Mercurial > illumos > illumos-gate

changeset 3673:5bba3401c7f4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6516265 an exclusive zone with "limitpriv" other than "default" will panic the machine 6518710 sbd will not run with IP Instances putback to snv_57
author dh155122
date Sat, 17 Feb 2007 22:21:28 -0800
parents c5a5c46b417f
children e0608a068bd6
files usr/src/cmd/zoneadmd/vplat.c usr/src/head/libzonecfg.h usr/src/lib/brand/lx/zone/config.xml usr/src/lib/brand/native/zone/config.xml usr/src/lib/brand/sn1/zone/config.xml usr/src/lib/libbrand/common/libbrand.c usr/src/lib/libbrand/common/libbrand.h usr/src/lib/libbrand/dtd/brand.dtd.1 usr/src/lib/libzonecfg/common/libzonecfg.c usr/src/pkgdefs/SUNWhea/prototype_com usr/src/pkgdefs/etc/exception_list_i386 usr/src/pkgdefs/etc/exception_list_sparc
diffstat 12 files changed, 110 insertions(+), 43 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/cmd/zoneadmd/vplat.c	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/cmd/zoneadmd/vplat.c	Sat Feb 17 22:21:28 2007 -0800
@@ -2809,7 +2809,25 @@
 	}
 
 	if (mount_cmd) {
-		if (zonecfg_default_privset(privs) == Z_OK)
+		zone_iptype_t	iptype;
+		const char	*curr_iptype;
+
+		if (zonecfg_get_iptype(handle, &iptype) != Z_OK) {
+			zerror(zlogp, B_TRUE, "unable to determine ip-type");
+			zonecfg_fini_handle(handle);
+			return (-1);
+		}
+
+		switch (iptype) {
+		case ZS_SHARED:
+			curr_iptype = "shared";
+			break;
+		case ZS_EXCLUSIVE:
+			curr_iptype = "exclusive";
+			break;
+		}
+
+		if (zonecfg_default_privset(privs, curr_iptype) == Z_OK)
 			return (0);
 		zerror(zlogp, B_FALSE,
 		    "failed to determine the zone's default privilege set");
@@ -3920,17 +3938,6 @@
 		return (-1);
 	}
 	priv_emptyset(privs);
-	if (iptype == ZS_EXCLUSIVE) {
-		/*
-		 * add PRIV_NET_RAWACCESS and PRIV_SYS_IP_CONFIG
-		 */
-		if (priv_addset(privs, PRIV_NET_RAWACCESS) != 0 ||
-		    priv_addset(privs, PRIV_SYS_IP_CONFIG) != 0) {
-			zerror(zlogp, B_TRUE,
-			    "Failed to add networking privileges");
-			goto error;
-		}
-	}
 	if (get_privset(zlogp, privs, mount_cmd) != 0)
 		goto error;
 
--- a/usr/src/head/libzonecfg.h	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/head/libzonecfg.h	Sat Feb 17 22:21:28 2007 -0800
@@ -470,7 +470,7 @@
 /*
  * Privilege-related functions.
  */
-extern	int	zonecfg_default_privset(priv_set_t *);
+extern	int	zonecfg_default_privset(priv_set_t *, const char *);
 extern	int	zonecfg_get_privset(zone_dochandle_t, priv_set_t *,
     char **);
 extern	int	zonecfg_get_limitpriv(zone_dochandle_t, char **);
--- a/usr/src/lib/brand/lx/zone/config.xml	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/lib/brand/lx/zone/config.xml	Sat Feb 17 22:21:28 2007 -0800
@@ -20,7 +20,7 @@
 
  CDDL HEADER END
 
- Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  Use is subject to license terms.
 
  ident	"%Z%%M%	%I%	%E% SMI"
@@ -79,6 +79,7 @@
 	<privilege set="prohibited" name="proc_zone" />
 	<privilege set="prohibited" name="sys_config" />
 	<privilege set="prohibited" name="sys_devices" />
+	<privilege set="prohibited" name="sys_ip_config" />
 	<privilege set="prohibited" name="sys_linkdir" />
 	<privilege set="prohibited" name="sys_net_config" />
 	<privilege set="prohibited" name="sys_res_config" />
--- a/usr/src/lib/brand/native/zone/config.xml	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/lib/brand/native/zone/config.xml	Sat Feb 17 22:21:28 2007 -0800
@@ -20,7 +20,7 @@
 
  CDDL HEADER END
 
- Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  Use is subject to license terms.
 
  ident	"%Z%%M%	%I%	%E% SMI"
@@ -62,6 +62,7 @@
 	<privilege set="default" name="net_icmpaccess" />
 	<privilege set="default" name="net_mac_aware" />
 	<privilege set="default" name="net_privaddr" />
+	<privilege set="default" name="net_rawaccess" ip-type="exclusive" />
 	<privilege set="default" name="proc_chroot" />
 	<privilege set="default" name="sys_audit" />
 	<privilege set="default" name="proc_audit" />
@@ -71,6 +72,7 @@
 	<privilege set="default" name="proc_taskid" />
 	<privilege set="default" name="sys_acct" />
 	<privilege set="default" name="sys_admin" />
+	<privilege set="default" name="sys_ip_config" ip-type="exclusive" />
 	<privilege set="default" name="sys_mount" />
 	<privilege set="default" name="sys_nfs" />
 	<privilege set="default" name="sys_resource" />
@@ -79,6 +81,7 @@
 	<privilege set="prohibited" name="proc_zone" />
 	<privilege set="prohibited" name="sys_config" />
 	<privilege set="prohibited" name="sys_devices" />
+	<privilege set="prohibited" name="sys_ip_config" ip-type="shared" />
 	<privilege set="prohibited" name="sys_linkdir" />
 	<privilege set="prohibited" name="sys_net_config" />
 	<privilege set="prohibited" name="sys_res_config" />
@@ -86,5 +89,6 @@
 
 	<privilege set="required" name="proc_exec" />
 	<privilege set="required" name="proc_fork" />
+	<privilege set="required" name="sys_ip_config" ip-type="exclusive" />
 	<privilege set="required" name="sys_mount" />
 </brand>
--- a/usr/src/lib/brand/sn1/zone/config.xml	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/lib/brand/sn1/zone/config.xml	Sat Feb 17 22:21:28 2007 -0800
@@ -20,7 +20,7 @@
 
  CDDL HEADER END
 
- Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  Use is subject to license terms.
 
  ident	"%Z%%M%	%I%	%E% SMI"
@@ -62,6 +62,7 @@
 	<privilege set="default" name="net_icmpaccess" />
 	<privilege set="default" name="net_mac_aware" />
 	<privilege set="default" name="net_privaddr" />
+	<privilege set="default" name="net_rawaccess" ip-type="exclusive" />
 	<privilege set="default" name="proc_chroot" />
 	<privilege set="default" name="sys_audit" />
 	<privilege set="default" name="proc_audit" />
@@ -71,6 +72,7 @@
 	<privilege set="default" name="proc_taskid" />
 	<privilege set="default" name="sys_acct" />
 	<privilege set="default" name="sys_admin" />
+	<privilege set="default" name="sys_ip_config" ip-type="exclusive" />
 	<privilege set="default" name="sys_mount" />
 	<privilege set="default" name="sys_nfs" />
 	<privilege set="default" name="sys_resource" />
@@ -79,6 +81,7 @@
 	<privilege set="prohibited" name="proc_zone" />
 	<privilege set="prohibited" name="sys_config" />
 	<privilege set="prohibited" name="sys_devices" />
+	<privilege set="prohibited" name="sys_ip_config" ip-type="shared" />
 	<privilege set="prohibited" name="sys_linkdir" />
 	<privilege set="prohibited" name="sys_net_config" />
 	<privilege set="prohibited" name="sys_res_config" />
@@ -86,5 +89,6 @@
 
 	<privilege set="required" name="proc_exec" />
 	<privilege set="required" name="proc_fork" />
+	<privilege set="required" name="sys_ip_config" ip-type="exclusive" />
 	<privilege set="required" name="sys_mount" />
 </brand>
--- a/usr/src/lib/libbrand/common/libbrand.c	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/lib/libbrand/common/libbrand.c	Sat Feb 17 22:21:28 2007 -0800
@@ -577,12 +577,13 @@
  * specified callback for each.  Returns 0 on success, or -1 on failure.
  */
 int
-brand_config_iter_privilege(brand_handle_t bh, int (*func)(void *,
-    const char *, const char *), void *data)
+brand_config_iter_privilege(brand_handle_t bh,
+    int (*func)(void *, priv_iter_t *), void *data)
 {
 	struct brand_handle	*bhp = (struct brand_handle *)bh;
 	xmlNodePtr		node;
-	xmlChar			*name, *set;
+	xmlChar			*name, *set, *iptype;
+	priv_iter_t		priv_iter;
 	int			ret;
 
 	if ((node = xmlDocGetRootElement(bhp->bh_config)) == NULL)
@@ -595,19 +596,27 @@
 
 		name = xmlGetProp(node, DTD_ATTR_NAME);
 		set = xmlGetProp(node, DTD_ATTR_SET);
+		iptype = xmlGetProp(node, DTD_ATTR_IPTYPE);
 
-		if (name == NULL || set == NULL) {
+		if (name == NULL || set == NULL || iptype == NULL) {
 			if (name != NULL)
 				xmlFree(name);
 			if (set != NULL)
 				xmlFree(set);
+			if (iptype != NULL)
+				xmlFree(iptype);
 			return (-1);
 		}
 
-		ret = func(data, (const char *)name, (const char *)set);
+		priv_iter.pi_name = (char *)name;
+		priv_iter.pi_set = (char *)set;
+		priv_iter.pi_iptype = (char *)iptype;
+
+		ret = func(data, &priv_iter);
 
 		xmlFree(name);
 		xmlFree(set);
+		xmlFree(iptype);
 
 		if (ret != 0)
 			return (-1);
--- a/usr/src/lib/libbrand/common/libbrand.h	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/lib/libbrand/common/libbrand.h	Sat Feb 17 22:21:28 2007 -0800
@@ -37,6 +37,12 @@
 
 typedef struct __brand_handle *brand_handle_t;
 
+typedef struct priv_iter_s {
+	char	*pi_name;
+	char	*pi_set;
+	char	*pi_iptype;
+} priv_iter_t;
+
 extern brand_handle_t brand_open(const char *);
 extern void brand_close(brand_handle_t);
 
@@ -62,7 +68,7 @@
     char *, size_t, int, char **);
 
 extern int brand_config_iter_privilege(brand_handle_t,
-    int (*func)(void *, const char *, const char *), void *);
+    int (*func)(void *, priv_iter_t *), void *);
 
 extern int brand_platform_iter_devices(brand_handle_t, const char *,
     int (*)(void *, const char *, const char *), void *, const char *);
--- a/usr/src/lib/libbrand/dtd/brand.dtd.1	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/lib/libbrand/dtd/brand.dtd.1	Sat Feb 17 22:21:28 2007 -0800
@@ -20,7 +20,7 @@
 
  CDDL HEADER END
 
- Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  Use is subject to license terms.
 
  ident	"%Z%%M%	%I%	%E% SMI"
@@ -206,22 +206,30 @@
   privilege
 
     Add a privilege to the default, prohibited, or required set for all
-    zones of this brand.  If a privilege is added to the default set all
-    zones of this brand on the system will inherit this privilege unless
-    the privilege is removed via limitpriv in zonecfg(1m).  If a
-    privilege is added to the prohibited set it can not be added to
-    any zones via limitpriv in zonecfg(1m).  If a privilege is added
-    to the required set then all zones of this brand on the system
-    will inherit this privilege and it can't be removed via limitpriv in
-    zonecfg(1m).
+    zones of this brand with ip-type matched.  If a privilege is added
+    to the default set all zones of this brand with ip-type matched on
+    the system will inherit this privilege unless the privilege is
+    removed via limitpriv in zonecfg(1m).  If a privilege is added to
+    the prohibited set it can not be added to any zones with ip-type
+    matched via limitpriv in zonecfg(1m).  If a privilege is added to
+    the required set then all zones of this brand with ip-type matched
+    on the system will inherit this privilege and it can't be removed via
+    limitpriv in zonecfg(1m).
 
     Its attributes are
       set	The name of the set the privilege should go into.
       name	The name of the privilege.
+      ip-type	Optional, indicates that adding of the privilege to the
+		set only applies to certain IP types. Can be "shared" or
+		"exclusive". If it is not specified, the default value
+		"all" will be used, which means it is applicable regardless
+		the IP type.
+
 -->
 <!ELEMENT privilege	(#PCDATA) >
 <!ATTLIST privilege	set	( default | prohibited | required ) #REQUIRED 
-			name	CDATA #REQUIRED >
+			name	CDATA #REQUIRED
+			ip-type ( shared | exclusive ) "all" >
 
 <!--
   brand
--- a/usr/src/lib/libzonecfg/common/libzonecfg.c	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/lib/libzonecfg/common/libzonecfg.c	Sat Feb 17 22:21:28 2007 -0800
@@ -4592,30 +4592,42 @@
 
 	/* Privileges required for all non-global zones of a brand */
 	struct priv_node	*pl_required;
+
+	/*
+	 * ip-type of the zone these privileges lists apply to.
+	 * It is used to pass ip-type to the callback function,
+	 * priv_lists_cb, which has no way of getting the ip-type.
+	 */
+	const char		*pl_iptype;
 } priv_lists_t;
 
 static int
-priv_lists_cb(void *data, const char *name, const char *set)
+priv_lists_cb(void *data, priv_iter_t *priv_iter)
 {
 	priv_lists_t *plp = (priv_lists_t *)data;
 	priv_node_t *pnp;
 
+	/* Skip this privilege if ip-type does not match */
+	if ((strcmp(priv_iter->pi_iptype, "all") != 0) &&
+	    (strcmp(priv_iter->pi_iptype, plp->pl_iptype) != 0))
+		return (0);
+
 	/* Allocate a new priv list node. */
 	if ((pnp = malloc(sizeof (*pnp))) == NULL)
 		return (-1);
-	if ((pnp->pn_priv = strdup(name)) == NULL) {
+	if ((pnp->pn_priv = strdup(priv_iter->pi_name)) == NULL) {
 		free(pnp);
 		return (-1);
 	}
 
 	/* Insert the new priv list node into the right list */
-	if (strcmp(set, "default") == 0) {
+	if (strcmp(priv_iter->pi_set, "default") == 0) {
 		pnp->pn_next = plp->pl_default;
 		plp->pl_default = pnp;
-	} else if (strcmp(set, "prohibited") == 0) {
+	} else if (strcmp(priv_iter->pi_set, "prohibited") == 0) {
 		pnp->pn_next = plp->pl_prohibited;
 		plp->pl_prohibited = pnp;
-	} else if (strcmp(set, "required") == 0) {
+	} else if (strcmp(priv_iter->pi_set, "required") == 0) {
 		pnp->pn_next = plp->pl_required;
 		plp->pl_required = pnp;
 	} else {
@@ -4652,7 +4664,8 @@
 }
 
 static int
-priv_lists_create(zone_dochandle_t handle, priv_lists_t **plpp)
+priv_lists_create(zone_dochandle_t handle, priv_lists_t **plpp,
+    const char *curr_iptype)
 {
 	priv_lists_t *plp;
 	brand_handle_t bh;
@@ -4673,6 +4686,8 @@
 		return (Z_NOMEM);
 	}
 
+	plp->pl_iptype = curr_iptype;
+
 	/* construct the privilege lists */
 	if (brand_config_iter_privilege(bh, priv_lists_cb, plp) != 0) {
 		priv_lists_destroy(plp);
@@ -4707,12 +4722,12 @@
 }
 
 int
-zonecfg_default_privset(priv_set_t *privs)
+zonecfg_default_privset(priv_set_t *privs, const char *curr_iptype)
 {
 	priv_lists_t *plp;
 	int ret;
 
-	if ((ret = priv_lists_create(NULL, &plp)) != Z_OK)
+	if ((ret = priv_lists_create(NULL, &plp, curr_iptype)) != Z_OK)
 		return (ret);
 	ret = get_default_privset(privs, plp);
 	priv_lists_destroy(plp);
@@ -4861,6 +4876,8 @@
 	priv_lists_t *plp;
 	char *cp, *limitpriv = NULL;
 	int err, limitlen;
+	zone_iptype_t iptype;
+	const char *curr_iptype;
 
 	/*
 	 * Attempt to lookup the "limitpriv" property.  If it does not
@@ -4870,7 +4887,19 @@
 	if ((err = zonecfg_get_limitpriv(handle, &limitpriv)) != Z_OK)
 		return (err);
 
-	if ((err = priv_lists_create(handle, &plp)) != Z_OK)
+	if ((err = zonecfg_get_iptype(handle, &iptype)) != Z_OK)
+		return (err);
+
+	switch (iptype) {
+	case ZS_SHARED:
+		curr_iptype = "shared";
+		break;
+	case ZS_EXCLUSIVE:
+		curr_iptype = "exclusive";
+		break;
+	}
+
+	if ((err = priv_lists_create(handle, &plp, curr_iptype)) != Z_OK)
 		return (err);
 
 	limitlen = strlen(limitpriv);
--- a/usr/src/pkgdefs/SUNWhea/prototype_com	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/pkgdefs/SUNWhea/prototype_com	Sat Feb 17 22:21:28 2007 -0800
@@ -145,6 +145,7 @@
 f none usr/include/inet/ip6.h 644 root bin
 f none usr/include/inet/ip6_asp.h 644 root bin
 f none usr/include/inet/ipclassifier.h 644 root bin
+f none usr/include/inet/ipdrop.h 644 root bin
 f none usr/include/inet/ipp_common.h 644 root bin
 d none usr/include/inet/kssl 755 root bin
 f none usr/include/inet/kssl/ksslapi.h 644 root bin
--- a/usr/src/pkgdefs/etc/exception_list_i386	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/pkgdefs/etc/exception_list_i386	Sat Feb 17 22:21:28 2007 -0800
@@ -361,7 +361,6 @@
 usr/include/inet/tcp_impl.h		i386
 usr/include/inet/ip_impl.h		i386
 usr/include/inet/ip_ndp.h		i386
-usr/include/inet/ipdrop.h		i386
 usr/include/inet/tun.h			i386
 usr/include/protocols/ripngd.h		i386
 usr/include/libmail.h			i386
--- a/usr/src/pkgdefs/etc/exception_list_sparc	Fri Feb 16 22:50:16 2007 -0800
+++ b/usr/src/pkgdefs/etc/exception_list_sparc	Sat Feb 17 22:21:28 2007 -0800
@@ -350,7 +350,6 @@
 usr/include/inet/tcp_impl.h		sparc
 usr/include/inet/ip_impl.h		sparc
 usr/include/inet/ip_ndp.h		sparc
-usr/include/inet/ipdrop.h		sparc
 usr/include/inet/tun.h			sparc
 usr/include/protocols/ripngd.h		sparc
 usr/include/libmail.h			sparc