Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: projects/jailc…
Commits on Feb 27, 2012
  1. Use the defvs_ruleset paramater when mounting a jail's /dev,

    jamie authored
    instead of a mount.devfs.ruleset pseudo-parameter.
  2. From r224286:

    jamie authored
      Document the potential for jail escape.
    From r224615:
      Always disable mount and unmount for jails with enforce_statfs==2.
    From r231267:
      A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for
      mounting devfs inside jails. A value of -1 disables mounting devfs in
      jails, a value of zero means no restrictions. Nested jails can only
      have mounting devfs disabled or inherit parent's enforcement as jails are
      not allowed to view or manipulate devfs(8) rules.
    From r232059:
      To improve control over the use of mount(8) inside a jail(8), introduce
      a new jail parameter node with the following parameters:
    	allow mounting the devfs filesystem inside a jail
    	allow mounting the nullfs filesystem inside a jail
    From r232186:
    	allow mounting the zfs filesystem inside a jail
Commits on Feb 8, 2012
  1. Improvements in error messages:

    jamie authored
    Some errors printed the jail name for unnamed (command line) jails.
    Attempting to create an already-existing jail from the command line
    returned with no error (even for non-root) due to bad logic in
    Ignore kvm_proc errors, which are typically caused by permission
    problems.  Instead, stop ignoring permission errors when removing
    a jail (but continue to silently ignore other errors, i.e. the
    jail no longer existing).  This makes non-root attempts at removing
    a jail give a clearer error message.
Commits on Feb 7, 2012
  1. Allow relative pathnames for jails generated on the command line

    jamie authored
    (but continue to flag when from a config file).
Commits on Jan 31, 2012
  1. Better communicate the purpose of "-r *".

    jamie authored
Commits on Jul 6, 2011
  1. Don't report errors for the exit status of processes that are killed

    jamie authored
    as part of jail removal (IP_STOP_TIMEOUT).
    Note a jail as "removed" even if it wasn't jail_remove() that did
    the deed, e.g. if it already went away because all its processes
    were killed.
Commits on Jun 22, 2011
  1. Advance to the next command before running anything, so errors found in

    jamie authored
     finish_command can be processed properly.
    Call failed() once in next_command() instead of multiple times in
    Continue processing commands when a no-wait operation (IP__OP or background
     command) succeeds.
Commits on Jun 21, 2011
  1. Fix a couple of NULL dereferences.

    jamie authored
Commits on Jun 20, 2011
  1. Following r222465:

    jamie authored
      Check for IPv4 or IPv6 to be available by the kernel to not
      provoke errors trying to query options not available.
      Make it possible to compile out INET or INET6 only parts.
  2. Linty stuff.

    jamie authored
Commits on Jun 18, 2011
  1. Move the actual create/remove (IP__OP) handling into run_command,

    jamie authored
    and the cost of an ugly single-use global variable.
Commits on Jun 17, 2011
  1. Split run_command up into an outer function (next_command) that chooses

    jamie authored
     a single command string to run, and an inner function (run_command) that
     runs that single string.
    Move the list of start/stop commands to run from a switch statement into
     an array, with a new placeholder parameter IP__OP for actually creating
     or removing the jail.
    When jail creation fails, revert all non-exec commands in reverse order.
  2. Change cfstrings from an STAILQ into a TAILQ to allow commands to be

    jamie authored
     traversed in reverse order.
Commits on Dec 10, 2010
  1. run_command (mostly) cleanup:

    jamie authored
    Make the parallelism limit a global instead of always passing it
     to run_command and finish_command.
    In the case of an empty command string, try to run any other strings
     the command may have.
    Replace JF_BACKGROUND with its sort-of opposite JF_SLEEPQ.
    Change j->comstring earlier to render JF_RUNQ unncessary.
    Change the if-else series to a more readable switch statement.
    Treat IP_STOP_TIMEOUT like a command, calling run_command which then
     calls term_procs.
    When the IP_STOP_TIMEOUT "command" finishes, it shouldn't mess with
     the parallelism limit.
    Make sufficient checks in finish_command and run_command so that
     the nonintuitive j->comstring null check isn't necessary to run them.
    Rename the "waiting" queue to "depend", because the "sleeping" and
     "runnable" queues are also used to wait for something.
Commits on Nov 4, 2010
  1. Check paths for security:

    jamie authored
     path must be absolute.
     mount paths must exist and have no symlinks beyond the jail's path itself.
     consolelog must exist (apart from the final component) and have no
      symlinks beyond the jail's path itself.
  2. Reads the mount.fstab file, and put its lines separately into the

    jamie authored
    IP__MOUNT_FROM_FSTAB internal parameter.
Commits on Nov 1, 2010
Commits on Oct 27, 2010
  1. Use a little more "ifdef INET6".

    jamie authored
  2. Keep all internal/known parameter names in one place, and use

    jamie authored
    enum constants everywhere else.
Commits on Oct 20, 2010
  1. Use closefrom(2) instead of close(2) in a loop.

    pjd authored
    MFC after:	1 week
  2. Bring in geli suspend/resume functionality (finally).

    pjd authored
    Before this change if you wanted to suspend your laptop and be sure that your
    encryption keys are safe, you had to stop all processes that use file system
    stored on encrypted device, unmount the file system and detach geli provider.
    This isn't very handy. If you are a lucky user of a laptop where suspend/resume
    actually works with FreeBSD (I'm not!) you most likely want to suspend your
    laptop, because you don't want to start everything over again when you turn
    your laptop back on.
    And this is where geli suspend/resume steps in. When you execute:
    	# geli suspend -a
    geli will wait for all in-flight I/O requests, suspend new I/O requests, remove
    all geli sensitive data from the kernel memory (like encryption keys) and will
    wait for either 'geli resume' or 'geli detach'.
    Now with no keys in memory you can suspend your laptop without stopping any
    processes or unmounting any file systems.
    When you resume your laptop you have to resume geli devices using 'geli resume'
    command. You need to provide your passphrase, etc. again so the keys can be
    restored and suspended I/O requests released.
    Of course you need to remember that 'geli suspend' won't clear file system
    cache and other places where data from your geli-encrypted file system might be
    present. But to get rid of those stopping processes and unmounting file system
    won't help either - you have to turn your laptop off. Be warned.
    Also note, that suspending geli device which contains file system with geli
    utility (or anything used by 'geli resume') is not very good idea, as you won't
    be able to resume it - when you execute geli(8), the kernel will try to read it
    and this read I/O request will be suspended.
  3. Initial work on the new jail(8). There are more features to add, and …

    jamie authored
    cleaning up to do on existing features, but this is pretty much what the
    final product will look like.
  4. - Add missing comments.

    pjd authored
    - Make a comment consistent with others.
  5. @EdSchouten
  6. Correct typos.

    pjd authored
  7. @juikim

    Introduce a new tunable 'hw.pci.do_power_suspend'. This tunable lets you

    juikim authored
    avoid PCI power state transition from D0 to D3 for suspending case.  Default
    is 1 or enabled.
  8. @juikim
  9. Network driver updates

    jchandra authored
    - Fix network driver issue on a XLS eval board (major# 8).
    - Fix issue uncovered by r213475 in check for XGMII
    Submitted by:	Sriram Gorti (srgorti at netlogicmicro dot com)
  10. On uniprocessor, warn and fixup hardware cpu mask if more than on CPU

    jchandra authored
    is enabled by the bootloader.
  11. @EdSchouten

    Remove setpgid() call before executing child process.

    EdSchouten authored
    Using a separate process group here is bad, since (for example) job
    control in the TTY layer prevents interaction with the TTY, causing the
    child process to hang.
    Mentioned on:	current@
    MFC after:	2 weeks
Something went wrong with that request. Please try again.