Lines Matching full:pr
149 static int do_jail_attach(struct thread *td, struct prison *pr, int drflags);
151 static void prison_deref(struct prison *pr, int flags);
152 static void prison_deref_kill(struct prison *pr, struct prisonlist *freeprison);
153 static int prison_lock_xlock(struct prison *pr, int flags);
154 static void prison_cleanup(struct prison *pr);
155 static void prison_free_not_last(struct prison *pr);
156 static void prison_proc_free_not_last(struct prison *pr);
159 static void prison_set_allow_locked(struct prison *pr, unsigned flag,
163 static void prison_racct_attach(struct prison *pr);
164 static void prison_racct_modify(struct prison *pr);
165 static void prison_racct_detach(struct prison *pr);
673 prison_ip_dup(struct prison *ppr, struct prison *pr, const pr_family_t af)
681 pr->pr_addrs[af] = pip;
735 prison_ip_conflict_check(const struct prison *ppr, const struct prison *pr,
749 if (tpr == pr ||
789 prison_ip_set(struct prison *pr, const pr_family_t af, struct prison_ip *new)
793 mtx_assert(&pr->pr_mtx, MA_OWNED);
795 mem = &pr->pr_addrs[af];
808 prison_ip_restrict(struct prison *pr, const pr_family_t af,
811 struct prison_ip *ppip = pr->pr_parent->pr_addrs[af];
812 struct prison_ip *pip = pr->pr_addrs[af];
818 mtx_assert(&pr->pr_mtx, MA_OWNED);
829 prison_ip_set(pr, af, NULL);
833 if (!(pr->pr_flags & pr_families[af].ip_flag)) {
842 prison_ip_set(pr, af, new);
905 prison_ip_set(pr, af, new);
916 prison_ip_check(const struct prison *pr, const pr_family_t af,
923 MPASS(mtx_owned(&pr->pr_mtx) ||
927 pip = atomic_load_ptr(&pr->pr_addrs[af]);
960 prison_ip_get0(const struct prison *pr, const pr_family_t af)
962 const struct prison_ip *pip = pr->pr_addrs[af];
964 mtx_assert(&pr->pr_mtx, MA_OWNED);
971 prison_ip_cnt(const struct prison *pr, const pr_family_t af)
974 return (pr->pr_addrs[af]->ips);
990 struct prison *pr, *deadpr, *dinspr, *inspr, *mypr, *ppr, *tpr;
1415 pr = NULL;
1448 pr = inspr;
1449 mtx_lock(&pr->pr_mtx);
1458 if (cuflags == JAIL_CREATE && pr != NULL) {
1467 if ((pr == NULL)
1469 : !prison_ischild(mypr, pr)) {
1499 if (pr != NULL) {
1531 if (tpr == pr || !prison_isalive(tpr) ||
1534 if (cuflags == JAIL_CREATE || pr != NULL) {
1545 pr = tpr;
1546 mtx_lock(&pr->pr_mtx);
1556 if ((pr == NULL)
1558 : !prison_isalive(pr)) {
1567 else if (cuflags == JAIL_UPDATE && pr == NULL) {
1574 created = pr == NULL;
1618 pr = malloc(sizeof(*pr), M_PRISON, M_WAITOK | M_ZERO);
1619 pr->pr_state = PRISON_STATE_INVALID;
1620 refcount_init(&pr->pr_ref, 1);
1621 refcount_init(&pr->pr_uref, 0);
1623 LIST_INIT(&pr->pr_children);
1624 mtx_init(&pr->pr_mtx, "jail mutex", NULL, MTX_DEF | MTX_DUPOK);
1625 TASK_INIT(&pr->pr_task, 0, prison_complete, pr);
1627 pr->pr_id = jid;
1629 TAILQ_INSERT_BEFORE(inspr, pr, pr_list);
1631 TAILQ_INSERT_TAIL(&allprison, pr, pr_list);
1633 pr->pr_parent = ppr;
1636 LIST_INSERT_HEAD(&ppr->pr_children, pr, pr_sibling);
1648 strlcpy(pr->pr_hostuuid, DEFAULT_HOSTUUID, HOSTUUIDLEN);
1649 pr->pr_flags |= PR_HOST;
1657 pr->pr_flags |= PR_IP4 | PR_IP4_USER;
1659 pr->pr_flags |= ppr->pr_flags & PR_IP4;
1660 prison_ip_dup(ppr, pr, PR_INET);
1665 pr->pr_flags |= PR_IP6 | PR_IP6_USER;
1667 pr->pr_flags |= ppr->pr_flags & PR_IP6;
1668 prison_ip_dup(ppr, pr, PR_INET6);
1674 pr->pr_flags |= _PR_IP_SADDRSEL;
1676 pr->pr_securelevel = ppr->pr_securelevel;
1677 pr->pr_allow = JAIL_DEFAULT_ALLOW & ppr->pr_allow;
1678 pr->pr_enforce_statfs = jail_default_enforce_statfs;
1679 pr->pr_devfs_rsnum = ppr->pr_devfs_rsnum;
1681 pr->pr_osreldate = osreldt ? osreldt : ppr->pr_osreldate;
1683 strlcpy(pr->pr_osrelease, ppr->pr_osrelease,
1684 sizeof(pr->pr_osrelease));
1686 strlcpy(pr->pr_osrelease, osrelstr,
1687 sizeof(pr->pr_osrelease));
1697 pr->pr_flags |= PR_VNET;
1698 pr->pr_vnet = vnet_alloc();
1700 pr->pr_vnet = ppr->pr_vnet;
1707 error = cpuset_create_root(ppr, &pr->pr_cpuset);
1711 mtx_lock(&pr->pr_mtx);
1718 prison_hold(pr);
1721 if ((pr->pr_flags & PR_VNET) &&
1730 if (PR_IP4_USER & ch_flags & (pr_flags ^ pr->pr_flags)) {
1738 if (PR_IP6_USER & ch_flags & (pr_flags ^ pr->pr_flags)) {
1793 if (!prison_ip_conflict_check(ppr, pr, ip4, PR_INET)) {
1808 if (!prison_ip_conflict_check(ppr, pr, ip6, PR_INET6)) {
1835 onamelen = strlen(pr->pr_name + pnamelen);
1837 if (pnamelen + namelen + 1 > sizeof(pr->pr_name)) {
1841 FOREACH_PRISON_DESCENDANT(pr, tpr, descend) {
1843 sizeof(pr->pr_name)) {
1860 mtx_unlock(&pr->pr_mtx);
1862 error = osd_jail_call(pr, PR_METHOD_CHECK, opts);
1865 mtx_lock(&pr->pr_mtx);
1881 pr->pr_flags |= PR_IP4;
1882 prison_ip_set(pr, PR_INET, ip4);
1884 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
1901 pr->pr_flags |= PR_IP6;
1902 prison_ip_set(pr, PR_INET6, ip6);
1904 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
1919 pr->pr_securelevel = slevel;
1921 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend)
1926 pr->pr_childmax = childmax;
1928 FOREACH_PRISON_DESCENDANT_LOCKED_LEVEL(pr, tpr, descend, level)
1934 pr->pr_enforce_statfs = enforce;
1936 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend)
1941 pr->pr_devfs_rsnum = rsnum;
1943 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend)
1948 strlcpy(pr->pr_name, namelc, sizeof(pr->pr_name));
1950 snprintf(pr->pr_name, sizeof(pr->pr_name), "%s.%s",
1953 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
1956 bcopy(pr->pr_name, tpr->pr_name, namelen);
1961 strlcpy(pr->pr_path, path, sizeof(pr->pr_path));
1962 pr->pr_root = root;
1966 if (pr->pr_flags & PR_HOST) {
1973 strlcpy(pr->pr_hostname, pr->pr_parent->pr_hostname,
1974 sizeof(pr->pr_hostname));
1975 strlcpy(pr->pr_domainname, pr->pr_parent->pr_domainname,
1976 sizeof(pr->pr_domainname));
1977 strlcpy(pr->pr_hostuuid, pr->pr_parent->pr_hostuuid,
1978 sizeof(pr->pr_hostuuid));
1979 pr->pr_hostid = pr->pr_parent->pr_hostid;
1984 strlcpy(pr->pr_hostname, host, sizeof(pr->pr_hostname));
1986 strlcpy(pr->pr_domainname, domain,
1987 sizeof(pr->pr_domainname));
1989 strlcpy(pr->pr_hostuuid, uuid, sizeof(pr->pr_hostuuid));
1991 pr->pr_hostid = hid;
1992 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
1998 pr->pr_hostname,
2002 pr->pr_domainname,
2006 pr->pr_hostuuid,
2013 pr->pr_allow = (pr->pr_allow & ~ch_allow) | pr_allow;
2015 prison_set_allow_locked(pr, tallow, 0);
2020 if (ch_flags & PR_PERSIST & (pr_flags ^ pr->pr_flags)) {
2022 prison_hold(pr);
2028 refcount_acquire(&pr->pr_uref);
2031 prison_free_not_last(pr);
2034 pr->pr_flags = (pr->pr_flags & ~ch_flags) | pr_flags;
2035 mtx_unlock(&pr->pr_mtx);
2046 prison_racct_attach(pr);
2054 ip4s = pr->pr_addrs[PR_INET]->ips;
2057 mtx_lock(&pr->pr_mtx);
2059 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
2069 mtx_unlock(&pr->pr_mtx);
2074 ip6s = pr->pr_addrs[PR_INET6]->ips;
2077 mtx_lock(&pr->pr_mtx);
2079 FOREACH_PRISON_DESCENDANT_LOCKED(pr, tpr, descend) {
2089 mtx_unlock(&pr->pr_mtx);
2095 error = osd_jail_call(pr, PR_METHOD_CREATE, opts);
2099 error = osd_jail_call(pr, PR_METHOD_SET, opts);
2108 drflags = prison_lock_xlock(pr, drflags);
2109 pr->pr_state = PRISON_STATE_ALIVE;
2114 error = do_jail_attach(td, pr,
2115 prison_lock_xlock(pr, drflags & PD_LOCK_FLAGS));
2126 mtx_unlock(&pr->pr_mtx);
2133 prison_racct_modify(pr);
2137 if (created && pr != &prison0 && (pr->pr_allow & PR_ALLOW_NFSD) != 0 &&
2138 (pr->pr_root->v_vflag & VV_ROOT) == 0)
2140 " file system\n", pr->pr_id);
2143 td->td_retval[0] = pr->pr_id;
2147 if (pr != NULL)
2148 prison_deref(pr, drflags);
2326 struct prison *pr, *mypr;
2342 pr = NULL;
2351 TAILQ_FOREACH(pr, &allprison, pr_list) {
2352 if (pr->pr_id > jid &&
2353 ((flags & JAIL_DYING) || prison_isalive(pr)) &&
2354 prison_ischild(mypr, pr)) {
2355 mtx_lock(&pr->pr_mtx);
2369 pr = prison_find_child(mypr, jid);
2370 if (pr != NULL) {
2372 if (!(prison_isalive(pr) ||
2394 pr = prison_find_name(mypr, name);
2395 if (pr != NULL) {
2397 if (!(prison_isalive(pr) || (flags & JAIL_DYING))) {
2417 prison_hold(pr);
2419 td->td_retval[0] = pr->pr_id;
2420 error = vfs_setopt(opts, "jid", &pr->pr_id, sizeof(pr->pr_id));
2423 i = (pr->pr_parent == mypr) ? 0 : pr->pr_parent->pr_id;
2427 error = vfs_setopts(opts, "name", prison_name(mypr, pr));
2430 error = vfs_setopt(opts, "cpuset.id", &pr->pr_cpuset->cs_id,
2431 sizeof(pr->pr_cpuset->cs_id));
2434 error = vfs_setopts(opts, "path", prison_path(mypr, pr));
2438 error = vfs_setopt_part(opts, "ip4.addr", pr->pr_addrs[PR_INET]->pr_ip,
2439 pr->pr_addrs[PR_INET] ? pr->pr_addrs[PR_INET]->ips *
2445 error = vfs_setopt_part(opts, "ip6.addr", pr->pr_addrs[PR_INET6]->pr_ip,
2446 pr->pr_addrs[PR_INET6] ? pr->pr_addrs[PR_INET6]->ips *
2451 error = vfs_setopt(opts, "securelevel", &pr->pr_securelevel,
2452 sizeof(pr->pr_securelevel));
2455 error = vfs_setopt(opts, "children.cur", &pr->pr_childcount,
2456 sizeof(pr->pr_childcount));
2459 error = vfs_setopt(opts, "children.max", &pr->pr_childmax,
2460 sizeof(pr->pr_childmax));
2463 error = vfs_setopts(opts, "host.hostname", pr->pr_hostname);
2466 error = vfs_setopts(opts, "host.domainname", pr->pr_domainname);
2469 error = vfs_setopts(opts, "host.hostuuid", pr->pr_hostuuid);
2474 uint32_t hid32 = pr->pr_hostid;
2479 error = vfs_setopt(opts, "host.hostid", &pr->pr_hostid,
2480 sizeof(pr->pr_hostid));
2483 error = vfs_setopt(opts, "enforce_statfs", &pr->pr_enforce_statfs,
2484 sizeof(pr->pr_enforce_statfs));
2487 error = vfs_setopt(opts, "devfs_ruleset", &pr->pr_devfs_rsnum,
2488 sizeof(pr->pr_devfs_rsnum));
2494 i = (pr->pr_flags & bf->flag) ? 1 : 0;
2506 f = pr->pr_flags & (jsf->disable | jsf->new);
2518 i = (pr->pr_allow & bf->flag) ? 1 : 0;
2527 i = !prison_isalive(pr);
2535 error = vfs_setopt(opts, "osreldate", &pr->pr_osreldate,
2536 sizeof(pr->pr_osreldate));
2539 error = vfs_setopts(opts, "osrelease", pr->pr_osrelease);
2544 mtx_unlock(&pr->pr_mtx);
2546 error = osd_jail_call(pr, PR_METHOD_GET, opts);
2549 prison_deref(pr, drflags);
2550 pr = NULL;
2586 if (pr != NULL)
2587 prison_deref(pr, drflags);
2617 struct prison *pr;
2625 pr = prison_find_child(td->td_ucred->cr_prison, uap->jid);
2626 if (pr == NULL) {
2630 if (!prison_isalive(pr)) {
2632 mtx_unlock(&pr->pr_mtx);
2636 prison_deref(pr, PD_KILL | PD_LOCKED | PD_LIST_XLOCKED);
2648 struct prison *pr;
2656 pr = prison_find_child(td->td_ucred->cr_prison, uap->jid);
2657 if (pr == NULL) {
2663 if (!prison_isalive(pr)) {
2664 mtx_unlock(&pr->pr_mtx);
2669 return (do_jail_attach(td, pr, PD_LOCKED | PD_LIST_SLOCKED));
2673 do_jail_attach(struct thread *td, struct prison *pr, int drflags)
2679 mtx_assert(&pr->pr_mtx, MA_OWNED);
2690 prison_hold(pr);
2691 refcount_acquire(&pr->pr_uref);
2693 mtx_unlock(&pr->pr_mtx);
2697 error = osd_jail_call(pr, PR_METHOD_ATTACH, td);
2699 prison_deref(pr, drflags);
2709 error = cpuset_setproc_update_set(p, pr->pr_cpuset);
2713 vn_lock(pr->pr_root, LK_EXCLUSIVE | LK_RETRY);
2714 if ((error = change_dir(pr->pr_root, td)) != 0)
2717 if ((error = mac_vnode_check_chroot(td->td_ucred, pr->pr_root)))
2720 VOP_UNLOCK(pr->pr_root);
2721 if ((error = pwd_chroot_chdir(td, pr->pr_root)))
2727 newcred->cr_prison = pr;
2739 prison_proc_relink(oldcred->cr_prison, pr, p);
2747 if (!prison_isalive(pr)) {
2756 VOP_UNLOCK(pr->pr_root);
2762 prison_deref(pr, drflags);
2772 struct prison *pr;
2775 TAILQ_FOREACH(pr, &allprison, pr_list) {
2776 if (pr->pr_id < prid)
2778 if (pr->pr_id > prid)
2780 KASSERT(prison_isvalid(pr), ("Found invalid prison %p", pr));
2781 mtx_lock(&pr->pr_mtx);
2782 return (pr);
2793 struct prison *pr;
2797 FOREACH_PRISON_DESCENDANT(mypr, pr, descend) {
2798 if (pr->pr_id == prid) {
2799 KASSERT(prison_isvalid(pr),
2800 ("Found invalid prison %p", pr));
2801 mtx_lock(&pr->pr_mtx);
2802 return (pr);
2814 struct prison *pr, *deadpr;
2821 FOREACH_PRISON_DESCENDANT(mypr, pr, descend) {
2822 if (!strcmp(pr->pr_name + mylen, name)) {
2823 KASSERT(prison_isvalid(pr),
2824 ("Found invalid prison %p", pr));
2825 if (prison_isalive(pr)) {
2826 mtx_lock(&pr->pr_mtx);
2827 return (pr);
2829 deadpr = pr;
2871 prison_hold_locked(struct prison *pr)
2875 prison_hold(pr);
2879 prison_hold(struct prison *pr)
2882 int was_valid = refcount_acquire_if_not_zero(&pr->pr_ref);
2885 ("Trying to hold dead prison %p (jid=%d).", pr, pr->pr_id));
2887 refcount_acquire(&pr->pr_ref);
2896 prison_free_locked(struct prison *pr)
2899 mtx_assert(&pr->pr_mtx, MA_OWNED);
2904 mtx_unlock(&pr->pr_mtx);
2905 prison_free(pr);
2909 prison_free(struct prison *pr)
2912 KASSERT(refcount_load(&pr->pr_ref) > 0,
2914 pr, pr->pr_id));
2915 if (!refcount_release_if_not_last(&pr->pr_ref)) {
2920 taskqueue_enqueue(taskqueue_jail_remove, &pr->pr_task);
2925 prison_free_not_last(struct prison *pr)
2930 KASSERT(refcount_load(&pr->pr_ref) > 0,
2932 pr, pr->pr_id));
2933 lastref = refcount_release(&pr->pr_ref);
2936 pr, pr->pr_id));
2938 refcount_release(&pr->pr_ref);
2952 prison_proc_hold(struct prison *pr)
2955 int was_alive = refcount_acquire_if_not_zero(&pr->pr_uref);
2958 ("Cannot add a process to a non-alive prison (jid=%d)", pr->pr_id));
2960 refcount_acquire(&pr->pr_uref);
2970 prison_proc_free(struct prison *pr)
2978 KASSERT(refcount_load(&pr->pr_uref) > 0,
2979 ("Trying to kill a process in a dead prison (jid=%d)", pr->pr_id));
2980 if (!refcount_release_if_not_last(&pr->pr_uref)) {
2987 prison_hold(pr);
2988 mtx_lock(&pr->pr_mtx);
2989 KASSERT(!(pr->pr_flags & PR_COMPLETE_PROC),
2991 pr->pr_id));
2992 pr->pr_flags |= PR_COMPLETE_PROC;
2993 mtx_unlock(&pr->pr_mtx);
2994 taskqueue_enqueue(taskqueue_jail_remove, &pr->pr_task);
2999 prison_proc_free_not_last(struct prison *pr)
3004 KASSERT(refcount_load(&pr->pr_uref) > 0,
3006 pr, pr->pr_id));
3007 lastref = refcount_release(&pr->pr_uref);
3010 pr, pr->pr_id));
3012 refcount_release(&pr->pr_uref);
3017 prison_proc_link(struct prison *pr, struct proc *p)
3021 LIST_INSERT_HEAD(&pr->pr_proclist, p, p_jaillist);
3025 prison_proc_unlink(struct prison *pr, struct proc *p)
3048 struct prison *pr = context;
3055 drflags = prison_lock_xlock(pr, PD_DEREF);
3056 if (pr->pr_flags & PR_COMPLETE_PROC) {
3057 pr->pr_flags &= ~PR_COMPLETE_PROC;
3060 prison_deref(pr, drflags);
3075 prison_proc_iterate(struct prison *pr, void (*cb)(struct proc *, void *),
3081 if (atomic_load_int(&pr->pr_childcount) == 0) {
3083 LIST_FOREACH(p, &pr->pr_proclist, p_jaillist) {
3091 if (atomic_load_int(&pr->pr_childcount) == 0)
3105 if (ppr == pr) {
3125 prison_deref(struct prison *pr, int flags)
3139 KASSERT(pr != &prison0,
3142 prison_hold(pr);
3145 flags = prison_lock_xlock(pr, flags);
3146 prison_deref_kill(pr, &freeprison);
3150 KASSERT(refcount_load(&pr->pr_uref) > 0,
3152 pr->pr_id));
3153 if (!refcount_release_if_not_last(&pr->pr_uref)) {
3155 prison_hold(pr);
3158 flags = prison_lock_xlock(pr, flags);
3159 if (refcount_release(&pr->pr_uref) &&
3160 pr->pr_state == PRISON_STATE_ALIVE) {
3168 pr->pr_state = PRISON_STATE_DYING;
3169 mtx_unlock(&pr->pr_mtx);
3171 prison_cleanup(pr);
3181 if (refcount_load(&pr->pr_uref) > 0)
3182 killpr = pr;
3188 KASSERT(refcount_load(&pr->pr_ref) > 0,
3190 pr->pr_id));
3191 if (!refcount_release_if_not_last(&pr->pr_ref)) {
3192 flags = prison_lock_xlock(pr, flags);
3193 if (refcount_release(&pr->pr_ref)) {
3199 refcount_load(&pr->pr_uref) == 0,
3202 pr->pr_uref, pr->pr_id));
3206 pr->pr_state = PRISON_STATE_INVALID;
3207 TAILQ_REMOVE(&allprison, pr, pr_list);
3208 LIST_REMOVE(pr, pr_sibling);
3209 TAILQ_INSERT_TAIL(&freeprison, pr,
3211 for (ppr = pr->pr_parent;
3219 ppr = pr->pr_parent;
3220 pr->pr_parent = NULL;
3221 mtx_unlock(&pr->pr_mtx);
3223 pr = ppr;
3235 mtx_unlock(&pr->pr_mtx);
3280 prison_deref_kill(struct prison *pr, struct prisonlist *freeprison)
3290 KASSERT(refcount_load(&pr->pr_ref) > 0,
3292 pr, pr->pr_id));
3293 refcount_acquire(&pr->pr_uref);
3294 pr->pr_state = PRISON_STATE_DYING;
3295 mtx_unlock(&pr->pr_mtx);
3298 FOREACH_PRISON_DESCENDANT_PRE_POST(pr, cpr, descend) {
3350 prison_cleanup(pr);
3351 mtx_lock(&pr->pr_mtx);
3352 if (pr->pr_flags & PR_PERSIST) {
3353 pr->pr_flags &= ~PR_PERSIST;
3354 prison_proc_free_not_last(pr);
3355 prison_free_not_last(pr);
3357 (void)refcount_release(&pr->pr_uref);
3366 prison_lock_xlock(struct prison *pr, int flags)
3375 mtx_unlock(&pr->pr_mtx);
3390 mtx_lock(&pr->pr_mtx);
3401 prison_cleanup(struct prison *pr)
3404 mtx_assert(&pr->pr_mtx, MA_NOTOWNED);
3405 vfs_exjail_delete(pr);
3406 shm_remove_prison(pr);
3407 (void)osd_jail_call(pr, PR_METHOD_REMOVE, NULL);
3417 struct prison *pr;
3419 pr = cred->cr_prison;
3421 mtx_lock(&pr->pr_mtx);
3422 prison_set_allow_locked(pr, flag, enable);
3423 mtx_unlock(&pr->pr_mtx);
3428 prison_set_allow_locked(struct prison *pr, unsigned flag, int enable)
3434 pr->pr_allow |= flag;
3436 pr->pr_allow &= ~flag;
3437 FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend)
3451 struct prison *pr;
3456 pr = cred->cr_prison;
3468 if (pr->pr_flags & PR_IP4)
3470 mtx_lock(&pr->pr_mtx);
3471 if ((pr->pr_flags & PR_IP4) &&
3472 pr->pr_addrs[PR_INET] == NULL)
3474 mtx_unlock(&pr->pr_mtx);
3480 if (pr->pr_flags & PR_IP6)
3482 mtx_lock(&pr->pr_mtx);
3483 if ((pr->pr_flags & PR_IP6) &&
3484 pr->pr_addrs[PR_INET6] == NULL)
3486 mtx_unlock(&pr->pr_mtx);
3495 if (!(pr->pr_allow & PR_ALLOW_SOCKET_AF))
3604 prison_isalive(const struct prison *pr)
3607 if (__predict_false(pr->pr_state != PRISON_STATE_ALIVE))
3620 prison_isvalid(struct prison *pr)
3623 if (__predict_false(pr->pr_state == PRISON_STATE_INVALID))
3625 if (__predict_false(refcount_load(&pr->pr_ref) == 0))
3654 struct prison *pr;
3660 pr = (cred != NULL) ? cred->cr_prison : &prison0;
3661 mtx_lock(&pr->pr_mtx);
3662 strlcpy(buf, pr->pr_hostname, size);
3663 mtx_unlock(&pr->pr_mtx);
3731 struct prison *pr;
3735 pr = cred->cr_prison;
3736 if (pr->pr_enforce_statfs == 0)
3738 if (pr->pr_root->v_mount == mp)
3740 if (pr->pr_enforce_statfs == 2)
3748 if (strcmp(pr->pr_path, "/") == 0)
3750 len = strlen(pr->pr_path);
3752 if (strncmp(pr->pr_path, sp->f_mntonname, len) != 0)
3767 struct prison *pr;
3770 pr = cred->cr_prison;
3771 if (pr->pr_enforce_statfs == 0)
3779 if (pr->pr_root->v_mount == mp) {
3792 if (strcmp(pr->pr_path, "/") == 0)
3794 len = strlen(pr->pr_path);
3816 struct prison *pr;
4098 pr = cred->cr_prison;
4099 prison_lock(pr);
4100 if (pr->pr_allow & PR_ALLOW_MOUNT && pr->pr_enforce_statfs < 2)
4104 prison_unlock(pr);
4284 prison_ip_copyout(struct prison *pr, const pr_family_t af, void **out, int *len)
4290 mtx_assert(&pr->pr_mtx, MA_OWNED);
4291 if ((pip = pr->pr_addrs[af]) != NULL) {
4294 mtx_unlock(&pr->pr_mtx);
4296 mtx_lock(&pr->pr_mtx);
4308 struct prison *pr, *cpr;
4320 pr = req->td->td_ucred->cr_prison;
4323 FOREACH_PRISON_DESCENDANT(pr, cpr, descend) {
4335 strlcpy(xp->pr_path, prison_path(pr, cpr), sizeof(xp->pr_path));
4337 strlcpy(xp->pr_name, prison_name(pr, cpr), sizeof(xp->pr_name));
4489 struct prison *pr;
4492 pr = req->td->td_ucred->cr_prison;
4493 level = (pr == &prison0) ? *(int *)arg1 : *(int *)((char *)pr + arg2);
4519 struct prison *pr;
4522 pr = req->td->td_ucred->cr_prison;
4526 i = *(int *)((char *)pr + arg2);
4925 prison_racct_attach(struct prison *pr)
4932 prr = prison_racct_find_locked(pr->pr_name);
4935 pr->pr_prison_racct = prr;
4943 prison_racct_modify(struct prison *pr)
4956 if (strcmp(pr->pr_name, pr->pr_prison_racct->prr_name) == 0) {
4962 oldprr = pr->pr_prison_racct;
4963 pr->pr_prison_racct = NULL;
4965 prison_racct_attach(pr);
4970 racct_move(pr->pr_prison_racct->prr_racct, oldprr->prr_racct);
4991 prison_racct_detach(struct prison *pr)
4997 if (pr->pr_prison_racct == NULL)
4999 prison_racct_free(pr->pr_prison_racct);
5000 pr->pr_prison_racct = NULL;
5007 db_show_prison(struct prison *pr)
5023 db_printf("prison %p:\n", pr);
5024 db_printf(" jid = %d\n", pr->pr_id);
5025 db_printf(" name = %s\n", pr->pr_name);
5026 db_printf(" parent = %p\n", pr->pr_parent);
5027 db_printf(" ref = %d\n", pr->pr_ref);
5028 db_printf(" uref = %d\n", pr->pr_uref);
5030 pr->pr_state == PRISON_STATE_ALIVE ? "alive" :
5031 pr->pr_state == PRISON_STATE_DYING ? "dying" :
5033 db_printf(" path = %s\n", pr->pr_path);
5034 db_printf(" cpuset = %d\n", pr->pr_cpuset
5035 ? pr->pr_cpuset->cs_id : -1);
5037 db_printf(" vnet = %p\n", pr->pr_vnet);
5039 db_printf(" root = %p\n", pr->pr_root);
5040 db_printf(" securelevel = %d\n", pr->pr_securelevel);
5041 db_printf(" devfs_rsnum = %d\n", pr->pr_devfs_rsnum);
5042 db_printf(" children.max = %d\n", pr->pr_childmax);
5043 db_printf(" children.cur = %d\n", pr->pr_childcount);
5044 db_printf(" child = %p\n", LIST_FIRST(&pr->pr_children));
5045 db_printf(" sibling = %p\n", LIST_NEXT(pr, pr_sibling));
5046 db_printf(" flags = 0x%x", pr->pr_flags);
5048 if (pr->pr_flags & bf->flag)
5053 f = pr->pr_flags & (jsf->disable | jsf->new);
5059 db_printf(" allow = 0x%x", pr->pr_allow);
5064 if (pr->pr_allow & bf->flag)
5067 db_printf(" enforce_statfs = %d\n", pr->pr_enforce_statfs);
5068 db_printf(" host.hostname = %s\n", pr->pr_hostname);
5069 db_printf(" host.domainname = %s\n", pr->pr_domainname);
5070 db_printf(" host.hostuuid = %s\n", pr->pr_hostuuid);
5071 db_printf(" host.hostid = %lu\n", pr->pr_hostid);
5073 if ((pip = pr->pr_addrs[PR_INET]) != NULL) {
5084 if ((pip = pr->pr_addrs[PR_INET6]) != NULL) {
5097 struct prison *pr;
5106 TAILQ_FOREACH(pr, &allprison, pr_list) {
5107 db_show_prison(pr);
5116 pr = &prison0;
5119 TAILQ_FOREACH(pr, &allprison, pr_list)
5120 if (pr->pr_id == addr && pr->pr_ref > 0)
5122 if (pr == NULL)
5124 TAILQ_FOREACH(pr, &allprison, pr_list)
5125 if (pr->pr_id == addr)
5127 if (pr == NULL)
5129 pr = (struct prison *)addr;
5131 db_show_prison(pr);