Hello, if you have any need, please feel free to consult us, this is my wechat: wx91due
1 Academic Integrity
You should not actively help (or seek help from) other students with the actual coding of your assessment. It is cheating to look at another student’s code, and it is cheating to allow your code to be seen or shared in printed or electronic form. You should note that all submitted code will be subject to automated checks for plagiarism and collusion. If we detect plagiarism or collusion (outside of the base code given to everyone), formal misconduct proceedings will be initiated against you.
If you’re having trouble, seek help from a teaching staff member. Do not be tempted to copy another student’s code. You should read and understand the statements on student misconduct in the course profile and on the school website: https://eecs.uq.edu.au/current-students/ guidelines-and-policies-students/student-conduct.
1.1 Use of AI Tools
2 Introduction
This assignment will extend a basic implementation of “zones” in the OpenBSD kernel. The main area of improvement will be separating group and user permissions on zone operations.
You will be provided with a diff that adds the basic zones functionality to OpenBSD. You will need to make changes and improvements on top of this diff.
The purpose of this assignment is for you to demonstrate an understanding of the role of an operating system kernel and how it supports processes making system calls, as well as your skills in reading, understanding, and modifying existing code.
2.1 Background
|
$ ps - ax
PID TT STAT TIME COMMAND
1 ?? I 0:01.01 / sbin / init
35862 ?? Ip 0:00.01 / sbin / slaacd
9544 ?? Ip 0:00.01 slaacd : engine ( slaacd )
33073 ?? IpU 0:00.01 slaacd : frontend ( slaacd )
96644 ?? IU 0:00.01 / sbin / dhcpleased
82639 ?? Ip 0:00.01 dhcpleased : engine ( dhcpleased )
68436 ?? IpU 0:00.01 dhcpleased : frontend ( dhcpleased )
6881 ?? IpU 0:00.01 / sbin / resolvd
69588 ?? IpU 0:00.03 syslogd : [ priv ] ( syslogd )
54598 ?? Spc 0:00.03 / usr / sbin / syslogd
14516 ?? IU 0:00.01 pflogd : [ priv ] ( pflogd )
15079 ?? Spc 0:00.12 pflogd : [ running ] -s 160 -i pflog0 -f / var / log /
pflog
94692 ?? S < pc 0:00.12 ntpd : ntp engine ( ntpd )
37809 ?? Sp 0:00.26 ntpd : dns engine ( ntpd )
1816 ?? I < pU 0:00.00 / usr / sbin / ntpd
63841 ?? I 0:00.01 sshd : / usr / sbin / sshd [ listener ] 0 of 10 -100
startups
83125 ?? Ip 0:00.02 / usr / sbin / smtpd
58972 ?? Ipc 0:00.02 smtpd : crypto ( smtpd )
99695 ?? Ipc 0:00.02 smtpd : control ( smtpd )
5777 ?? Ip 0:00.02 smtpd : lookup ( smtpd )
45996 ?? Ipc 0:00.04 smtpd : dispatcher ( smtpd )
37682 ?? Ipc 0:00.02 smtpd : queue ( smtpd )
97246 ?? Ipc 0:00.02 smtpd : scheduler ( smtpd )
48848 ?? IpU 0:00.00 sndiod : helper ( sndiod )
47188 ?? I < pc 0:00.00 / usr / bin / sndiod
96369 ?? Ip 0:00.02 / usr / sbin / cron
45067 ?? I 0:00.07 sshd : dlg [ priv ] ( sshd )
32638 ?? S 0:00.03 sshd : dlg@ttyp0 ( sshd )
1730 p0 Sp 0:00.02 - ksh ( ksh )
16990 p0 R + pU /2 0:00.00 ps - ax
33428 00 I + pU 0:00.01 / usr / libexec / getty std .9600 tty00
$
‘‘‘
|
|
$ whoami
dlg
$ ps -U _sndio
PID TT STAT TIME COMMAND
47188 ?? I < pc 0:00.00 / usr / bin / sndiod
$ kill 47188
ksh : kill : 47188: Operation not permitted
$
|
|
$ doas kill 47188
doas ( dlg@comp3301 . eait . uq . edu . au ) password :
$ ps -U _sndio
PID TT STAT TIME COMMAND
$
|
3 Zones Implementation
The exception to this enhanced isolation is for processes running in the ”global” zone, which is the default zone that is created and exists on boot. Processes running in the global zone can see all other processes in the system, including those running in other (non-global) zones, and the root user in the global zone can signal any of these processes too. However, non-root users in the global zone cannot signal processes in other zones, even if they are running as the same user.
The provided diff implements changes to the kernel and several userland utilities and adds a zone(8) command and man page. The zone(8) command provides several sub-commands that expose the functionality of the kernel zone subsystem.
3.1 Provided Zone Syscalls
zone_create()
|
zoneid_t zone_create ( const char * zonename ) ; |
zone_create() creates a new zone id for use in the system, with a unique name specified by zonename.
|
int zone_destroy ( zoneid_t z ) ; |
|
int zone_enter ( zoneid_t z ) ; |
|
int zone_list ( zoneid_t * zs , size_t * nzs ) ;
|
|
int zone_name ( zoneid_t z , char * name , size_t namelen ) ;
|
|
zoneid_t zone_id ( const char * name ) ; |
|
int zone_stats ( zoneid_t z , struct zstats * zstats ) ;
|
|
int zone_rename ( zoneid_t z , char * newname ) ;
|
zone_rename() alters the name of the zone identified by the z argument. The new name will be the name provided in the newname argument. zone_rename() handles the necessary tree updates on the zone names tree.
This syscall will be necessary for you to implement the zone rename subcommand.
3.2 zone(8)
|
usage : zone create zonename
zone destroy zonename
zone exec zonename command ...
zone list
zone id [ zonename ]
zone name [ zid ]
zone stats [ - H ] [ - o property [ ,...] zone [...]
|
The zone(8) program uses the zone syscalls to allow systems administrators or operators to use the zone subsystem in the kernel.
zone create
zone create uses the zone_create() syscall to create a zone with the specified name.
zone destroy
zone destroy uses the zone_destroy() syscall to create a zone with the specified name. If a zone with the specified name does not exist, zone(8) will attempt to interpret the argument as a numeric zone identifier.
zone exec uses the zone_enter() syscall to move itself into the specified zone, and then executes the program. If a zone with the specified name does not exist, zone(8) will attempt to interpret the argument as a numeric zone identifier.
zone list
zone list uses the zone_list() syscall to fetch a list of ids for the currently running zones, and iterates over it calling the zone_name() syscall to print out the list of zone ids and names.
zone name / zone id
zone name and zone id use their associated syscalls zone_name() and zone_id() to return the name of a zone given its id, or the id of a zone given its name.
zone stats
3.3 Your Tasks
You will be adding additional functionality to a series of zone(8) sub-commands, adding three new zone(8) sub-commands, and implementing any necessary changes to the kernel zones system to support them.
Your additional functionality centers around zone permissions. Files have an associated “user” and “group”, and this user or group may have permission to operate on the file. Your task is to associate zones with a particular owner and group, and allow the owner of the zone and users who are in that group to perform operations on the zone (regardless of whether they are the owner of the zone).
In short, where zones are now only controllable by root, your changes will allow the owner of a zone and a different group of users to control a zone.
The additional sub-commands you will be implementing are: zone rename, which will change the name of a zone; zone chown, which will change the owner of a zone in a manner similar to the existing chown(8); and zone chgrp, which will change the group of a zone in a manner similar to the existing chgrp(8).
4 Instructions
4.1 Apply the diff
|
- Fetch https :// stluc . manta . uqcloud . net / comp3301 / public /2024/ a1 - zones - base .
patch
- Create an a1 branch
- ‘ git checkout -b a1 openbsd-7.5‘
- Apply the base patch to the a1 branch
- ‘ git am / path / to / a1 - zones - base . patch ‘ in / usr / src
- Build the kernel
- ‘ cd / usr / src / sys / arch / amd64 / compile / GENERIC . MP ‘
- ‘ make obj ‘
- ‘ make config ‘
- ‘ make -j 5 ‘
- ‘ doas make install ‘
- Reboot into the kernel
- ‘ doas reboot ‘
- ‘ make obj ‘ in / usr / src
- ‘ doas make includes ‘ in / usr / src / include
- Verify the zones syscalls are in / usr / include / sys / syscall . h
- Verify / usr / include / sys / zones . h exists
- Make and install libc
- ‘ cd / usr / src / lib / libc ‘
- ‘ make -j 5 ‘
- ‘ doas make install ‘
- Optional : make ps , and pkill / pgrep
- make zone (8)
- ‘ cd / usr / src / usr . sbin / zone ‘
- ‘ make ‘
- ‘ doas make install ‘
- Verify ‘ zone (8) ‘ and the zones subsystem works :
$ zone list
ID NAME
0 global
$ zone create
usage : zone create zonename
$ zone create test
zone : create : Operation not permitted
$ doas zone create test
doas ( dlg@comp3301 . eait . uq . edu . au ) password :
$ zone list
ID NAME
0 global
42101 test
$ zone id
0
$ zone id test
42101
$ zone exec test ps - aux
zone : enter : Operation not permitted
$ doas zone exec test ps - aux
USER PID % CPU % MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 41705 0.0 0.1 628 580 p0 R + pU /0 3:37 PM 0:00.14 ps - aux
$ doas zone exec test zone id
42101
$ doas zone exec test zone id global
zone : id : No such process
$
|
As you add the functionality specified in the next sections, some of these steps will be repeated. eg, changing the kernel means rebuilding and installing the kernel. Adding a syscall means making the syscall stub as a function visible in the headers (make includes), and callable through libc.
A note on errors
4.2 Zone Rename
|
$ zone
usage : zone create zonename
zone destroy zonename
zone exec zonename command ...
zone list
zone name [ id ]
zone id [ zonename ]
zone rename zone newname
$ doas zone create foo
$ zone list
ID NAME
0 global
289 foo
$ doas zone rename 298 bar
$ zone list
ID NAME
0 global
289 bar
$ doas zone rename 0 something
zone : name : Permission denied
$ doas zone rename 289 global
zone : name : File exists
|
4.3 Modifications to Existing Syscalls
All other syscalls
The full suite of zone_* syscalls should permit users with matching credentials (owner or group) to perform zone operations on them, not only the root user.
4.4 Zone name and zone list
zone list
The zone list subcommand should now take flags: -o and -g. If the -o flag is provided, theowner of the zone should be printed, and if the -g flag is provided, the zone’s group should be printed. If both flags are provided, print both. The extra fields should be printed as extra columns in the current table format.
4.5 Zone chown and chgrp
|
$ zone
usage : zone create zonename
zone destroy zonename
zone exec zonename command ...
zone list
zone name [zoneid]
zone id [ zonename ]
zone chown zone user
zone chgrp zone group
|
The two subcommands you are adding are zone chown and zone chgrp. zone chown takes the name of a zone and uses the zone_chown() syscall to change its owner to the user with the specified name. If a zone with the name zonename does not exist, zone(8) will attempt to interpret the argument as a numeric zone identifier.
zone chgrp behaves similarly, but instead it uses the zone_chgrp() syscall to change the zone’s group to the specified group name.
zone_chown() syscall
The zone_chown() syscall alters the owner of the zone identified by the z argument. The new owner should be the owner identified by the user argument. If called from a non-global zone then the z id must be the identifier for the current zone, but in the global zone it can be any zone identifier.
Potential Errors:
• EPERM - the user does not have permission to alter the zone z• ESRCH - the zone identified by z does not exist• ENOMEM - the system was not able to allocate memory• EINVAL - the zone to alter was the global zone
| int zone_chgrp ( zoneid_t z , gid_t group ) ; |
• EPERM - the user does not have permission to alter the zone z• ESRCH - the zone identified by z does not exist• ENOMEM - the system was not able to allocate memory• EINVAL - the zone to alter was the global zone
5 Other Requirements & Suggestions
5.1 Code Style
Your code is to be written according to OpenBSD’s style guide, as per the style(9) man page.
5.2 Compilation
Your code for this assignment is to be built on an amd64 OpenBSD 7.5 system identical to your course-provided VM.
The following steps must succeed:
• make obj; make config; make in src/sys/arch/amd64/compile/GENERIC.MP• make obj; make includes in src• make obj; make; make install in src/lib/libc• make obj; make; make install in src/usr.sbin/zone
5.3 Provided code
You should create a new a1 branch in your repository based on the openbsd-7.5 tag using git checkout, and then apply this base patch using the git am command:
|
$ git checkout -b a1 openbsd -7.5
$ ftp https :// stluc . manta . uqcloud . net / comp3301 / public /2024/ a1 - zones - base .
patch
$ git am < a1 - zones - base . patch
$ git push origin a1
|
5.4 Recommendations
The following order will likely be the most reasonable way to complete this assignment:
- Download, build, and install the zones patch.
- Add the zone rename subcommand to zone(8).
- Minimally modify zone_create() to store credentials.
- Rewrite zone_name() to zone_info().This ensures you have a way to view the credentials of a zone.
- Add the zone_chown() and zone_chgrp() syscalls.
- Add the corresponding zone chown and zone chgrp commands to zone(8).
- Fix up any tiny bugs and ensure it’s all working. But you did that as you were going... right?
• ucred(9) - provides necessary handlers for dealing with user and group credentials• copyin(9)/copyout(9) - provides the ability to copy data across the userspace boundary• user_from_uid(3) - conversions from group/user name to id and back• strtonum(3) - BSD style safe string to int conversions• Finally, you may wish to look at the header file sys/proc.h to see how user and group credentials are currently stored by threads.
6 Reflection
1. Describe the steps you took or draw a flowchart.2. Describe an error that you encountered.
3. Describe how the error was debugged.
4. Describe how the bug was solved.
Upload both pdf and your answers it as a pdf to the Blackboard a1 reflection submission. Page length is a maximum 2 pages or less. Pdf name must be your STUDENT NUMBER - a1.pdf. Note this is your XXXXXXXX ID number and not sXXXXXXX login.
7 Submission
• The openbsd-7.5 base commit• The A1 base patch commit• Your commit(s) for adding the required functionality