Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Our implementation for Jails resembles much of how FreeBSD jails are working - it's essentially only a matter of using a RefPtr in the Process class to a Jail object. Then, when we iterate over all processes in various cases, we could ensure if either the current process is in jail and therefore should be restricted what is visible in terms of PID isolation, and also to be able to expose metadata about Jails in /sys/kernel/jails node (which does not reveal anything to a process which is in jail). A lifetime model for the Jail object is currently plain simple - there's simpy no way to manually delete a Jail object once it was created. Such feature should be carefully designed to allow safe destruction of a Jail without the possibility of releasing a process which is in Jail from the actual jail. Each process which is attached into a Jail cannot leave it until the end of a Process (i.e. when finalizing a Process). All jails are kept being referenced in the JailManagement. When a last attached process is finalized, the Jail is automatically destroyed.
- Loading branch information
1 parent
d69a038
commit 5e06241
Showing
35 changed files
with
609 additions
and
160 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
/* | ||
* Copyright (c) 2022, Liav A. <liavalb@hotmail.co.il> | ||
* | ||
* SPDX-License-Identifier: BSD-2-Clause | ||
*/ | ||
|
||
#include <AK/JsonObjectSerializer.h> | ||
#include <Kernel/FileSystem/SysFS/Subsystems/Kernel/Jails.h> | ||
#include <Kernel/JailManagement.h> | ||
#include <Kernel/Sections.h> | ||
|
||
namespace Kernel { | ||
|
||
UNMAP_AFTER_INIT SysFSJails::SysFSJails(SysFSDirectory const& parent_directory) | ||
: SysFSGlobalInformation(parent_directory) | ||
{ | ||
} | ||
|
||
UNMAP_AFTER_INIT NonnullLockRefPtr<SysFSJails> SysFSJails::must_create(SysFSDirectory const& parent_directory) | ||
{ | ||
return adopt_lock_ref_if_nonnull(new (nothrow) SysFSJails(parent_directory)).release_nonnull(); | ||
} | ||
|
||
ErrorOr<void> SysFSJails::try_generate(KBufferBuilder& builder) | ||
{ | ||
auto array = TRY(JsonArraySerializer<>::try_create(builder)); | ||
TRY(JailManagement::the().for_each_in_same_jail([&array](Jail& jail) -> ErrorOr<void> { | ||
auto obj = TRY(array.add_object()); | ||
TRY(obj.add("index"sv, jail.index().value())); | ||
TRY(obj.add("name"sv, jail.name())); | ||
TRY(obj.finish()); | ||
return {}; | ||
})); | ||
TRY(array.finish()); | ||
return {}; | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
/* | ||
* Copyright (c) 2022, Liav A. <liavalb@hotmail.co.il> | ||
* | ||
* SPDX-License-Identifier: BSD-2-Clause | ||
*/ | ||
|
||
#pragma once | ||
|
||
#include <AK/Types.h> | ||
#include <Kernel/FileSystem/SysFS/Subsystems/Kernel/GlobalInformation.h> | ||
#include <Kernel/KBufferBuilder.h> | ||
#include <Kernel/Library/LockRefPtr.h> | ||
#include <Kernel/UserOrKernelBuffer.h> | ||
|
||
namespace Kernel { | ||
|
||
class SysFSJails final : public SysFSGlobalInformation { | ||
public: | ||
virtual StringView name() const override { return "jails"sv; } | ||
|
||
static NonnullLockRefPtr<SysFSJails> must_create(SysFSDirectory const& parent_directory); | ||
|
||
private: | ||
explicit SysFSJails(SysFSDirectory const& parent_directory); | ||
virtual ErrorOr<void> try_generate(KBufferBuilder& builder) override; | ||
}; | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.