett@…>, on 05/08/12 at 14:14:42

Modified copyright on rtems-bsd-xxx files to be consistant with FreeBSD copyright.

  • Property mode set to 100644
File size: 8.6 KB
Line 
1/**
2 * @file
3 *
4 * @ingroup rtems_bsd_rtems
5 *
6 * @brief This object is an minimal rtems implementation of kern_jail.c.
7 */
8
9/*
10 * Copyright (c) 2009, 2010 embedded brains GmbH.  All rights reserved.
11 *
12 *  embedded brains GmbH
13 *  Obere Lagerstr. 30
14 *  82178 Puchheim
15 *  Germany
16 *  <rtems@embedded-brains.de>
17 *
18 * Redistribution and use in source and binary forms, with or without
19 * modification, are permitted provided that the following conditions
20 * are met:
21 * 1. Redistributions of source code must retain the above copyright
22 *    notice, this list of conditions and the following disclaimer.
23 * 2. Redistributions in binary form must reproduce the above copyright
24 *    notice, this list of conditions and the following disclaimer in the
25 *    documentation and/or other materials provided with the distribution.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 */
39
40#include <freebsd/machine/rtems-bsd-config.h>
41
42/*#include <freebsd/sys/types.h>
43#include <freebsd/sys/systm.h>
44#include <freebsd/sys/malloc.h>
45#include <freebsd/sys/jail.h>
46#include <freebsd/sys/lock.h>
47#include <freebsd/sys/mutex.h>*/
48
49#include <freebsd/sys/param.h>
50#include <freebsd/sys/types.h>
51#include <freebsd/sys/kernel.h>
52#include <freebsd/sys/systm.h>
53#include <freebsd/sys/errno.h>
54#include <freebsd/sys/sysproto.h>
55#include <freebsd/sys/malloc.h>
56#include <freebsd/sys/osd.h>
57#include <freebsd/sys/priv.h>
58#include <freebsd/sys/proc.h>
59#include <freebsd/sys/taskqueue.h>
60#include <freebsd/sys/fcntl.h>
61#include <freebsd/sys/jail.h>
62#include <freebsd/sys/lock.h>
63#include <freebsd/sys/mutex.h>
64#include <freebsd/sys/sx.h>
65#include <freebsd/sys/sysent.h>
66#include <freebsd/sys/namei.h>
67#include <freebsd/sys/mount.h>
68#include <freebsd/sys/queue.h>
69#include <freebsd/sys/socket.h>
70#include <freebsd/sys/syscallsubr.h>
71#include <freebsd/sys/sysctl.h>
72
73#define DEFAULT_HOSTUUID  "00000000-0000-0000-0000-000000000000"
74
75/* Keep struct prison prison0 and some code in kern_jail_set() readable. */
76#ifdef INET
77#ifdef INET6
78#define _PR_IP_SADDRSEL PR_IP4_SADDRSEL|PR_IP6_SADDRSEL
79#else
80#define _PR_IP_SADDRSEL PR_IP4_SADDRSEL
81#endif
82#else /* !INET */
83#ifdef INET6
84#define _PR_IP_SADDRSEL PR_IP6_SADDRSEL
85#else
86#define _PR_IP_SADDRSEL 0
87#endif
88#endif
89
90/* prison0 describes what is "real" about the system. */
91struct prison prison0 = {
92  .pr_id    = 0,
93  .pr_name  = "0",
94  .pr_ref   = 1,
95  .pr_uref  = 1,
96  .pr_path  = "/",
97  .pr_securelevel = -1,
98  .pr_childmax  = JAIL_MAX,
99  .pr_hostuuid  = DEFAULT_HOSTUUID,
100  .pr_children  = LIST_HEAD_INITIALIZER(prison0.pr_children),
101#ifdef VIMAGE
102  .pr_flags = PR_HOST|PR_VNET|_PR_IP_SADDRSEL,
103#else
104  .pr_flags = PR_HOST|_PR_IP_SADDRSEL,
105#endif
106  .pr_allow = PR_ALLOW_ALL,
107};
108MTX_SYSINIT(prison0, &prison0.pr_mtx, "jail mutex", MTX_DEF);
109
110/*
111 * See if a prison has the specific flag set.
112 */
113int
114prison_flag(struct ucred *cred, unsigned flag)
115{
116  /* This is an atomic read, so no locking is necessary. */
117  return (cred->cr_prison->pr_flags & flag);
118}
119
120void
121prison_free(struct prison *pr)
122{
123}
124
125void
126prison_hold(struct prison *pr)
127{
128}
129
130/*
131 * Check if given address belongs to the jail referenced by cred (wrapper to
132 * prison_check_ip[46]).
133 *
134 * Returns 0 if jail doesn't restrict the address family or if address belongs
135 * to jail, EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if
136 * the jail doesn't allow the address family.  IPv4 Address passed in in NBO.
137 */
138int
139prison_if(struct ucred *cred, struct sockaddr *sa)
140{
141  return 0;
142}
143
144/*
145 * Return 1 if we should do proper source address selection or are not jailed.
146 * We will return 0 if we should bypass source address selection in favour
147 * of the primary jail IPv6 address. Only in this case *ia will be updated and
148 * returned in NBO.
149 * Return EAFNOSUPPORT, in case this jail does not allow IPv6.
150 */
151int
152prison_saddrsel_ip6(struct ucred *cred, struct in6_addr *ia6)
153{
154  return EAFNOSUPPORT;
155}
156
157/*
158 * Return true if pr1 and pr2 have the same IPv4 address restrictions.
159 */
160int
161prison_equal_ip4(struct prison *pr1, struct prison *pr2)
162{
163  return 1;
164}
165
166/*
167 * Check if given address belongs to the jail referenced by cred/prison.
168 *
169 * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
170 * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
171 * doesn't allow IPv4.  Address passed in in NBO.
172 */
173int
174prison_check_ip4(struct ucred *cred, struct in_addr *ia)
175{
176  return 0;
177}
178
179/*
180 * Assuming 0 means no restrictions.
181 *
182 * NOTE: RTEMS does not restrict via a jail so return 0.
183 */
184int
185prison_check_ip6(struct ucred *cred, struct in6_addr *ia6)
186{
187  return 0;
188}
189
190/*
191 * Make sure our (source) address is set to something meaningful to this
192 * jail.
193 *
194 * Returns 0 if jail doesn't restrict IPv4 or if address belongs to jail,
195 * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
196 * doesn't allow IPv4.  Address passed in in NBO and returned in NBO.
197 */
198int
199prison_local_ip4(struct ucred *cred, struct in_addr *ia)
200{
201  return EAFNOSUPPORT;
202}
203
204/*
205 * Rewrite destination address in case we will connect to loopback address.
206 *
207 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
208 * Address passed in in NBO and returned in NBO.
209 */
210int
211prison_remote_ip4(struct ucred *cred, struct in_addr *ia)
212{
213  return EAFNOSUPPORT;
214}
215
216/*
217 * Return true if pr1 and pr2 have the same IPv6 address restrictions.
218 */
219int
220prison_equal_ip6(struct prison *pr1, struct prison *pr2)
221{
222  return 1;
223}
224
225/*
226 * Make sure our (source) address is set to something meaningful to this jail.
227 *
228 * v6only should be set based on (inp->inp_flags & IN6P_IPV6_V6ONLY != 0)
229 * when needed while binding.
230 *
231 * Returns 0 if jail doesn't restrict IPv6 or if address belongs to jail,
232 * EADDRNOTAVAIL if the address doesn't belong, or EAFNOSUPPORT if the jail
233 * doesn't allow IPv6.
234 *
235 * NOTE: RTEMS does not restrict via a jail so return 0.
236 */
237int
238prison_local_ip6(struct ucred *cred, struct in6_addr *ia6, int v6only)
239{
240  return 0;
241}
242
243/*
244 * Rewrite destination address in case we will connect to loopback address.
245 *
246 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
247 *
248 * NOTE: RTEMS does not restrict via a jail so return 0.
249 */
250int
251prison_remote_ip6(struct ucred *cred, struct in6_addr *ia6)
252{
253  return 0;
254}
255
256/*
257 * Return 1 if we should do proper source address selection or are not jailed.
258 * We will return 0 if we should bypass source address selection in favour
259 * of the primary jail IPv4 address. Only in this case *ia will be updated and
260 * returned in NBO.
261 * Return EAFNOSUPPORT, in case this jail does not allow IPv4.
262 */
263int
264prison_saddrsel_ip4(struct ucred *cred, struct in_addr *ia)
265{
266}
267
268/*
269 * Pass back primary IPv4 address of this jail.
270 *
271 * If not restricted return success but do not alter the address.  Caller has
272 * to make sure to initialize it correctly (e.g. INADDR_ANY).
273 *
274 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv4.
275 * Address returned in NBO.
276 */
277int
278prison_get_ip4(struct ucred *cred, struct in_addr *ia)
279{
280  return 0;
281}
282
283/*
284 * Return 1 if the passed credential is in a jail and that jail does not
285 * have its own virtual network stack, otherwise 0.
286 */
287int
288jailed_without_vnet(struct ucred *cred)
289{
290  return 0;
291}
292
293/*
294 * Pass back primary IPv6 address for this jail.
295 *
296 * If not restricted return success but do not alter the address.  Caller has
297 * to make sure to initialize it correctly (e.g. IN6ADDR_ANY_INIT).
298 *
299 * Returns 0 on success, EAFNOSUPPORT if the jail doesn't allow IPv6.
300 */
301int
302prison_get_ip6(struct ucred *cred, struct in6_addr *ia6)
303{
304  return 0;
305}
306/*
307 * Return 0 if jails permit p1 to frob p2, otherwise ESRCH.
308 */
309int
310prison_check(struct ucred *cred1, struct ucred *cred2)
311{
312  return 0;
313}
314
315/*
316 * Check if a jail supports the given address family.
317 *
318 * Returns 0 if not jailed or the address family is supported, EAFNOSUPPORT
319 * if not.
320 */
321int
322prison_check_af(struct ucred *cred, int af)
323{
324  return 0;
325}
326
327/*
328 * Return 1 if the passed credential is in a jail, otherwise 0.
329 */
330int
331jailed(struct ucred *cred)
332{
333  return 0;
334}
Note: See TracBrowser for help on using the repository browser.