[dragonfly.git] / sys / kern / kern_jail.c

/*
 * ----------------------------------------------------------------------------
 * "THE BEER-WARE LICENSE" (Revision 42):
 * <phk@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
 * can do whatever you want with this stuff. If we meet some day, and you think
 * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
 * ----------------------------------------------------------------------------
 *
 */
/*-
 * Copyright (c) 2006 Victor Balada Diaz <victor@bsdes.net>
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */


/*
 * $FreeBSD: src/sys/kern/kern_jail.c,v 1.6.2.3 2001/08/17 01:00:26 rwatson Exp $
 * $DragonFly: src/sys/kern/kern_jail.c,v 1.19 2008/05/17 18:20:33 dillon Exp $
 */

#include "opt_inet6.h"

#include <sys/param.h>
#include <sys/types.h>
#include <sys/kernel.h>
#include <sys/systm.h>
#include <sys/errno.h>
#include <sys/sysproto.h>
#include <sys/malloc.h>
#include <sys/nlookup.h>
#include <sys/namecache.h>
#include <sys/proc.h>
#include <sys/priv.h>
#include <sys/jail.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <sys/kern_syscall.h>
#include <net/if.h>
#include <netinet/in.h>
#include <netinet6/in6_var.h>

static struct prison	*prison_find(int);
static void		prison_ipcache_init(struct prison *);

MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");

SYSCTL_NODE(, OID_AUTO, jail, CTLFLAG_RW, 0,
    "Jail rules");

int	jail_set_hostname_allowed = 1;
SYSCTL_INT(_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
    &jail_set_hostname_allowed, 0,
    "Processes in jail can set their hostnames");

int	jail_socket_unixiproute_only = 1;
SYSCTL_INT(_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
    &jail_socket_unixiproute_only, 0,
    "Processes in jail are limited to creating UNIX/IPv[46]/route sockets only");

int	jail_sysvipc_allowed = 0;
SYSCTL_INT(_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
    &jail_sysvipc_allowed, 0,
    "Processes in jail can use System V IPC primitives");

int    jail_chflags_allowed = 0;
SYSCTL_INT(_jail, OID_AUTO, chflags_allowed, CTLFLAG_RW,
    &jail_chflags_allowed, 0,
    "Process in jail can set chflags(1)");

int    jail_allow_raw_sockets = 0;
SYSCTL_INT(_jail, OID_AUTO, allow_raw_sockets, CTLFLAG_RW,
    &jail_allow_raw_sockets, 0,
    "Process in jail can create raw sockets");

int	lastprid = 0;
int	prisoncount = 0;

LIST_HEAD(prisonlist, prison);
struct	prisonlist allprison = LIST_HEAD_INITIALIZER(&allprison);

static int
kern_jail_attach(int jid)
{
	struct proc *p = curthread->td_proc;
	struct prison *pr;
	int error;

	pr = prison_find(jid);
	if (pr == NULL)
		return(EINVAL);

	error = kern_chroot(&pr->pr_root);
	if (error)
		return(error);

	prison_hold(pr);
	cratom(&p->p_ucred);
	p->p_ucred->cr_prison = pr;
	p->p_flag |= P_JAILED;

	return(0);
}

static int
assign_prison_id(struct prison *pr)
{
	int tryprid;
	struct prison *tpr;

	tryprid = lastprid + 1;
	if (tryprid == JAIL_MAX)
		tryprid = 1;
next:
	LIST_FOREACH(tpr, &allprison, pr_list) {
		if (tpr->pr_id != tryprid)
			continue;
		tryprid++;
		if (tryprid == JAIL_MAX) {
			return (ERANGE);
		}
		goto next;
	}
	pr->pr_id = lastprid = tryprid;

	return (0);
}

static int
kern_jail(struct prison *pr, struct jail *j)
{
	int error;
	struct nlookupdata nd;

	error = nlookup_init(&nd, j->path, UIO_USERSPACE, NLC_FOLLOW);
	if (error) {
		nlookup_done(&nd);
		return (error);
	}
	error = nlookup(&nd);
	if (error) {
		nlookup_done(&nd);
		return (error);
	}
	cache_copy(&nd.nl_nch, &pr->pr_root);

	varsymset_init(&pr->pr_varsymset, NULL);
	prison_ipcache_init(pr);

	error = assign_prison_id(pr);
	if (error) {
		varsymset_clean(&pr->pr_varsymset);
		nlookup_done(&nd);
		return (error);
	}
		
	LIST_INSERT_HEAD(&allprison, pr, pr_list);
	prisoncount++;

	error = kern_jail_attach(pr->pr_id);
	if (error) {
		LIST_REMOVE(pr, pr_list);
		varsymset_clean(&pr->pr_varsymset);
	}
	nlookup_done(&nd);
	return (error);
}

/*
 * jail()
 *
 * jail_args(syscallarg(struct jail *) jail)
 */
int
sys_jail(struct jail_args *uap)
{
	struct thread *td = curthread;
	struct prison *pr;
	struct jail_ip_storage *jip;
	struct jail j;
	int error;
	uint32_t jversion;

	uap->sysmsg_result = -1;

	error = priv_check(td, PRIV_JAIL_CREATE);
	if (error)
		return (error);

	error = copyin(uap->jail, &jversion, sizeof(jversion));
	if (error)
		return (error);

	pr = kmalloc(sizeof(*pr), M_PRISON, M_WAITOK | M_ZERO);
	SLIST_INIT(&pr->pr_ips);

	switch (jversion) {
	case 0:
		/* Single IPv4 jails. */
		{
		struct jail_v0 jv0;
		struct sockaddr_in ip4addr;

		error = copyin(uap->jail, &jv0, sizeof(jv0));
		if (error)
			goto out;

		j.path = jv0.path;
		j.hostname = jv0.hostname; 

		jip = kmalloc(sizeof(*jip),  M_PRISON, M_WAITOK | M_ZERO);
		ip4addr.sin_family = AF_INET;
		ip4addr.sin_addr.s_addr = htonl(jv0.ip_number);
		memcpy(&jip->ip, &ip4addr, sizeof(ip4addr));
		SLIST_INSERT_HEAD(&pr->pr_ips, jip, entries);
		break;
		}

	case 1:
		/*
		 * DragonFly multi noIP/IPv4/IPv6 jails
		 *
		 * NOTE: This version is unsupported by FreeBSD
		 * (which uses version 2 instead).
		 */

		error = copyin(uap->jail, &j, sizeof(j));
		if (error)
			goto out;

		for (int i = 0; i < j.n_ips; i++) {
			jip = kmalloc(sizeof(*jip), M_PRISON,
				      M_WAITOK | M_ZERO);
			SLIST_INSERT_HEAD(&pr->pr_ips, jip, entries);
			error = copyin(&j.ips[i], &jip->ip,
					sizeof(struct sockaddr_storage));
			if (error)
				goto out;
		}
		break;
	default:
		error = EINVAL;
		goto out;
	}

	error = copyinstr(j.hostname, &pr->pr_host, sizeof(pr->pr_host), 0);
	if (error)
		goto out;

	error = kern_jail(pr, &j);
	if (error)
		goto out;

	uap->sysmsg_result = pr->pr_id;
	return (0);

out:
	/* Delete all ips */
	while (!SLIST_EMPTY(&pr->pr_ips)) {
		jip = SLIST_FIRST(&pr->pr_ips);
		SLIST_REMOVE_HEAD(&pr->pr_ips, entries);
		kfree(jip, M_PRISON);
	}
	kfree(pr, M_PRISON);
	return (error);
}

/*
 * int jail_attach(int jid);
 */
int
sys_jail_attach(struct jail_attach_args *uap)
{
	struct thread *td = curthread;
	int error;

	error = priv_check(td, PRIV_JAIL_ATTACH);
	if (error)
		return(error);

	return(kern_jail_attach(uap->jid));
}

static void
prison_ipcache_init(struct prison *pr)
{
	struct jail_ip_storage *jis;
	struct sockaddr_in *ip4;
	struct sockaddr_in6 *ip6;

	SLIST_FOREACH(jis, &pr->pr_ips, entries) {
		switch (jis->ip.ss_family) {
		case AF_INET:
			ip4 = (struct sockaddr_in *)&jis->ip;
			if ((ntohl(ip4->sin_addr.s_addr) >> IN_CLASSA_NSHIFT) ==
			    IN_LOOPBACKNET) {
				/* loopback address */
				if (pr->local_ip4 == NULL)
					pr->local_ip4 = ip4;
			} else {
				/* public address */
				if (pr->nonlocal_ip4 == NULL)
					pr->nonlocal_ip4 = ip4;
			}
			break;

		case AF_INET6:
			ip6 = (struct sockaddr_in6 *)&jis->ip;
			if (IN6_IS_ADDR_LOOPBACK(&ip6->sin6_addr)) {
				/* loopback address */
				if (pr->local_ip6 == NULL)
					pr->local_ip6 = ip6;
			} else {
				/* public address */
				if (pr->nonlocal_ip6 == NULL)
					pr->nonlocal_ip6 = ip6;
			}
			break;
		}
	}
}

/* 
 * Changes INADDR_LOOPBACK for a valid jail address.
 * ip is in network byte order.
 * Returns 1 if the ip is among jail valid ips.
 * Returns 0 if is not among jail valid ips or
 * if couldn't replace INADDR_LOOPBACK for a valid
 * IP.
 */
int
prison_replace_wildcards(struct thread *td, struct sockaddr *ip)
{
	struct sockaddr_in *ip4 = (struct sockaddr_in *)ip;
	struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)ip;
	struct prison *pr;

	if (td->td_proc == NULL)
		return (1);
	if ((pr = td->td_proc->p_ucred->cr_prison) == NULL)
		return (1);

	if ((ip->sa_family == AF_INET &&
	    ip4->sin_addr.s_addr == htonl(INADDR_ANY)) ||
	    (ip->sa_family == AF_INET6 &&
	    IN6_IS_ADDR_UNSPECIFIED(&ip6->sin6_addr)))
		return (1);
	if ((ip->sa_family == AF_INET &&
	    ip4->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) ||
	    (ip->sa_family == AF_INET6 &&
	    IN6_IS_ADDR_LOOPBACK(&ip6->sin6_addr))) {
		if (!prison_get_local(pr, ip->sa_family, ip) &&
		    !prison_get_nonlocal(pr, ip->sa_family, ip))
			return(0);
		else
			return(1);
	}
	if (jailed_ip(pr, ip))
		return(1);
	return(0);
}

int
prison_remote_ip(struct thread *td, struct sockaddr *ip)
{
	struct sockaddr_in *ip4 = (struct sockaddr_in *)ip;
	struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)ip;
	struct prison *pr;

	if (td == NULL || td->td_proc == NULL)
		return(1);
	if ((pr = td->td_proc->p_ucred->cr_prison) == NULL)
		return(1);
	if ((ip->sa_family == AF_INET &&
	    ip4->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) ||
	    (ip->sa_family == AF_INET6 &&
	    IN6_IS_ADDR_LOOPBACK(&ip6->sin6_addr))) {
		if (!prison_get_local(pr, ip->sa_family, ip) &&
		    !prison_get_nonlocal(pr, ip->sa_family, ip))
			return(0);
		else
			return(1);
	}
	return(1);
}

/*
 * Prison get non loopback ip:
 * - af is the address family of the ip we want (AF_INET|AF_INET6).
 * - If ip != NULL, put the first IP address that is not a loopback address
 *   into *ip.
 *
 * ip is in network by order and we don't touch it unless we find a valid ip.
 * No matter if ip == NULL or not, we return either a valid struct sockaddr *,
 * or NULL.  This struct may not be modified.
 */
struct sockaddr *
prison_get_nonlocal(struct prison *pr, sa_family_t af, struct sockaddr *ip)
{
	struct sockaddr_in *ip4 = (struct sockaddr_in *)ip;
	struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)ip;

	/* Check if it is cached */
	switch(af) {
	case AF_INET:
		if (ip4 != NULL && pr->nonlocal_ip4 != NULL)
			ip4->sin_addr.s_addr = pr->nonlocal_ip4->sin_addr.s_addr;
		return (struct sockaddr *)pr->nonlocal_ip4;

	case AF_INET6:
		if (ip6 != NULL && pr->nonlocal_ip6 != NULL)
			ip6->sin6_addr = pr->nonlocal_ip6->sin6_addr;
		return (struct sockaddr *)pr->nonlocal_ip6;
	}

	/* NOTREACHED */
	return NULL;
}

/*
 * Prison get loopback ip.
 * - af is the address family of the ip we want (AF_INET|AF_INET6).
 * - If ip != NULL, put the first IP address that is not a loopback address
 *   into *ip.
 *
 * ip is in network by order and we don't touch it unless we find a valid ip.
 * No matter if ip == NULL or not, we return either a valid struct sockaddr *,
 * or NULL.  This struct may not be modified.
 */
struct sockaddr *
prison_get_local(struct prison *pr, sa_family_t af, struct sockaddr *ip)
{
	struct sockaddr_in *ip4 = (struct sockaddr_in *)ip;
	struct sockaddr_in6 *ip6 = (struct sockaddr_in6 *)ip;

	/* Check if it is cached */
	switch(af) {
	case AF_INET:
		if (ip4 != NULL && pr->local_ip4 != NULL)
			ip4->sin_addr.s_addr = pr->local_ip4->sin_addr.s_addr;
		return (struct sockaddr *)pr->local_ip4;

	case AF_INET6:
		if (ip6 != NULL && pr->local_ip6 != NULL)
			ip6->sin6_addr = pr->local_ip6->sin6_addr;
		return (struct sockaddr *)pr->local_ip6;
	}

	/* NOTREACHED */
	return NULL;
}

/* Check if the IP is among ours, if it is return 1, else 0 */
int
jailed_ip(struct prison *pr, struct sockaddr *ip)
{
	struct jail_ip_storage *jis;
	struct sockaddr_in *jip4, *ip4;
	struct sockaddr_in6 *jip6, *ip6;

	if (pr == NULL)
		return(0);
	ip4 = (struct sockaddr_in *)ip;
	ip6 = (struct sockaddr_in6 *)ip;
	SLIST_FOREACH(jis, &pr->pr_ips, entries) {
		switch (ip->sa_family) {
		case AF_INET:
			jip4 = (struct sockaddr_in *) &jis->ip;
			if (jip4->sin_family == AF_INET &&
			    ip4->sin_addr.s_addr == jip4->sin_addr.s_addr)
				return(1);
			break;
		case AF_INET6:
			jip6 = (struct sockaddr_in6 *) &jis->ip;
			if (jip6->sin6_family == AF_INET6 &&
			    IN6_ARE_ADDR_EQUAL(&ip6->sin6_addr,
					       &jip6->sin6_addr))
				return(1);
			break;
		}
	}
	/* Ip not in list */
	return(0);
}

int
prison_if(struct ucred *cred, struct sockaddr *sa)
{
	struct prison *pr;
	struct sockaddr_in *sai = (struct sockaddr_in*) sa;

	pr = cred->cr_prison;

	if (((sai->sin_family != AF_INET) && (sai->sin_family != AF_INET6))
	    && jail_socket_unixiproute_only)
		return(1);
	else if ((sai->sin_family != AF_INET) && (sai->sin_family != AF_INET6))
		return(0);
	else if (jailed_ip(pr, sa))
		return(0);
	return(1);
}

/*
 * Returns a prison instance, or NULL on failure.
 */
static struct prison *
prison_find(int prid)
{
	struct prison *pr;

	LIST_FOREACH(pr, &allprison, pr_list) {
		if (pr->pr_id == prid)
			break;
	}
	return(pr);
}

static int
sysctl_jail_list(SYSCTL_HANDLER_ARGS)
{
	struct jail_ip_storage *jip;
#ifdef INET6
	struct sockaddr_in6 *jsin6;
#endif
	struct sockaddr_in *jsin;
	struct proc *p;
	struct prison *pr;
	unsigned int jlssize, jlsused;
	int count, error;
	char *jls; /* Jail list */
	char *oip; /* Output ip */
	char *fullpath, *freepath;

	jlsused = 0;
	p = curthread->td_proc;

	if (jailed(p->p_ucred))
		return (0);
retry:
	count = prisoncount;

	if (count == 0)
		return(0);

	jlssize = (count * 1024);
	jls = kmalloc(jlssize + 1, M_TEMP, M_WAITOK | M_ZERO);
	if (count < prisoncount) {
		kfree(jls, M_TEMP);
		goto retry;
	}
	count = prisoncount;

	LIST_FOREACH(pr, &allprison, pr_list) {
		error = cache_fullpath(p, &pr->pr_root, &fullpath, &freepath);
		if (error)
			continue;
		if (jlsused && jlsused < jlssize)
			jls[jlsused++] = '\n';
		count = ksnprintf(jls + jlsused, (jlssize - jlsused),
				 "%d %s %s", 
				 pr->pr_id, pr->pr_host, fullpath);
		kfree(freepath, M_TEMP);		
		if (count < 0)
			goto end;
		jlsused += count;

		/* Copy the IPS */
		SLIST_FOREACH(jip, &pr->pr_ips, entries) {
			jsin = (struct sockaddr_in *)&jip->ip;

			switch(jsin->sin_family) {
			case AF_INET:
				oip = inet_ntoa(jsin->sin_addr);
				break;
#ifdef INET6
			case AF_INET6:
				jsin6 = (struct sockaddr_in6 *)&jip->ip;
				oip = ip6_sprintf(&jsin6->sin6_addr);
				break;
#endif
			default:
				oip = "?family?";
				break;
			}

			if ((jlssize - jlsused) < (strlen(oip) + 1)) {
				error = ERANGE;
				goto end;
			}
			count = ksnprintf(jls + jlsused, (jlssize - jlsused),
					  " %s", oip);
			if (count < 0)
				goto end;
			jlsused += count;
		}
	}

	/* 
	 * The format is:
	 * pr_id <SPC> hostname1 <SPC> PATH1 <SPC> IP1 <SPC> IP2\npr_id...
	 */
	error = SYSCTL_OUT(req, jls, jlsused);
end:
	kfree(jls, M_TEMP);
	return(error);
}

SYSCTL_OID(_jail, OID_AUTO, list, CTLTYPE_STRING | CTLFLAG_RD, NULL, 0,
	   sysctl_jail_list, "A", "List of active jails");

void
prison_hold(struct prison *pr)
{
	pr->pr_ref++;
}

void
prison_free(struct prison *pr)
{
	struct jail_ip_storage *jls;
	KKASSERT(pr->pr_ref >= 1);

	if (--pr->pr_ref > 0)
		return;

	/* Delete all ips */
	while (!SLIST_EMPTY(&pr->pr_ips)) {
		jls = SLIST_FIRST(&pr->pr_ips);
		SLIST_REMOVE_HEAD(&pr->pr_ips, entries);
		kfree(jls, M_PRISON);
	}
	LIST_REMOVE(pr, pr_list);
	prisoncount--;

	if (pr->pr_linux != NULL)
		kfree(pr->pr_linux, M_PRISON);
	varsymset_clean(&pr->pr_varsymset);
	cache_drop(&pr->pr_root);
	kfree(pr, M_PRISON);
}

/*
 * Check if permisson for a specific privilege is granted within jail.
 */
int
prison_priv_check(struct ucred *cred, int priv)
{
	if (!jailed(cred))
		return (0);

	switch (priv) {
	case PRIV_CRED_SETUID:
	case PRIV_CRED_SETEUID:
	case PRIV_CRED_SETGID:
	case PRIV_CRED_SETEGID:
	case PRIV_CRED_SETGROUPS:
	case PRIV_CRED_SETREUID:
	case PRIV_CRED_SETREGID:
	case PRIV_CRED_SETRESUID:
	case PRIV_CRED_SETRESGID:

	case PRIV_VFS_SYSFLAGS:
	case PRIV_VFS_CHOWN:
	case PRIV_VFS_CHMOD:
	case PRIV_VFS_CHROOT:
	case PRIV_VFS_LINK:
	case PRIV_VFS_CHFLAGS_DEV:
	case PRIV_VFS_MKNOD_BAD:
	case PRIV_VFS_MKNOD_WHT:
	case PRIV_VFS_MKNOD_DIR:

	case PRIV_PROC_SETRLIMIT:
	case PRIV_PROC_SETLOGIN:

	case PRIV_SYSCTL_WRITEJAIL:

		return (0);

	default:

		return (EPERM);
	}
}
Commit	Line	Data
984263bc MD	1	/*
	2	* ----------------------------------------------------------------------------
	3	* "THE BEER-WARE LICENSE" (Revision 42):
	4	* <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
	5	* can do whatever you want with this stuff. If we meet some day, and you think
	6	* this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
	7	* ----------------------------------------------------------------------------
	8	*
3e4150ef VBD	9	*/
	10	/*-
	11	* Copyright (c) 2006 Victor Balada Diaz <victor@bsdes.net>
	12	* All rights reserved.
	13	*
	14	* Redistribution and use in source and binary forms, with or without
	15	* modification, are permitted provided that the following conditions
	16	* are met:
	17	* 1. Redistributions of source code must retain the above copyright
	18	* notice, this list of conditions and the following disclaimer.
	19	* 2. Redistributions in binary form must reproduce the above copyright
	20	* notice, this list of conditions and the following disclaimer in the
	21	* documentation and/or other materials provided with the distribution.
984263bc	22	*
3e4150ef VBD	23	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
	24	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	25	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	26	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	27	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	28	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	29	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	30	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	31	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	32	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	33	* SUCH DAMAGE.
	34	*/
	35
	36
	37	/*
	38	* $FreeBSD: src/sys/kern/kern_jail.c,v 1.6.2.3 2001/08/17 01:00:26 rwatson Exp $
7b09fb68	39	* $DragonFly: src/sys/kern/kern_jail.c,v 1.19 2008/05/17 18:20:33 dillon Exp $
984263bc MD	40	*/
984263bc MD	41
c0d74973	42	#include "opt_inet6.h"
3e4150ef	43
984263bc MD	44	#include <sys/param.h>
	45	#include <sys/types.h>
	46	#include <sys/kernel.h>
	47	#include <sys/systm.h>
	48	#include <sys/errno.h>
	49	#include <sys/sysproto.h>
	50	#include <sys/malloc.h>
b40e316c JS	51	#include <sys/nlookup.h>
b40e316c JS	52	#include <sys/namecache.h>
984263bc	53	#include <sys/proc.h>
895c1f85	54	#include <sys/priv.h>
984263bc MD	55	#include <sys/jail.h>
	56	#include <sys/socket.h>
	57	#include <sys/sysctl.h>
b40e316c	58	#include <sys/kern_syscall.h>
984263bc MD	59	#include <net/if.h>
984263bc MD	60	#include <netinet/in.h>
3e4150ef	61	#include <netinet6/in6_var.h>
984263bc	62
b40e316c	63	static struct prison *prison_find(int);
bd544276	64	static void prison_ipcache_init(struct prison *);
b40e316c	65
984263bc MD	66	MALLOC_DEFINE(M_PRISON, "prison", "Prison structures");
	67
	68	SYSCTL_NODE(, OID_AUTO, jail, CTLFLAG_RW, 0,
	69	"Jail rules");
	70
	71	int jail_set_hostname_allowed = 1;
	72	SYSCTL_INT(_jail, OID_AUTO, set_hostname_allowed, CTLFLAG_RW,
	73	&jail_set_hostname_allowed, 0,
	74	"Processes in jail can set their hostnames");
	75
	76	int jail_socket_unixiproute_only = 1;
	77	SYSCTL_INT(_jail, OID_AUTO, socket_unixiproute_only, CTLFLAG_RW,
	78	&jail_socket_unixiproute_only, 0,
3e4150ef	79	"Processes in jail are limited to creating UNIX/IPv[46]/route sockets only");
984263bc MD	80
	81	int jail_sysvipc_allowed = 0;
	82	SYSCTL_INT(_jail, OID_AUTO, sysvipc_allowed, CTLFLAG_RW,
	83	&jail_sysvipc_allowed, 0,
	84	"Processes in jail can use System V IPC primitives");
	85
b70df062 MD	86	int jail_chflags_allowed = 0;
	87	SYSCTL_INT(_jail, OID_AUTO, chflags_allowed, CTLFLAG_RW,
	88	&jail_chflags_allowed, 0,
	89	"Process in jail can set chflags(1)");
	90
7b09fb68 MD	91	int jail_allow_raw_sockets = 0;
	92	SYSCTL_INT(_jail, OID_AUTO, allow_raw_sockets, CTLFLAG_RW,
	93	&jail_allow_raw_sockets, 0,
	94	"Process in jail can create raw sockets");
	95
b40e316c JS	96	int lastprid = 0;
	97	int prisoncount = 0;
	98
	99	LIST_HEAD(prisonlist, prison);
	100	struct prisonlist allprison = LIST_HEAD_INITIALIZER(&allprison);
	101
	102	static int
	103	kern_jail_attach(int jid)
	104	{
	105	struct proc *p = curthread->td_proc;
	106	struct prison *pr;
	107	int error;
	108
	109	pr = prison_find(jid);
	110	if (pr == NULL)
	111	return(EINVAL);
	112
28623bf9	113	error = kern_chroot(&pr->pr_root);
b40e316c JS	114	if (error)
	115	return(error);
	116
	117	prison_hold(pr);
	118	cratom(&p->p_ucred);
	119	p->p_ucred->cr_prison = pr;
	120	p->p_flag \|= P_JAILED;
	121
	122	return(0);
	123	}
	124
5825b226 MN	125	static int
	126	assign_prison_id(struct prison *pr)
	127	{
	128	int tryprid;
	129	struct prison *tpr;
	130
	131	tryprid = lastprid + 1;
	132	if (tryprid == JAIL_MAX)
	133	tryprid = 1;
	134	next:
	135	LIST_FOREACH(tpr, &allprison, pr_list) {
	136	if (tpr->pr_id != tryprid)
	137	continue;
	138	tryprid++;
	139	if (tryprid == JAIL_MAX) {
	140	return (ERANGE);
	141	}
	142	goto next;
	143	}
	144	pr->pr_id = lastprid = tryprid;
	145
	146	return (0);
	147	}
	148
	149	static int
	150	kern_jail(struct prison pr, struct jail j)
	151	{
	152	int error;
	153	struct nlookupdata nd;
	154
	155	error = nlookup_init(&nd, j->path, UIO_USERSPACE, NLC_FOLLOW);
	156	if (error) {
	157	nlookup_done(&nd);
	158	return (error);
	159	}
	160	error = nlookup(&nd);
	161	if (error) {
	162	nlookup_done(&nd);
	163	return (error);
	164	}
	165	cache_copy(&nd.nl_nch, &pr->pr_root);
	166
	167	varsymset_init(&pr->pr_varsymset, NULL);
	168	prison_ipcache_init(pr);
	169
	170	error = assign_prison_id(pr);
	171	if (error) {
	172	varsymset_clean(&pr->pr_varsymset);
	173	nlookup_done(&nd);
	174	return (error);
	175	}
	176
	177	LIST_INSERT_HEAD(&allprison, pr, pr_list);
	178	prisoncount++;
	179
	180	error = kern_jail_attach(pr->pr_id);
	181	if (error) {
	182	LIST_REMOVE(pr, pr_list);
	183	varsymset_clean(&pr->pr_varsymset);
	184	}
	185	nlookup_done(&nd);
	186	return (error);
	187	}
	188
41c20dac MD	189	/*
	190	* jail()
	191	*
	192	* jail_args(syscallarg(struct jail *) jail)
	193	*/
984263bc	194	int
753fd850	195	sys_jail(struct jail_args *uap)
984263bc	196	{
dadab5e9	197	struct thread *td = curthread;
5825b226	198	struct prison *pr;
3e4150ef	199	struct jail_ip_storage *jip;
5825b226 MN	200	struct jail j;
	201	int error;
	202	uint32_t jversion;
	203
	204	uap->sysmsg_result = -1;
984263bc	205
f938e984	206	error = priv_check(td, PRIV_JAIL_CREATE);
5825b226	207	if (error)
8a506447	208	return (error);
5825b226	209
8a506447	210	error = copyin(uap->jail, &jversion, sizeof(jversion));
5825b226	211	if (error)
8a506447	212	return (error);
5825b226	213
f5b8f0d8	214	pr = kmalloc(sizeof(*pr), M_PRISON, M_WAITOK \| M_ZERO);
3e4150ef VBD	215	SLIST_INIT(&pr->pr_ips);
	216
	217	switch (jversion) {
	218	case 0:
8a506447	219	/* Single IPv4 jails. */
5825b226 MN	220	{
	221	struct jail_v0 jv0;
	222	struct sockaddr_in ip4addr;
	223
8a506447	224	error = copyin(uap->jail, &jv0, sizeof(jv0));
3e4150ef	225	if (error)
5825b226 MN	226	goto out;
	227
	228	j.path = jv0.path;
	229	j.hostname = jv0.hostname;
	230
3e4150ef VBD	231	jip = kmalloc(sizeof(*jip), M_PRISON, M_WAITOK \| M_ZERO);
	232	ip4addr.sin_family = AF_INET;
	233	ip4addr.sin_addr.s_addr = htonl(jv0.ip_number);
	234	memcpy(&jip->ip, &ip4addr, sizeof(ip4addr));
	235	SLIST_INSERT_HEAD(&pr->pr_ips, jip, entries);
	236	break;
5825b226 MN	237	}
5825b226 MN	238
3e4150ef	239	case 1:
8a506447 MN	240	/*
	241	* DragonFly multi noIP/IPv4/IPv6 jails
	242	*
	243	* NOTE: This version is unsupported by FreeBSD
	244	* (which uses version 2 instead).
	245	*/
	246
3e4150ef VBD	247	error = copyin(uap->jail, &j, sizeof(j));
3e4150ef VBD	248	if (error)
5825b226 MN	249	goto out;
	250
	251	for (int i = 0; i < j.n_ips; i++) {
	252	jip = kmalloc(sizeof(*jip), M_PRISON,
3e4150ef	253	M_WAITOK \| M_ZERO);
3e4150ef	254	SLIST_INSERT_HEAD(&pr->pr_ips, jip, entries);
5825b226 MN	255	error = copyin(&j.ips[i], &jip->ip,
	256	sizeof(struct sockaddr_storage));
	257	if (error)
	258	goto out;
3e4150ef	259	}
3e4150ef VBD	260	break;
	261	default:
	262	error = EINVAL;
5825b226	263	goto out;
3e4150ef	264	}
b40e316c	265
f5b8f0d8	266	error = copyinstr(j.hostname, &pr->pr_host, sizeof(pr->pr_host), 0);
e713d50d	267	if (error)
5825b226	268	goto out;
b40e316c	269
5825b226	270	error = kern_jail(pr, &j);
984263bc	271	if (error)
5825b226	272	goto out;
984263bc	273
61deed49	274	uap->sysmsg_result = pr->pr_id;
984263bc MD	275	return (0);
984263bc MD	276
5825b226	277	out:
3e4150ef VBD	278	/* Delete all ips */
	279	while (!SLIST_EMPTY(&pr->pr_ips)) {
	280	jip = SLIST_FIRST(&pr->pr_ips);
	281	SLIST_REMOVE_HEAD(&pr->pr_ips, entries);
81be0cb8	282	kfree(jip, M_PRISON);
3e4150ef	283	}
81be0cb8	284	kfree(pr, M_PRISON);
5825b226	285	return (error);
b40e316c JS	286	}
	287
	288	/*
	289	* int jail_attach(int jid);
	290	*/
	291	int
753fd850	292	sys_jail_attach(struct jail_attach_args *uap)
b40e316c JS	293	{
	294	struct thread *td = curthread;
	295	int error;
	296
f938e984	297	error = priv_check(td, PRIV_JAIL_ATTACH);
b40e316c JS	298	if (error)
	299	return(error);
	300
	301	return(kern_jail_attach(uap->jid));
984263bc MD	302	}
984263bc MD	303
bd544276 VBD	304	static void
	305	prison_ipcache_init(struct prison *pr)
	306	{
	307	struct jail_ip_storage *jis;
	308	struct sockaddr_in *ip4;
	309	struct sockaddr_in6 *ip6;
	310
	311	SLIST_FOREACH(jis, &pr->pr_ips, entries) {
	312	switch (jis->ip.ss_family) {
	313	case AF_INET:
	314	ip4 = (struct sockaddr_in *)&jis->ip;
	315	if ((ntohl(ip4->sin_addr.s_addr) >> IN_CLASSA_NSHIFT) ==
	316	IN_LOOPBACKNET) {
	317	/* loopback address */
	318	if (pr->local_ip4 == NULL)
	319	pr->local_ip4 = ip4;
	320	} else {
	321	/* public address */
	322	if (pr->nonlocal_ip4 == NULL)
	323	pr->nonlocal_ip4 = ip4;
	324	}
	325	break;
	326
	327	case AF_INET6:
	328	ip6 = (struct sockaddr_in6 *)&jis->ip;
	329	if (IN6_IS_ADDR_LOOPBACK(&ip6->sin6_addr)) {
	330	/* loopback address */
	331	if (pr->local_ip6 == NULL)
	332	pr->local_ip6 = ip6;
	333	} else {
	334	/* public address */
	335	if (pr->nonlocal_ip6 == NULL)
	336	pr->nonlocal_ip6 = ip6;
	337	}
	338	break;
	339	}
	340	}
	341	}
	342
3e4150ef VBD	343	/*
	344	* Changes INADDR_LOOPBACK for a valid jail address.
	345	* ip is in network byte order.
	346	* Returns 1 if the ip is among jail valid ips.
	347	* Returns 0 if is not among jail valid ips or
	348	* if couldn't replace INADDR_LOOPBACK for a valid
	349	* IP.
	350	*/
984263bc	351	int
3e4150ef	352	prison_replace_wildcards(struct thread td, struct sockaddr ip)
984263bc	353	{
3e4150ef VBD	354	struct sockaddr_in ip4 = (struct sockaddr_in )ip;
3e4150ef VBD	355	struct sockaddr_in6 ip6 = (struct sockaddr_in6 )ip;
41c20dac	356	struct prison *pr;
984263bc	357
dadab5e9	358	if (td->td_proc == NULL)
3e4150ef	359	return (1);
dadab5e9	360	if ((pr = td->td_proc->p_ucred->cr_prison) == NULL)
3e4150ef VBD	361	return (1);
	362
	363	if ((ip->sa_family == AF_INET &&
	364	ip4->sin_addr.s_addr == htonl(INADDR_ANY)) \|\|
	365	(ip->sa_family == AF_INET6 &&
	366	IN6_IS_ADDR_UNSPECIFIED(&ip6->sin6_addr)))
	367	return (1);
	368	if ((ip->sa_family == AF_INET &&
	369	ip4->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) \|\|
	370	(ip->sa_family == AF_INET6 &&
	371	IN6_IS_ADDR_LOOPBACK(&ip6->sin6_addr))) {
bd544276 VBD	372	if (!prison_get_local(pr, ip->sa_family, ip) &&
bd544276 VBD	373	!prison_get_nonlocal(pr, ip->sa_family, ip))
3e4150ef	374	return(0);
984263bc	375	else
3e4150ef	376	return(1);
984263bc	377	}
3e4150ef VBD	378	if (jailed_ip(pr, ip))
	379	return(1);
	380	return(0);
984263bc MD	381	}
984263bc MD	382
3e4150ef VBD	383	int
3e4150ef VBD	384	prison_remote_ip(struct thread td, struct sockaddr ip)
984263bc	385	{
3e4150ef VBD	386	struct sockaddr_in ip4 = (struct sockaddr_in )ip;
3e4150ef VBD	387	struct sockaddr_in6 ip6 = (struct sockaddr_in6 )ip;
41c20dac	388	struct prison *pr;
984263bc	389
dadab5e9	390	if (td == NULL \|\| td->td_proc == NULL)
3e4150ef	391	return(1);
dadab5e9	392	if ((pr = td->td_proc->p_ucred->cr_prison) == NULL)
3e4150ef VBD	393	return(1);
	394	if ((ip->sa_family == AF_INET &&
	395	ip4->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) \|\|
	396	(ip->sa_family == AF_INET6 &&
	397	IN6_IS_ADDR_LOOPBACK(&ip6->sin6_addr))) {
bd544276 VBD	398	if (!prison_get_local(pr, ip->sa_family, ip) &&
bd544276 VBD	399	!prison_get_nonlocal(pr, ip->sa_family, ip))
3e4150ef	400	return(0);
984263bc	401	else
3e4150ef VBD	402	return(1);
	403	}
	404	return(1);
	405	}
	406
	407	/*
	408	* Prison get non loopback ip:
bd544276 VBD	409	* - af is the address family of the ip we want (AF_INET\|AF_INET6).
	410	* - If ip != NULL, put the first IP address that is not a loopback address
	411	* into *ip.
	412	*
3e4150ef	413	* ip is in network by order and we don't touch it unless we find a valid ip.
bd544276 VBD	414	* No matter if ip == NULL or not, we return either a valid struct sockaddr *,
bd544276 VBD	415	* or NULL. This struct may not be modified.
3e4150ef	416	*/
bd544276 VBD	417	struct sockaddr *
bd544276 VBD	418	prison_get_nonlocal(struct prison pr, sa_family_t af, struct sockaddr ip)
3e4150ef	419	{
bd544276 VBD	420	struct sockaddr_in ip4 = (struct sockaddr_in )ip;
bd544276 VBD	421	struct sockaddr_in6 ip6 = (struct sockaddr_in6 )ip;
3e4150ef	422
3e4150ef	423	/* Check if it is cached */
bd544276 VBD	424	switch(af) {
	425	case AF_INET:
	426	if (ip4 != NULL && pr->nonlocal_ip4 != NULL)
	427	ip4->sin_addr.s_addr = pr->nonlocal_ip4->sin_addr.s_addr;
	428	return (struct sockaddr *)pr->nonlocal_ip4;
	429
	430	case AF_INET6:
	431	if (ip6 != NULL && pr->nonlocal_ip6 != NULL)
	432	ip6->sin6_addr = pr->nonlocal_ip6->sin6_addr;
	433	return (struct sockaddr *)pr->nonlocal_ip6;
3e4150ef	434	}
bd544276 VBD	435
	436	/* NOTREACHED */
	437	return NULL;
3e4150ef VBD	438	}
	439
	440	/*
	441	* Prison get loopback ip.
bd544276 VBD	442	* - af is the address family of the ip we want (AF_INET\|AF_INET6).
	443	* - If ip != NULL, put the first IP address that is not a loopback address
	444	* into *ip.
	445	*
	446	* ip is in network by order and we don't touch it unless we find a valid ip.
	447	* No matter if ip == NULL or not, we return either a valid struct sockaddr *,
	448	* or NULL. This struct may not be modified.
3e4150ef	449	*/
bd544276 VBD	450	struct sockaddr *
bd544276 VBD	451	prison_get_local(struct prison pr, sa_family_t af, struct sockaddr ip)
3e4150ef	452	{
bd544276 VBD	453	struct sockaddr_in ip4 = (struct sockaddr_in )ip;
bd544276 VBD	454	struct sockaddr_in6 ip6 = (struct sockaddr_in6 )ip;
3e4150ef	455
3e4150ef	456	/* Check if it is cached */
bd544276 VBD	457	switch(af) {
	458	case AF_INET:
	459	if (ip4 != NULL && pr->local_ip4 != NULL)
	460	ip4->sin_addr.s_addr = pr->local_ip4->sin_addr.s_addr;
	461	return (struct sockaddr *)pr->local_ip4;
	462
	463	case AF_INET6:
	464	if (ip6 != NULL && pr->local_ip6 != NULL)
	465	ip6->sin6_addr = pr->local_ip6->sin6_addr;
	466	return (struct sockaddr *)pr->local_ip6;
984263bc	467	}
bd544276 VBD	468
	469	/* NOTREACHED */
	470	return NULL;
3e4150ef VBD	471	}
	472
	473	/* Check if the IP is among ours, if it is return 1, else 0 */
	474	int
	475	jailed_ip(struct prison pr, struct sockaddr ip)
	476	{
	477	struct jail_ip_storage *jis;
	478	struct sockaddr_in jip4, ip4;
	479	struct sockaddr_in6 jip6, ip6;
	480
	481	if (pr == NULL)
	482	return(0);
	483	ip4 = (struct sockaddr_in *)ip;
	484	ip6 = (struct sockaddr_in6 *)ip;
	485	SLIST_FOREACH(jis, &pr->pr_ips, entries) {
	486	switch (ip->sa_family) {
	487	case AF_INET:
	488	jip4 = (struct sockaddr_in *) &jis->ip;
	489	if (jip4->sin_family == AF_INET &&
	490	ip4->sin_addr.s_addr == jip4->sin_addr.s_addr)
	491	return(1);
	492	break;
	493	case AF_INET6:
	494	jip6 = (struct sockaddr_in6 *) &jis->ip;
	495	if (jip6->sin6_family == AF_INET6 &&
	496	IN6_ARE_ADDR_EQUAL(&ip6->sin6_addr,
	497	&jip6->sin6_addr))
	498	return(1);
	499	break;
	500	}
	501	}
	502	/* Ip not in list */
	503	return(0);
984263bc MD	504	}
	505
	506	int
87de5057	507	prison_if(struct ucred cred, struct sockaddr sa)
984263bc	508	{
41c20dac	509	struct prison *pr;
984263bc	510	struct sockaddr_in sai = (struct sockaddr_in) sa;
984263bc	511
87de5057	512	pr = cred->cr_prison;
41c20dac	513
3e4150ef VBD	514	if (((sai->sin_family != AF_INET) && (sai->sin_family != AF_INET6))
	515	&& jail_socket_unixiproute_only)
	516	return(1);
	517	else if ((sai->sin_family != AF_INET) && (sai->sin_family != AF_INET6))
	518	return(0);
	519	else if (jailed_ip(pr, sa))
	520	return(0);
	521	return(1);
984263bc	522	}
b40e316c JS	523
	524	/*
	525	* Returns a prison instance, or NULL on failure.
	526	*/
	527	static struct prison *
	528	prison_find(int prid)
	529	{
	530	struct prison *pr;
	531
	532	LIST_FOREACH(pr, &allprison, pr_list) {
	533	if (pr->pr_id == prid)
	534	break;
	535	}
	536	return(pr);
	537	}
	538
	539	static int
	540	sysctl_jail_list(SYSCTL_HANDLER_ARGS)
	541	{
3e4150ef	542	struct jail_ip_storage *jip;
70c97e0d	543	#ifdef INET6
3e4150ef	544	struct sockaddr_in6 *jsin6;
70c97e0d	545	#endif
3e4150ef	546	struct sockaddr_in *jsin;
b40e316c	547	struct proc *p;
b40e316c	548	struct prison *pr;
3e4150ef	549	unsigned int jlssize, jlsused;
b40e316c	550	int count, error;
3e4150ef VBD	551	char jls; / Jail list */
	552	char oip; / Output ip */
	553	char fullpath, freepath;
b40e316c	554
3e4150ef	555	jlsused = 0;
b40e316c JS	556	p = curthread->td_proc;
	557
	558	if (jailed(p->p_ucred))
	559	return (0);
	560	retry:
	561	count = prisoncount;
	562
	563	if (count == 0)
	564	return(0);
	565
3e4150ef VBD	566	jlssize = (count * 1024);
3e4150ef VBD	567	jls = kmalloc(jlssize + 1, M_TEMP, M_WAITOK \| M_ZERO);
b40e316c	568	if (count < prisoncount) {
3e4150ef	569	kfree(jls, M_TEMP);
b40e316c JS	570	goto retry;
	571	}
	572	count = prisoncount;
e713d50d	573
b40e316c	574	LIST_FOREACH(pr, &allprison, pr_list) {
28623bf9	575	error = cache_fullpath(p, &pr->pr_root, &fullpath, &freepath);
70c97e0d MD	576	if (error)
	577	continue;
	578	if (jlsused && jlsused < jlssize)
	579	jls[jlsused++] = '\n';
	580	count = ksnprintf(jls + jlsused, (jlssize - jlsused),
	581	"%d %s %s",
	582	pr->pr_id, pr->pr_host, fullpath);
3e4150ef VBD	583	kfree(freepath, M_TEMP);
	584	if (count < 0)
	585	goto end;
	586	jlsused += count;
	587
	588	/* Copy the IPS */
	589	SLIST_FOREACH(jip, &pr->pr_ips, entries) {
	590	jsin = (struct sockaddr_in *)&jip->ip;
3e4150ef	591
70c97e0d MD	592	switch(jsin->sin_family) {
70c97e0d MD	593	case AF_INET:
3e4150ef	594	oip = inet_ntoa(jsin->sin_addr);
70c97e0d MD	595	break;
	596	#ifdef INET6
	597	case AF_INET6:
	598	jsin6 = (struct sockaddr_in6 *)&jip->ip;
3e4150ef	599	oip = ip6_sprintf(&jsin6->sin6_addr);
70c97e0d MD	600	break;
	601	#endif
	602	default:
	603	oip = "?family?";
	604	break;
	605	}
3e4150ef	606
70c97e0d	607	if ((jlssize - jlsused) < (strlen(oip) + 1)) {
3e4150ef VBD	608	error = ERANGE;
	609	goto end;
	610	}
70c97e0d MD	611	count = ksnprintf(jls + jlsused, (jlssize - jlsused),
	612	" %s", oip);
	613	if (count < 0)
	614	goto end;
	615	jlsused += count;
b40e316c	616	}
b40e316c JS	617	}
b40e316c JS	618
3e4150ef VBD	619	/*
	620	* The format is:
	621	* pr_id <SPC> hostname1 <SPC> PATH1 <SPC> IP1 <SPC> IP2\npr_id...
	622	*/
	623	error = SYSCTL_OUT(req, jls, jlsused);
	624	end:
	625	kfree(jls, M_TEMP);
b40e316c JS	626	return(error);
	627	}
	628
3e4150ef VBD	629	SYSCTL_OID(_jail, OID_AUTO, list, CTLTYPE_STRING \| CTLFLAG_RD, NULL, 0,
3e4150ef VBD	630	sysctl_jail_list, "A", "List of active jails");
b40e316c JS	631
	632	void
	633	prison_hold(struct prison *pr)
	634	{
	635	pr->pr_ref++;
	636	}
	637
	638	void
	639	prison_free(struct prison *pr)
	640	{
3e4150ef	641	struct jail_ip_storage *jls;
b40e316c JS	642	KKASSERT(pr->pr_ref >= 1);
	643
	644	if (--pr->pr_ref > 0)
	645	return;
	646
3e4150ef VBD	647	/* Delete all ips */
	648	while (!SLIST_EMPTY(&pr->pr_ips)) {
	649	jls = SLIST_FIRST(&pr->pr_ips);
	650	SLIST_REMOVE_HEAD(&pr->pr_ips, entries);
81be0cb8	651	kfree(jls, M_PRISON);
3e4150ef	652	}
b40e316c JS	653	LIST_REMOVE(pr, pr_list);
	654	prisoncount--;
	655
	656	if (pr->pr_linux != NULL)
efda3bd0	657	kfree(pr->pr_linux, M_PRISON);
b40e316c	658	varsymset_clean(&pr->pr_varsymset);
28623bf9	659	cache_drop(&pr->pr_root);
efda3bd0	660	kfree(pr, M_PRISON);
b40e316c	661	}
cd554aa4 MN	662
	663	/*
	664	* Check if permisson for a specific privilege is granted within jail.
	665	*/
	666	int
	667	prison_priv_check(struct ucred *cred, int priv)
	668	{
	669	if (!jailed(cred))
	670	return (0);
	671
3a591c90 MN	672	switch (priv) {
	673	case PRIV_CRED_SETUID:
	674	case PRIV_CRED_SETEUID:
	675	case PRIV_CRED_SETGID:
	676	case PRIV_CRED_SETEGID:
	677	case PRIV_CRED_SETGROUPS:
	678	case PRIV_CRED_SETREUID:
	679	case PRIV_CRED_SETREGID:
	680	case PRIV_CRED_SETRESUID:
	681	case PRIV_CRED_SETRESGID:
	682
	683	case PRIV_VFS_SYSFLAGS:
	684	case PRIV_VFS_CHOWN:
47fac363	685	case PRIV_VFS_CHMOD:
3a591c90	686	case PRIV_VFS_CHROOT:
f6df0641	687	case PRIV_VFS_LINK:
6dc79895	688	case PRIV_VFS_CHFLAGS_DEV:
3a591c90 MN	689	case PRIV_VFS_MKNOD_BAD:
	690	case PRIV_VFS_MKNOD_WHT:
	691	case PRIV_VFS_MKNOD_DIR:
	692
	693	case PRIV_PROC_SETRLIMIT:
	694	case PRIV_PROC_SETLOGIN:
	695
	696	case PRIV_SYSCTL_WRITEJAIL:
	697
	698	return (0);
	699
	700	default:
	701
	702	return (EPERM);
	703	}
cd554aa4	704	}