diff --git a/lib/libc/sys/jail.2 b/lib/libc/sys/jail.2 index 7ff8dce51fb7..00aae7e6803a 100644 --- a/lib/libc/sys/jail.2 +++ b/lib/libc/sys/jail.2 @@ -28,12 +28,16 @@ system call sets up a jail and locks the current process in it. The argument is a pointer to a structure describing the prison: .Bd -literal -offset indent struct jail { - char *path; - char *hostname; - u_int32_t ip_number; + u_int32_t version; + char *path; + char *hostname; + u_int32_t ip_number; }; .Ed .Pp +.Dq Li version +defines the version of the API in use. It should be set to zero at this time. +.Pp The .Dq Li path pointer should be set to the directory which is to be the root of the @@ -70,6 +74,13 @@ it will show a field near the end of the line, either as a single hyphen for a process at large, or the hostname currently set for the prison for jailed processes. .Sh ERRORS +.Fn jail +will fail if: +.Bl -tag -width EWOULDBLOCK +.It Bq Er EINVAL +The version number of the argument is not correct. +.El +Further .Fn Jail calls .Xr chroot 2 diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 16fd0487ecd1..266cd5e7f1a7 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -43,6 +43,8 @@ jail(p, uap) error = copyin(uap->jail, &j, sizeof j); if (error) return (error); + if (j.version != 0) + return (EINVAL); MALLOC(pr, struct prison *, sizeof *pr , M_PRISON, M_WAITOK); bzero((caddr_t)pr, sizeof *pr); error = copyinstr(j.hostname, &pr->pr_host, sizeof pr->pr_host, 0); diff --git a/sys/sys/jail.h b/sys/sys/jail.h index 560f4b858666..87809673357b 100644 --- a/sys/sys/jail.h +++ b/sys/sys/jail.h @@ -14,9 +14,10 @@ #define _SYS_JAIL_H_ struct jail { - char *path; - char *hostname; - u_int32_t ip_number; + u_int32_t version; + char *path; + char *hostname; + u_int32_t ip_number; }; #ifndef KERNEL