-/* Changed by jail_setup, which is a setup */
-int jail = 0;
-
-int __init jail_setup(char *line, int *add)
-{
- int ok = 1;
-
- if(jail) return(0);
-#ifdef CONFIG_SMP
- printf("'jail' may not used used in a kernel with CONFIG_SMP "
- "enabled\n");
- ok = 0;
-#endif
-#ifdef CONFIG_HOSTFS
- printf("'jail' may not used used in a kernel with CONFIG_HOSTFS "
- "enabled\n");
- ok = 0;
-#endif
-#ifdef CONFIG_MODULES
- printf("'jail' may not used used in a kernel with CONFIG_MODULES "
- "enabled\n");
- ok = 0;
-#endif
- if(!ok) exit(1);
-
- /* CAP_SYS_RAWIO controls the ability to open /dev/mem and /dev/kmem.
- * Removing it from the bounding set eliminates the ability of anything
- * to acquire it, and thus read or write kernel memory.
- */
- cap_lower(cap_bset, CAP_SYS_RAWIO);
- jail = 1;
- return(0);
-}
-
-__uml_setup("jail", jail_setup,
-"jail\n"
-" Enables the protection of kernel memory from processes.\n\n"
-);
-
-static void mprotect_kernel_mem(int w)
-{
- unsigned long start, end;
- int pages;
-
- if(!jail || (current == &init_task)) return;
-
- pages = (1 << CONFIG_KERNEL_STACK_ORDER);
-
- start = (unsigned long) current_thread + PAGE_SIZE;
- end = (unsigned long) current_thread + PAGE_SIZE * pages;
- protect_memory(uml_reserved, start - uml_reserved, 1, w, 1, 1);
- protect_memory(end, high_physmem - end, 1, w, 1, 1);
-
- start = (unsigned long) UML_ROUND_DOWN(&_stext);
- end = (unsigned long) UML_ROUND_UP(&_etext);
- protect_memory(start, end - start, 1, w, 1, 1);
-
- start = (unsigned long) UML_ROUND_DOWN(&_unprotected_end);
- end = (unsigned long) UML_ROUND_UP(&_edata);
- protect_memory(start, end - start, 1, w, 1, 1);
-
- start = (unsigned long) UML_ROUND_DOWN(&__bss_start);
- end = (unsigned long) UML_ROUND_UP(brk_start);
- protect_memory(start, end - start, 1, w, 1, 1);
-
- mprotect_kernel_vm(w);
-}
-
-void unprotect_kernel_mem(void)
-{
- mprotect_kernel_mem(1);
-}
-
-void protect_kernel_mem(void)
-{
- mprotect_kernel_mem(0);
-}
-