system/freebsd-src
system/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src synced 2024-10-05 08:00:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
freebsd-src/sys/fs/procfs/procfs_status.c

266 lines
7.1 KiB
C
Raw Normal View History

BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
/*
* Copyright (c) 1993 Jan-Simon Pendry
* Copyright (c) 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Jan-Simon Pendry.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
This is the kernel Lite/2 commit. There are some requisite userland changes, so don't expect to be able to run the kernel as-is (very well) without the appropriate Lite/2 userland changes. The system boots and can mount UFS filesystems. Untested: ext2fs, msdosfs, NFS Known problems: Incorrect Berkeley ID strings in some files. Mount_std mounts will not work until the getfsent library routine is changed. Reviewed by: various people Submitted by: Jeffery Hsu <hsu@freebsd.org>
1997-02-10 02:22:35 +00:00
* @(#)procfs_status.c 8.4 (Berkeley) 6/15/94
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
*
This is the kernel Lite/2 commit. There are some requisite userland changes, so don't expect to be able to run the kernel as-is (very well) without the appropriate Lite/2 userland changes. The system boots and can mount UFS filesystems. Untested: ext2fs, msdosfs, NFS Known problems: Incorrect Berkeley ID strings in some files. Mount_std mounts will not work until the getfsent library routine is changed. Reviewed by: various people Submitted by: Jeffery Hsu <hsu@freebsd.org>
1997-02-10 02:22:35 +00:00
* From:
$Id$ -> $FreeBSD$
1999-08-28 01:08:13 +00:00
* $FreeBSD$
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
*/
#include <sys/param.h>
#include <sys/systm.h>
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files. Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files. Sort sys/*.h includes where possible in affected files. OK'ed by: bde (with reservations)
2001-05-01 08:13:21 +00:00
#include <sys/exec.h>
#include <sys/jail.h>
#include <sys/lock.h>
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
#include <sys/malloc.h>
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files. Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files. Sort sys/*.h includes where possible in affected files. OK'ed by: bde (with reservations)
2001-05-01 08:13:21 +00:00
#include <sys/mutex.h>
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
#include <sys/proc.h>
#include <sys/resourcevar.h>
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files. Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files. Sort sys/*.h includes where possible in affected files. OK'ed by: bde (with reservations)
2001-05-01 08:13:21 +00:00
#include <sys/tty.h>
#include <sys/vnode.h>
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
Let processes retrieve their argv through procfs. Revert to the original behaviour in all other cases. Submitted by: Andrew Gordon <arg@arg1.demon.co.uk>
1999-08-19 19:41:08 +00:00
#include <vm/vm.h>
#include <vm/pmap.h>
#include <vm/vm_param.h>
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files. Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files. Sort sys/*.h includes where possible in affected files. OK'ed by: bde (with reservations)
2001-05-01 08:13:21 +00:00
- FDESC, FIFO, NULL, PORTAL, PROC, UMAP and UNION file systems were repo-copied from sys/miscfs to sys/fs. - Renamed the following file systems and their modules: fdesc -> fdescfs, portal -> portalfs, union -> unionfs. - Renamed corresponding kernel options: FDESC -> FDESCFS, PORTAL -> PORTALFS, UNION -> UNIONFS. - Install header files for the above file systems. - Removed bogus -I${.CURDIR}/../../sys CFLAGS from userland Makefiles.
2001-05-23 09:42:29 +00:00
#include <fs/procfs/procfs.h>
Let processes retrieve their argv through procfs. Revert to the original behaviour in all other cases. Submitted by: Andrew Gordon <arg@arg1.demon.co.uk>
1999-08-19 19:41:08 +00:00
More paranoia against overflows
2000-11-08 21:53:05 +00:00
#define DOCHECK() do { if (ps >= psbuf+sizeof(psbuf)) goto bailout; } while (0)
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
int
procfs_dostatus(curp, p, pfs, uio)
struct proc *curp;
struct proc *p;
struct pfsnode *pfs;
struct uio *uio;
{
struct session *sess;
struct tty *tp;
struct ucred *cr;
char *ps;
char *sep;
int pid, ppid, pgid, sid;
int i;
int xlen;
int error;
More paranoia against overflows
2000-11-08 21:53:05 +00:00
char psbuf[256]; /* XXX - conservative */
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
if (uio->uio_rw != UIO_READ)
return (EOPNOTSUPP);
pid = p->p_pid;
Protect read to p_pptr with proc lock rather than proctree lock.
2001-03-07 03:10:20 +00:00
PROC_LOCK(p);
Fix typo "," vs ";" PR: 15696 Submitted by: Takashi Okumura <taka@cs.pitt.edu>
1999-12-27 16:03:38 +00:00
ppid = p->p_pptr ? p->p_pptr->p_pid : 0;
Protect read to p_pptr with proc lock rather than proctree lock.
2001-03-07 03:10:20 +00:00
PROC_UNLOCK(p);
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
pgid = p->p_pgrp->pg_id;
sess = p->p_pgrp->pg_session;
sid = sess->s_leader ? sess->s_leader->p_pid : 0;
add ruid and rgid to file 'status'
1996-02-02 05:19:20 +00:00
/* comm pid ppid pgid sid maj,min ctty,sldr start ut st wmsg
euid ruid rgid,egid,groups[1 .. NGROUPS]
*/
More paranoia against overflows
2000-11-08 21:53:05 +00:00
KASSERT(sizeof(psbuf) > MAXCOMLEN,
("Too short buffer for new MAXCOMLEN"));
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
ps = psbuf;
bcopy(p->p_comm, ps, MAXCOMLEN);
ps[MAXCOMLEN] = '\0';
ps += strlen(ps);
More paranoia against overflows
2000-11-08 21:53:05 +00:00
DOCHECK();
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
" %d %d %d %d ", pid, ppid, pgid, sid);
DOCHECK();
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
if ((p->p_flag&P_CONTROLT) && (tp = sess->s_ttyp))
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
"%d,%d ", major(tp->t_dev), minor(tp->t_dev));
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
else
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
"%d,%d ", -1, -1);
DOCHECK();
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
sep = "";
if (sess->s_ttyvp) {
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "%sctty", sep);
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
sep = ",";
More paranoia against overflows
2000-11-08 21:53:05 +00:00
DOCHECK();
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
}
if (SESS_LEADER(p)) {
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "%ssldr", sep);
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
sep = ",";
More paranoia against overflows
2000-11-08 21:53:05 +00:00
DOCHECK();
}
if (*sep != ',') {
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "noflags");
DOCHECK();
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
}
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_lock_spin(&sched_lock);
- Catch up to proc flag changes.
2001-01-24 11:20:05 +00:00
if (p->p_sflag & PS_INMEM) {
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
struct timeval ut, st;
Don't call calcru() on a swapped-out process. calcru() access p_stats, which is in U-area.
1999-05-22 20:10:31 +00:00
calcru(p, &ut, &st, (struct timeval *) NULL);
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock_spin(&sched_lock);
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
" %ld,%ld %ld,%ld %ld,%ld",
Don't call calcru() on a swapped-out process. calcru() access p_stats, which is in U-area.
1999-05-22 20:10:31 +00:00
p->p_stats->p_start.tv_sec,
p->p_stats->p_start.tv_usec,
ut.tv_sec, ut.tv_usec,
st.tv_sec, st.tv_usec);
- Catch up to proc flag changes.
2001-01-24 11:20:05 +00:00
} else {
Change and clean the mutex lock interface. mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
mtx_unlock_spin(&sched_lock);
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
" -1,-1 -1,-1 -1,-1");
- Catch up to proc flag changes.
2001-01-24 11:20:05 +00:00
}
More paranoia against overflows
2000-11-08 21:53:05 +00:00
DOCHECK();
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %s",
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
(p->p_wchan && p->p_wmesg) ? p->p_wmesg : "nochan");
More paranoia against overflows
2000-11-08 21:53:05 +00:00
DOCHECK();
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
cr = p->p_ucred;
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %lu %lu %lu",
Fixed printf format errors.
1998-07-11 07:46:16 +00:00
(u_long)cr->cr_uid,
(u_long)p->p_cred->p_ruid,
(u_long)p->p_cred->p_rgid);
More paranoia against overflows
2000-11-08 21:53:05 +00:00
DOCHECK();
add ruid and rgid to file 'status'
1996-02-02 05:19:20 +00:00
/* egid (p->p_cred->p_svgid) is equal to cr_ngroups[0]
see also getegid(2) in /sys/kern/kern_prot.c */
More paranoia against overflows
2000-11-08 21:53:05 +00:00
for (i = 0; i < cr->cr_ngroups; i++) {
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
",%lu", (u_long)cr->cr_groups[i]);
DOCHECK();
}
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
o Move per-process jail pointer (p->pr_prison) to inside of the subject credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use. Notes: o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure. Reviewed by: freebsd-arch Obtained from: TrustedBSD Project
2001-02-21 06:39:57 +00:00
if (jailed(p->p_ucred))
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
o Move per-process jail pointer (p->pr_prison) to inside of the subject credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use. Notes: o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure. Reviewed by: freebsd-arch Obtained from: TrustedBSD Project
2001-02-21 06:39:57 +00:00
" %s", p->p_ucred->cr_prison->pr_host);
This Implements the mumbled about "Jail" feature. This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
else
More paranoia against overflows
2000-11-08 21:53:05 +00:00
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " -");
DOCHECK();
ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n");
DOCHECK();
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
xlen = ps - psbuf;
xlen -= uio->uio_offset;
ps = psbuf + uio->uio_offset;
This is the kernel Lite/2 commit. There are some requisite userland changes, so don't expect to be able to run the kernel as-is (very well) without the appropriate Lite/2 userland changes. The system boots and can mount UFS filesystems. Untested: ext2fs, msdosfs, NFS Known problems: Incorrect Berkeley ID strings in some files. Mount_std mounts will not work until the getfsent library routine is changed. Reviewed by: various people Submitted by: Jeffery Hsu <hsu@freebsd.org>
1997-02-10 02:22:35 +00:00
xlen = imin(xlen, uio->uio_resid);
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
if (xlen <= 0)
error = 0;
else
error = uiomove(ps, xlen, uio);
return (error);
More paranoia against overflows
2000-11-08 21:53:05 +00:00
bailout:
return (ENOMEM);
BSD 4.4 Lite Kernel Sources
1994-05-24 10:09:53 +00:00
}
A partial implementation of the procfs cmdline pseudo-file. This is enough to satisfy things like StarOffice. This is a hack, but doing it properly would be a LOT of work, and would require extensive grovelling around in the user address space to find the argv[]. Obtained from: Mostly from Andrzej Bialecki <abial@nask.pl>.
1999-01-05 03:53:06 +00:00
int
procfs_docmdline(curp, p, pfs, uio)
struct proc *curp;
struct proc *p;
struct pfsnode *pfs;
struct uio *uio;
{
char *ps;
int xlen;
int error;
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
char *buf, *bp;
int buflen;
Let processes retrieve their argv through procfs. Revert to the original behaviour in all other cases. Submitted by: Andrew Gordon <arg@arg1.demon.co.uk>
1999-08-19 19:41:08 +00:00
struct ps_strings pstr;
int i;
size_t bytes_left, done;
A partial implementation of the procfs cmdline pseudo-file. This is enough to satisfy things like StarOffice. This is a hack, but doing it properly would be a LOT of work, and would require extensive grovelling around in the user address space to find the argv[]. Obtained from: Mostly from Andrzej Bialecki <abial@nask.pl>.
1999-01-05 03:53:06 +00:00
if (uio->uio_rw != UIO_READ)
return (EOPNOTSUPP);
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
A partial implementation of the procfs cmdline pseudo-file. This is enough to satisfy things like StarOffice. This is a hack, but doing it properly would be a LOT of work, and would require extensive grovelling around in the user address space to find the argv[]. Obtained from: Mostly from Andrzej Bialecki <abial@nask.pl>.
1999-01-05 03:53:06 +00:00
/*
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
* If we are using the ps/cmdline caching, use that. Otherwise
* revert back to the old way which only implements full cmdline
* for the currept process and just p->p_comm for all other
* processes.
Let processes retrieve their argv through procfs. Revert to the original behaviour in all other cases. Submitted by: Andrew Gordon <arg@arg1.demon.co.uk>
1999-08-19 19:41:08 +00:00
* Note that if the argv is no longer available, we deliberately
* don't fall back on p->p_comm or return an error: the authentic
* Linux behaviour is to return zero-length in this case.
A partial implementation of the procfs cmdline pseudo-file. This is enough to satisfy things like StarOffice. This is a hack, but doing it properly would be a LOT of work, and would require extensive grovelling around in the user address space to find the argv[]. Obtained from: Mostly from Andrzej Bialecki <abial@nask.pl>.
1999-01-05 03:53:06 +00:00
*/
o Centralize inter-process access control, introducing: int p_can(p1, p2, operation, privused) which allows specification of subject process, object process, inter-process operation, and an optional call-by-reference privused flag, allowing the caller to determine if privilege was required for the call to succeed. This allows jail, kern.ps_showallprocs and regular credential-based interaction checks to occur in one block of code. Possible operations are P_CAN_SEE, P_CAN_SCHED, P_CAN_KILL, and P_CAN_DEBUG. p_can currently breaks out as a wrapper to a series of static function checks in kern_prot, which should not be invoked directly. o Commented out capabilities entries are included for some checks. o Update most inter-process authorization to make use of p_can() instead of manual checks, PRISON_CHECK(), P_TRESPASS(), and kern.ps_showallprocs. o Modify suser{,_xxx} to use const arguments, as it no longer modifies process flags due to the disabling of ASU. o Modify some checks/errors in procfs so that ENOENT is returned instead of ESRCH, further improving concealment of processes that should not be visible to other processes. Also introduce new access checks to improve hiding of processes for procfs_lookup(), procfs_getattr(), procfs_readdir(). Correct a bug reported by bp concerning not handling the CREATE case in procfs_lookup(). Remove volatile flag in procfs that caused apparently spurious qualifier warnigns (approved by bde). o Add comment noting that ktrace() has not been updated, as its access control checks are different from ptrace(), whereas they should probably be the same. Further discussion should happen on this topic. Reviewed by: bde, green, phk, freebsd-security, others Approved by: bde Obtained from: TrustedBSD Project
2000-08-30 04:49:09 +00:00
if (p->p_args && (ps_argsopen || !p_can(curp, p, P_CAN_SEE, NULL))) {
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
bp = p->p_args->ar_args;
buflen = p->p_args->ar_length;
buf = 0;
} else if (p != curp) {
bp = p->p_comm;
buflen = MAXCOMLEN;
buf = 0;
} else {
buflen = 256;
MALLOC(buf, char *, buflen + 1, M_TEMP, M_WAITOK);
bp = buf;
ps = buf;
Let processes retrieve their argv through procfs. Revert to the original behaviour in all other cases. Submitted by: Andrew Gordon <arg@arg1.demon.co.uk>
1999-08-19 19:41:08 +00:00
error = copyin((void*)PS_STRINGS, &pstr, sizeof(pstr));
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
if (error) {
FREE(buf, M_TEMP);
Let processes retrieve their argv through procfs. Revert to the original behaviour in all other cases. Submitted by: Andrew Gordon <arg@arg1.demon.co.uk>
1999-08-19 19:41:08 +00:00
return (error);
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
}
bytes_left = buflen;
Let processes retrieve their argv through procfs. Revert to the original behaviour in all other cases. Submitted by: Andrew Gordon <arg@arg1.demon.co.uk>
1999-08-19 19:41:08 +00:00
for (i = 0; bytes_left && (i < pstr.ps_nargvstr); i++) {
error = copyinstr(pstr.ps_argvstr[i], ps,
bytes_left, &done);
/* If too long or malformed, just truncate */
if (error) {
error = 0;
break;
}
ps += done;
bytes_left -= done;
}
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
buflen = ps - buf;
Let processes retrieve their argv through procfs. Revert to the original behaviour in all other cases. Submitted by: Andrew Gordon <arg@arg1.demon.co.uk>
1999-08-19 19:41:08 +00:00
}
A partial implementation of the procfs cmdline pseudo-file. This is enough to satisfy things like StarOffice. This is a hack, but doing it properly would be a LOT of work, and would require extensive grovelling around in the user address space to find the argv[]. Obtained from: Mostly from Andrzej Bialecki <abial@nask.pl>.
1999-01-05 03:53:06 +00:00
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
buflen -= uio->uio_offset;
ps = bp + uio->uio_offset;
xlen = min(buflen, uio->uio_resid);
A partial implementation of the procfs cmdline pseudo-file. This is enough to satisfy things like StarOffice. This is a hack, but doing it properly would be a LOT of work, and would require extensive grovelling around in the user address space to find the argv[]. Obtained from: Mostly from Andrzej Bialecki <abial@nask.pl>.
1999-01-05 03:53:06 +00:00
if (xlen <= 0)
error = 0;
else
error = uiomove(ps, xlen, uio);
Make proc/*/cmdline use the cached argv if available. Submitted by: Paul Saab <paul@mu.org> Reviewed by: phk
1999-11-17 21:35:07 +00:00
if (buf)
FREE(buf, M_TEMP);
A partial implementation of the procfs cmdline pseudo-file. This is enough to satisfy things like StarOffice. This is a hack, but doing it properly would be a LOT of work, and would require extensive grovelling around in the user address space to find the argv[]. Obtained from: Mostly from Andrzej Bialecki <abial@nask.pl>.
1999-01-05 03:53:06 +00:00
return (error);
}
Reference in a new issue Copy permalink