1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */

  21 /*
  22  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.



  23  * Copyright 2015 Joyent, Inc. All rights reserved.
  24  * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
  25  * Copyright 2014 Igor Kozhukhov <ikozhukhov@gmail.com>.
  26  */
  27 
  28 #ifndef _SYS_ZONE_H
  29 #define _SYS_ZONE_H
  30 
  31 #include <sys/types.h>
  32 #include <sys/mutex.h>
  33 #include <sys/param.h>
  34 #include <sys/rctl.h>
  35 #include <sys/ipc_rctl.h>
  36 #include <sys/pset.h>
  37 #include <sys/tsol/label.h>
  38 #include <sys/cred.h>
  39 #include <sys/netstack.h>
  40 #include <sys/uadmin.h>
  41 #include <sys/ksynch.h>
  42 #include <sys/socket_impl.h>
  43 #include <sys/secflags.h>
  44 #include <netinet/in.h>

 620 
 621         /*
 622          * DTrace-private per-zone state
 623          */
 624         int             zone_dtrace_getf;       /* # of unprivileged getf()s */
 625 
 626         /*
 627          * Synchronization primitives used to synchronize between mounts and
 628          * zone creation/destruction.
 629          */
 630         int             zone_mounts_in_progress;
 631         kcondvar_t      zone_mount_cv;
 632         kmutex_t        zone_mount_lock;
 633 } zone_t;
 634 
 635 /*
 636  * Special value of zone_psetid to indicate that pools are disabled.
 637  */
 638 #define ZONE_PS_INVAL   PS_MYID
 639 
 640 
 641 extern zone_t zone0;
 642 extern zone_t *global_zone;
 643 extern uint_t maxzones;
 644 extern rctl_hndl_t rc_zone_nlwps;
 645 extern rctl_hndl_t rc_zone_nprocs;
 646 
 647 extern long zone(int, void *, void *, void *, void *);
 648 extern void zone_zsd_init(void);
 649 extern void zone_init(void);
 650 extern void zone_hold(zone_t *);
 651 extern void zone_rele(zone_t *);
 652 extern void zone_init_ref(zone_ref_t *);
 653 extern void zone_hold_ref(zone_t *, zone_ref_t *, zone_ref_subsys_t);
 654 extern void zone_rele_ref(zone_ref_t *, zone_ref_subsys_t);
 655 extern void zone_cred_hold(zone_t *);
 656 extern void zone_cred_rele(zone_t *);
 657 extern void zone_task_hold(zone_t *);
 658 extern void zone_task_rele(zone_t *);
 659 extern zone_t *zone_find_by_id(zoneid_t);
 660 extern zone_t *zone_find_by_label(const ts_label_t *);

 762 #define ZONE_PATH_VISIBLE(path, zone) \
 763         (strncmp((path), (zone)->zone_rootpath,              \
 764             (zone)->zone_rootpathlen - 1) == 0)
 765 
 766 /*
 767  * Convenience macro to go from the global view of a path to that seen
 768  * from within said zone.  It is the responsibility of the caller to
 769  * ensure that the path is a resolved one (ie, no '..'s or '.'s), and is
 770  * in fact visible from within the zone.
 771  */
 772 #define ZONE_PATH_TRANSLATE(path, zone) \
 773         (ASSERT(ZONE_PATH_VISIBLE(path, zone)), \
 774         (path) + (zone)->zone_rootpathlen - 2)
 775 
 776 /*
 777  * Special processes visible in all zones.
 778  */
 779 #define ZONE_SPECIALPID(x)       ((x) == 0 || (x) == 1)
 780 
 781 /*





 782  * Zone-safe version of thread_create() to be used when the caller wants to
 783  * create a kernel thread to run within the current zone's context.
 784  */
 785 extern kthread_t *zthread_create(caddr_t, size_t, void (*)(), void *, size_t,
 786     pri_t);
 787 extern void zthread_exit(void);
 788 
 789 /*
 790  * Functions for an external observer to register interest in a zone's status
 791  * change.  Observers will be woken up when the zone status equals the status
 792  * argument passed in (in the case of zone_status_timedwait, the function may
 793  * also return because of a timeout; zone_status_wait_sig may return early due
 794  * to a signal being delivered; zone_status_timedwait_sig may return for any of
 795  * the above reasons).
 796  *
 797  * Otherwise these behave identically to cv_timedwait(), cv_wait(), and
 798  * cv_wait_sig() respectively.
 799  */
 800 extern clock_t zone_status_timedwait(zone_t *, clock_t, zone_status_t);
 801 extern clock_t zone_status_timedwait_sig(zone_t *, clock_t, zone_status_t);

   1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 
  22 /*
  23  * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
  24  */
  25 
  26 /*
  27  * Copyright 2015 Joyent, Inc. All rights reserved.
  28  * Copyright 2018 Nexenta Systems, Inc.
  29  * Copyright 2014 Igor Kozhukhov <ikozhukhov@gmail.com>.
  30  */
  31 
  32 #ifndef _SYS_ZONE_H
  33 #define _SYS_ZONE_H
  34 
  35 #include <sys/types.h>
  36 #include <sys/mutex.h>
  37 #include <sys/param.h>
  38 #include <sys/rctl.h>
  39 #include <sys/ipc_rctl.h>
  40 #include <sys/pset.h>
  41 #include <sys/tsol/label.h>
  42 #include <sys/cred.h>
  43 #include <sys/netstack.h>
  44 #include <sys/uadmin.h>
  45 #include <sys/ksynch.h>
  46 #include <sys/socket_impl.h>
  47 #include <sys/secflags.h>
  48 #include <netinet/in.h>

 624 
 625         /*
 626          * DTrace-private per-zone state
 627          */
 628         int             zone_dtrace_getf;       /* # of unprivileged getf()s */
 629 
 630         /*
 631          * Synchronization primitives used to synchronize between mounts and
 632          * zone creation/destruction.
 633          */
 634         int             zone_mounts_in_progress;
 635         kcondvar_t      zone_mount_cv;
 636         kmutex_t        zone_mount_lock;
 637 } zone_t;
 638 
 639 /*
 640  * Special value of zone_psetid to indicate that pools are disabled.
 641  */
 642 #define ZONE_PS_INVAL   PS_MYID
 643 

 644 extern zone_t zone0;
 645 extern zone_t *global_zone;
 646 extern uint_t maxzones;
 647 extern rctl_hndl_t rc_zone_nlwps;
 648 extern rctl_hndl_t rc_zone_nprocs;
 649 
 650 extern long zone(int, void *, void *, void *, void *);
 651 extern void zone_zsd_init(void);
 652 extern void zone_init(void);
 653 extern void zone_hold(zone_t *);
 654 extern void zone_rele(zone_t *);
 655 extern void zone_init_ref(zone_ref_t *);
 656 extern void zone_hold_ref(zone_t *, zone_ref_t *, zone_ref_subsys_t);
 657 extern void zone_rele_ref(zone_ref_t *, zone_ref_subsys_t);
 658 extern void zone_cred_hold(zone_t *);
 659 extern void zone_cred_rele(zone_t *);
 660 extern void zone_task_hold(zone_t *);
 661 extern void zone_task_rele(zone_t *);
 662 extern zone_t *zone_find_by_id(zoneid_t);
 663 extern zone_t *zone_find_by_label(const ts_label_t *);

 765 #define ZONE_PATH_VISIBLE(path, zone) \
 766         (strncmp((path), (zone)->zone_rootpath,              \
 767             (zone)->zone_rootpathlen - 1) == 0)
 768 
 769 /*
 770  * Convenience macro to go from the global view of a path to that seen
 771  * from within said zone.  It is the responsibility of the caller to
 772  * ensure that the path is a resolved one (ie, no '..'s or '.'s), and is
 773  * in fact visible from within the zone.
 774  */
 775 #define ZONE_PATH_TRANSLATE(path, zone) \
 776         (ASSERT(ZONE_PATH_VISIBLE(path, zone)), \
 777         (path) + (zone)->zone_rootpathlen - 2)
 778 
 779 /*
 780  * Special processes visible in all zones.
 781  */
 782 #define ZONE_SPECIALPID(x)       ((x) == 0 || (x) == 1)
 783 
 784 /*
 785  * A root vnode of the current zone.
 786  */
 787 #define ZONE_ROOTVP()   (curproc->p_zone->zone_rootvp)
 788 
 789 /*
 790  * Zone-safe version of thread_create() to be used when the caller wants to
 791  * create a kernel thread to run within the current zone's context.
 792  */
 793 extern kthread_t *zthread_create(caddr_t, size_t, void (*)(), void *, size_t,
 794     pri_t);
 795 extern void zthread_exit(void);
 796 
 797 /*
 798  * Functions for an external observer to register interest in a zone's status
 799  * change.  Observers will be woken up when the zone status equals the status
 800  * argument passed in (in the case of zone_status_timedwait, the function may
 801  * also return because of a timeout; zone_status_wait_sig may return early due
 802  * to a signal being delivered; zone_status_timedwait_sig may return for any of
 803  * the above reasons).
 804  *
 805  * Otherwise these behave identically to cv_timedwait(), cv_wait(), and
 806  * cv_wait_sig() respectively.
 807  */
 808 extern clock_t zone_status_timedwait(zone_t *, clock_t, zone_status_t);
 809 extern clock_t zone_status_timedwait_sig(zone_t *, clock_t, zone_status_t);