Add a sysctl jail.allow_raw_sockets (default to diabled) which allows
[dragonfly.git] / sys / sys / jail.h
CommitLineData
984263bc
MD
1/*
2 * ----------------------------------------------------------------------------
3 * "THE BEER-WARE LICENSE" (Revision 42):
4 * <phk@FreeBSD.org> wrote this file. As long as you retain this notice you
5 * can do whatever you want with this stuff. If we meet some day, and you think
6 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
7 * ----------------------------------------------------------------------------
8 *
9 * $FreeBSD: src/sys/sys/jail.h,v 1.8.2.2 2000/11/01 17:58:06 rwatson Exp $
7b09fb68 10 * $DragonFly: src/sys/sys/jail.h,v 1.12 2008/05/17 18:20:31 dillon Exp $
984263bc
MD
11 *
12 */
13
14#ifndef _SYS_JAIL_H_
15#define _SYS_JAIL_H_
16
1bd40720
MD
17#ifndef _SYS_TYPES_H_
18#include <sys/types.h>
19#endif
20#ifndef _SYS_PARAM_H_
21#include <sys/param.h>
22#endif
3e4150ef
VBD
23#ifndef _SYS_QUEUE_H_
24#include <sys/queue.h>
25#endif
1bd40720
MD
26#ifndef _SYS_UCRED_H_
27#include <sys/ucred.h>
28#endif
3e4150ef
VBD
29#ifndef _SYS_IF_H_
30#include <net/if.h>
31#endif
1bd40720 32
984263bc 33struct jail {
3e4150ef
VBD
34 uint32_t version;
35 char *path;
36 char *hostname;
37 uint32_t n_ips; /* Number of ips */
38 struct sockaddr_storage *ips;
39};
40
41struct jail_v0 {
b40e316c 42 uint32_t version;
984263bc
MD
43 char *path;
44 char *hostname;
b40e316c 45 uint32_t ip_number;
984263bc
MD
46};
47
48#ifndef _KERNEL
49
b40e316c
JS
50int jail(struct jail *);
51int jail_attach(int);
984263bc 52
5dfd06ac
SS
53#endif
54
55#ifdef _KERNEL
984263bc 56
28623bf9
MD
57#ifndef _SYS_NAMECACHE_H_
58#include <sys/namecache.h>
59#endif
60#ifndef _SYS_VARSYM_H_
b40e316c 61#include <sys/varsym.h>
28623bf9 62#endif
b40e316c 63
984263bc
MD
64#ifdef MALLOC_DECLARE
65MALLOC_DECLARE(M_PRISON);
66#endif
67
5dfd06ac
SS
68#endif /* _KERNEL */
69
70#if defined(_KERNEL) || defined(_KERNEL_STRUCTURES)
71
b40e316c
JS
72#define JAIL_MAX 999999
73
3e4150ef
VBD
74/* Used to store the IPs of the jail */
75
76struct jail_ip_storage {
3e4150ef 77 struct sockaddr_storage ip;
bd544276 78 SLIST_ENTRY(jail_ip_storage) entries;
3e4150ef
VBD
79};
80
984263bc
MD
81/*
82 * This structure describes a prison. It is pointed to by all struct
83 * proc's of the inmates. pr_ref keeps track of them and is used to
84 * delete the struture when the last inmate is dead.
85 */
86
87struct prison {
b40e316c
JS
88 LIST_ENTRY(prison) pr_list; /* all prisons */
89 int pr_id; /* prison id */
90 int pr_ref; /* reference count */
28623bf9 91 struct nchandle pr_root; /* namecache entry of root */
b40e316c 92 char pr_host[MAXHOSTNAMELEN]; /* host name */
3e4150ef 93 SLIST_HEAD(iplist, jail_ip_storage) pr_ips; /* list of IP addresses */
bd544276
VBD
94 struct sockaddr_in *local_ip4; /* cache for a loopback ipv4 address */
95 struct sockaddr_in *nonlocal_ip4; /* cache for a non loopback ipv4 address */
96 struct sockaddr_in6 *local_ip6; /* cache for a loopback ipv6 address */
97 struct sockaddr_in6 *nonlocal_ip6; /* cache for a non loopback ipv6 address */
b40e316c
JS
98 void *pr_linux; /* Linux ABI emulation */
99 int pr_securelevel; /* jail securelevel */
100 struct varsymset pr_varsymset; /* jail varsyms */
984263bc
MD
101};
102
103/*
104 * Sysctl-set variables that determine global jail policy
105 */
106extern int jail_set_hostname_allowed;
107extern int jail_socket_unixiproute_only;
108extern int jail_sysvipc_allowed;
b70df062 109extern int jail_chflags_allowed;
7b09fb68 110extern int jail_allow_raw_sockets;
984263bc 111
b40e316c
JS
112void prison_hold(struct prison *);
113void prison_free(struct prison *);
3e4150ef 114int jailed_ip(struct prison *, struct sockaddr *);
bd544276
VBD
115struct sockaddr *
116 prison_get_local(struct prison *pr, sa_family_t, struct sockaddr *);
117struct sockaddr *
118 prison_get_nonlocal(struct prison *pr, sa_family_t, struct sockaddr *);
b40e316c
JS
119
120/*
121 * Return 1 if the passed credential is in a jail, otherwise 0.
122 */
123static __inline int
124jailed(struct ucred *cred)
125{
126 return(cred->cr_prison != NULL);
127}
128
5dfd06ac 129#endif /* _KERNEL || _KERNEL_STRUCTURES */
984263bc 130#endif /* !_SYS_JAIL_H_ */