d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for the arbitrary named jail parameters used by jail_set(2)

Browse Source 
and jail_get(2).  Jail(8) can now create jails using a "name=value"
format instead of just specifying a limited set of fixed parameters; it
can also modify parameters of existing jails.  Jls(8) can display all
parameters of jails, or a specified set of parameters.  The available
parameters are gathered from the kernel, and not hard-coded into these
programs.

Small patches on killall(1) and jexec(8) to support jail names with
jail_get(2).

Approved by:	bz (mentor)
This commit is contained in:
Jamie Gritton 2009-05-27 14:30:26 +00:00
parent 0304c73163
commit 73d0971bf2
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=192896
11 changed files with 1655 additions and 886 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sys/sys/jail.h
View File

@ -84,19 +84,11 @@ struct xprison {
struct in6_addr pr_ip6[];
#endif
};
#define XPRISON_VERSION 3
#define XPRISON_VERSION 3
static const struct prison_state {
int pr_state;
const char * state_name;
} prison_states[] = {
#define PRISON_STATE_INVALID 0
{ PRISON_STATE_INVALID, "INVALID" },
#define PRISON_STATE_ALIVE 1
{ PRISON_STATE_ALIVE, "ALIVE" },
#define PRISON_STATE_DYING 2
{ PRISON_STATE_DYING, "DYING" },
};
#define PRISON_STATE_INVALID 0
#define PRISON_STATE_ALIVE 1
#define PRISON_STATE_DYING 2
/*
* Flags for jail_set and jail_get.

10
usr.bin/killall/killall.1
View File

@ -24,7 +24,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd November 9, 2007
.Dd May 27, 2009
.Os
.Dt KILLALL 1
.Sh NAME
@ -34,7 +34,7 @@
.Nm
.Op Fl delmsvz
.Op Fl help
.Op Fl j Ar jid
.Op Fl j Ar jail
.Op Fl u Ar user
.Op Fl t Ar tty
.Op Fl c Ar procname
@ -91,9 +91,9 @@ The signal may be specified either as a name
(with or without a leading
.Dq Li SIG ) ,
or numerically.
.It Fl j Ar jid
Kill processes in the jail specified by
.Ar jid .
.It Fl j Ar jail
Kill processes in the specified
.Ar jail .
.It Fl u Ar user
Limit potentially matching processes to those belonging to
the specified

23
usr.bin/killall/killall.c
View File

@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/jail.h>
#include <sys/stat.h>
#include <sys/uio.h>
#include <sys/user.h>
#include <sys/sysctl.h>
#include <fcntl.h>
@ -51,7 +52,7 @@ static void __dead2
usage(void)
{
fprintf(stderr, "usage: killall [-delmsvz] [-help] [-j jid]\n");
fprintf(stderr, "usage: killall [-delmsvz] [-help] [-j jail]\n");
fprintf(stderr,
" [-u user] [-t tty] [-c cmd] [-SIGNAL] [cmd]...\n");
fprintf(stderr, "At least one option or argument to specify processes must be given.\n");
@ -100,6 +101,7 @@ nosig(char *name)
int
main(int ac, char **av)
{
struct iovec jparams[2];
struct kinfo_proc *procs = NULL, *newprocs;
struct stat sb;
struct passwd *pw;
@ -159,12 +161,21 @@ main(int ac, char **av)
}
jflag++;
if (*av == NULL)
errx(1, "must specify jid");
jid = strtol(*av, &ep, 10);
if (!*av || *ep)
errx(1, "illegal jid: %s", *av);
errx(1, "must specify jail");
jid = strtoul(*av, &ep, 10);
if (!**av || *ep) {
*(const void **)&jparams[0].iov_base =
"name";
jparams[0].iov_len = sizeof("name");
jparams[1].iov_base = *av;
jparams[1].iov_len = strlen(*av) + 1;
jid = jail_get(jparams, 2, 0);
if (jid < 0)
errx(1, "unknown jail: %s",
*av);
}
if (jail_attach(jid) == -1)
err(1, "jail_attach(): %d", jid);
err(1, "jail_attach(%d)", jid);
break;
case 'u':
++*av;

537
usr.sbin/jail/jail.8
View File

@ -1,5 +1,6 @@
.\"
.\" Copyright (c) 2000, 2003 Robert N. M. Watson
.\" Copyright (c) 2008 James Gritton
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@ -33,49 +34,67 @@
.\"
.\" $FreeBSD$
.\"
.Dd January 24, 2009
.Dd May 27, 2009
.Dt JAIL 8
.Os
.Sh NAME
.Nm jail
.Nd "imprison process and its descendants"
.Nd "create or modify a system jail"
.Sh SYNOPSIS
.Nm
.Op Fl dhi
.Op Fl J Ar jid_file
.Op Fl l u Ar username | Fl U Ar username
.Op Fl c | m
.Op Ar parameter=value ...
.Br
.Nm
.Op Fl hi
.Op Fl n Ar jailname
.Op Fl J Ar jid_file
.Op Fl s Ar securelevel
.Op Fl l u Ar username | Fl U Ar username
.Ar path hostname [ip[,..]] command ...
.Op Ar path hostname [ip[,..]] command ...
.Br
.Nm
.Op Fl r Ar jail
.Sh DESCRIPTION
The
.Nm
utility imprisons a process and all future descendants.
utility creates a new jail or modifies an existing jail, optionally
imprisoning the current process (and future descendants) inside it.
.Pp
The options are as follows:
.Bl -tag -width ".Fl u Ar username"
.Bl -tag -width indent
.It Fl d
Allow making changes to a
.Va
dying jail.
.It Fl h
Resolve
.Va hostname
Resolve the
.Va host.hostname
parameter (or
.Va hostname )
and add all IP addresses returned by the resolver
to the list of
.Va ip-addresses
for this prison.
.Va ip
addresses for this prison.
This may affect default address selection for outgoing IPv4 connections
of prisons.
The address first returned by the resolver for each address family
will be used as primary address.
See
.Va ip-addresses
further down for details.
See the
.Va ip4.addr
and
.Va ip6.addr
parameters further down for details.
.It Fl i
Output the jail identifier of the newly created jail.
.It Fl n Ar jailname
Assign and administrative name to the jail that can be used for management
or auditing purposes.
The system will
.Sy not enforce
the name to be unique.
Set the jail's name.
This is deprecated and is equivalent to setting the
.Va name
parameter.
.It Fl J Ar jid_file
Write a
.Ar jid_file
@ -98,9 +117,12 @@ is imported from the current environment.
The environment variables from the login class capability database for the
target login are also set.
.It Fl s Ar securelevel
Sets the
Set the
.Va kern.securelevel
sysctl variable to the specified value inside the newly created jail.
MIB entry to the specified value inside the newly created jail.
This is deprecated and is equivalent to setting the
.Va securelevel
parameter.
.It Fl u Ar username
The user name from host environment as whom the
.Ar command
@ -109,20 +131,241 @@ should run.
The user name from jailed environment as whom the
.Ar command
should run.
.It Ar path
.It Fl c
Create a new jail.
The
.Va jid
and
.Va name
parameters (if specified) must not refer to an existing jail.
.It Fl m
Modify an existing jail.
One of the
.Va jid
or
.Va name
parameters must exist and refer to an existing jail.
.It Fl cm
Create a jail if it does not exist, or modify a jail if it does exist.
.It Fl r
Remove the
.Ar jail
specified by jid or name.
All jailed processes are killed, and all children of this jail are also
removed.
.El
.Pp
At least one of the
.Fl c ,
.Fl m
or
.Fl r
options must be specified.
.Pp
.Ar Parameters
are listed in
.Dq name=value
form, following the options.
Some parameters are boolean, and do not have a value but are set by the
name alone with or without a
.Dq no
prefix, e.g.
.Va persist
or
.Va nopersist .
Any parameters not set will be given default values, often based on the
current environment.
.Pp
The pseudo-parameter
.Va command
specifies that the current process should enter the new (or modified) jail,
and run the specified command.
It must be the last parameter specified, because it includes not only
the value following the
.Sq =
sign, but also passes the rest of the arguments to the command.
.Pp
Instead of supplying named
.Ar parameters ,
four fixed parameters may be supplied in order on the command line:
.Ar path ,
.Ar hostname ,
.Ar ip ,
and
.Ar command .
As the
.Va jid
and
.Va name
parameters aren't in this list, this mode will always create a new jail, and
the
.Fl c
and
.Fl o
options don't apply (and must not exist).
.Pp
Jails have a set a core parameters, and modules can add their own jail
parameters.
The current set of available parameters can be retrieved via
.Dq Nm sysctl Fl d Va security.jail.param .
The core parameters are:
.Bl -tag -width indent
.It Va jid
The jail identifier.
This will be assigned automatically to a new jail (or can be explicitly
set), and can be used to identify the jail for later modification, or
for such commands as
.Xr jls 8
or
.Xr jexec 8 .
.It Va name
The jail name.
This is an arbitrary string that identifies a jail (except it may not
contain a
.Sq \&. ) .
Like the
.Va jid ,
it can be passed to later
.Nm
commands, or to
.Xr jls 8
or
.Xr jexec 8 .
If no
.Va name
is supplied, a default is assumed that is the same as the
.Va jid .
.It Va path
Directory which is to be the root of the prison.
.It Ar hostname
Hostname of the prison.
.It Ar ip-addresses
None, one or more IPv4 and IPv6 addresses assigned to the prison.
The first address of each address family that was assigned to the jail will
be used as the source address in case source address selection on unbound
sockets cannot find a better match.
The
.Va command
(if any) is run from this directory, as are commands from
.Xr jexec 8 .
.It Va ip4.addr
A comma-separated list of IPv4 addresses assigned to the prison.
If this is set, the jail is restricted to using only these address.
Any attempts to use other addresses fail, and attempts to use wildcard
addresses silently use the jailed address instead.
For IPv4 the first address given will be kept used as the source address
in case source address selection on unbound sockets cannot find a better
match.
It is only possible to start multiple jails with the same IP address,
if none of the jails has more than this single overlapping IP address
assigned to itself for the address family in question.
.It Ar command
Pathname of the program which is to be executed.
assigned to itself.
.Pp
A list of zero elements (an empty string) will stop the jail from using IPv4
entirely; setting the boolean parameter
.Ar noip4
will not restrict the jail at all.
.It Va ip6.addr
A list of IPv6 addresses assigned to the prison, the counterpart to
.Ar ip4.addr
above.
.It Va host.hostname
Hostname of the prison.
If not specified, a jail will use the system hostname.
.It Va securelevel
The value of the jail's
.Va kern.securelevel
sysctl.
A jail never has a lower securelevel than the default system, but by
setting this parameter it may have a higher one.
If the system securelevel is changed, any jail securelevels will be at
least as secure.
.It Va enforce_statfs
This determines which information processes in a jail are able to get
about mount points.
It affects the behaviour of the following syscalls:
.Xr statfs 2 ,
.Xr fstatfs 2 ,
.Xr getfsstat 2
and
.Xr fhstatfs 2
(as well as similar compatibility syscalls).
When set to 0, all mount points are available without any restrictions.
When set to 1, only mount points below the jail's chroot directory are
visible.
In addition to that, the path to the jail's chroot directory is removed
from the front of their pathnames.
When set to 2 (default), above syscalls can operate only on a mount-point
where the jail's chroot directory is located.
.It Va persist
Setting this boolean parameter allows a jail to exist without any
processes.
Normally, a jail is destroyed as its last process exits.
A new jail must have either the
.Va persist
parameter or
.Va command
pseudo-parameter set.
.It Va cpuset
The ID of the cpuset associated with this jail (read-only).
.It Va dying
This is true if the jail is in the process of shutting down (read-only).
.It Va parent
The
.Va jid
of the parent of this jail, or zero if this is a top-level jail
(read-only).
.It Va allow.*
Some restrictions of the jail environment may be set on a per-jail
basis.
With the exception of
.Va allow.set_hostname ,
these boolean parameters are off by default.
.Bl -tag -width indent
.It Va allow.set_hostname
The jail's hostname may be changed via
.Xr hostname 1
or
.Xr sethostname 3 .
.It Va allow.sysvipc
A process within the jail has access to System V IPC primitives.
In the current jail implementation, System V primitives share a single
namespace across the host and jail environments, meaning that processes
within a jail would be able to communicate with (and potentially interfere
with) processes outside of the jail, and in other jails.
.It Va allow.raw_sockets
The prison root is allowed to create raw sockets.
Setting this parameter allows utilities like
.Xr ping 8
and
.Xr traceroute 8
to operate inside the prison.
If this is set, the source IP addresses are enforced to comply
with the IP address bound to the jail, regardless of whether or not
the
.Dv IP_HDRINCL
flag has been set on the socket.
Since raw sockets can be used to configure and interact with various
network subsystems, extra caution should be used where privileged access
to jails is given out to untrusted parties.
.It Va allow.chflags
Normally, priveleged users inside a jail are treated as unprivileged by
.Xr chflags 2 .
When this parameter is set, such users are treated as privileged, and
may manipulate system file flags subject to the usual constraints on
.Va kern.securelevel .
.It Va allow.mount
privileged users inside the jail will be able to mount and unmount file
system types marked as jail-friendly.
The
.Xr lsvfs 1
command can be used to find file system types available for mount from
within a jail.
.It Va allow.quotas
The prison root may administer quotas on the jail's filesystem(s).
This includes filesystems that the jail may share with other jails or
with non-jailed parts of the system.
.It Va allow.socket_af
Sockets within a jail are normally restricted to IPv4, IPv6, local
(UNIX), and route. This allows access to other protocol stacks that
have not had jail functionality added to them.
.It Va allow.jails
The prison root may create child jails under this jail. See the
.Va "Hierarchical Jails"
section for more information.
.El
.El
.Pp
Jails are typically set up using one of two philosophies: either to
@ -142,10 +385,6 @@ process.
This manual page documents the configuration steps necessary to support
either of these steps, although the configuration steps may be
refined based on local requirements.
.Pp
Please see the
.Xr jail 2
man page for further details.
.Sh EXAMPLES
.Ss "Setting up a Jail Directory Tree"
To set up a jail directory tree containing an entire
@ -289,7 +528,10 @@ or for running a virtual server.
.Pp
Start a shell in the jail:
.Pp
.Dl "jail /data/jail/192.0.2.100 testhostname 192.0.2.100 /bin/sh"
.Bd -literal -offset indent
jail path=/data/jail/192.0.2.100 host.hostname=testhostname \\
ip4.addr=192.0.2.100 command=/bin/sh
.Ed
.Pp
Assuming no errors, you will end up with a shell prompt within the jail.
You can now run
@ -359,20 +601,11 @@ To do this, first bring up the
virtual host interface, and then start the jail's
.Pa /etc/rc
script from within the jail.
.Pp
NOTE: If you plan to allow untrusted users to have root access inside the
jail, you may wish to consider setting the
.Va security.jail.set_hostname_allowed
sysctl variable to 0.
Please see the management discussion later in this document as to why this
may be a good idea.
If you do decide to set this variable,
it must be set before starting any jails, and once each boot.
.Bd -literal -offset indent
ifconfig ed0 inet alias 192.0.2.100/32
mount -t procfs proc /data/jail/192.0.2.100/proc
jail /data/jail/192.0.2.100 testhostname 192.0.2.100 \\
/bin/sh /etc/rc
jail path=/data/jail/192.0.2.100 host.hostname=testhostname \\
ip4=addr.192.0.2.100 command=/bin/sh /etc/rc
.Ed
.Pp
A few warnings will be produced, because most
@ -442,10 +675,15 @@ To kill processes from outside the jail, use the
utility in conjunction with the one of the
.Xr kill 1
commands above.
You may also remove the jail with
.Nm
.Ar -r ,
which will killall the jail's processes with
.Dv SIGKILL .
.Pp
The
.Pa /proc/ Ns Ar pid Ns Pa /status
file contains, as its last field, the hostname of the jail in which the
file contains, as its last field, the name of the jail in which the
process runs, or
.Dq Li -
to indicate that the process is not running within a jail.
@ -454,20 +692,6 @@ The
command also shows a
.Ql J
flag for processes in a jail.
However, the hostname for a jail may be, by
default, modified from within the jail, so the
.Pa /proc
status entry is unreliable by default.
To disable the setting of the hostname
from within a jail, set the
.Va security.jail.set_hostname_allowed
sysctl variable in the host environment to 0, which will affect all jails.
You can have this sysctl set on each boot using
.Xr sysctl.conf 5 .
Just add the following line to
.Pa /etc/sysctl.conf :
.Pp
.Dl security.jail.set_hostname_allowed=0
.Pp
You can also list/kill processes based on their jail ID.
To show processes and their jail ID, use the following command:
@ -488,12 +712,9 @@ It is not possible to
or
.Xr umount 8
any file system inside a jail unless the file system is marked
jail-friendly.
See
.Va security.jail.mount_allowed
in the
.Va "Sysctl MIB Entries"
section.
jail-friendly and the jail's
.Va allow.mount
parameter is set.
.Pp
Multiple jails sharing the same file system can influence each other.
For example a user in one jail can fill the file system also
@ -506,132 +727,77 @@ This means the same user ID in two jails share the same file
system quota.
One would need to use one file system per jail to make this working.
.Ss "Sysctl MIB Entries"
Certain aspects of the jail containments environment may be modified from
the host environment using
.Xr sysctl 8
MIB variables.
Currently, these variables affect all jails on the system, although in
the future this functionality may be finer grained.
.Bl -tag -width XXX
.It Va security.jail.allow_raw_sockets
This MIB entry determines whether or not prison root is allowed to
create raw sockets.
Setting this MIB to 1 allows utilities like
.Xr ping 8
and
.Xr traceroute 8
to operate inside the prison.
If this MIB
is set, the source IP addresses are enforced to comply
with the IP address bound to the jail, regardless of whether or not
the
.Dv IP_HDRINCL
flag has been set on the socket.
Since raw sockets can be used to configure
and interact with various network subsystems, extra caution should be used
where privileged access to jails is given out to untrusted parties.
As such,
by default this option is disabled.
.It Va security.jail.enforce_statfs
This MIB entry determines which information processes in a jail are
able to get about mount-points.
It affects the behaviour of the following syscalls:
.Xr statfs 2 ,
.Xr fstatfs 2 ,
.Xr getfsstat 2
and
.Xr fhstatfs 2
(as well as similar compatibility syscalls).
When set to 0, all mount-points are available without any restrictions.
When set to 1, only mount-points below the jail's chroot directory are
visible.
In addition to that, the path to the jail's chroot directory is removed
from the front of their pathnames.
When set to 2 (default), above syscalls can operate only on a mount-point
where the jail's chroot directory is located.
.It Va security.jail.set_hostname_allowed
This MIB entry determines whether or not processes within a jail are
allowed to change their hostname via
.Xr hostname 1
or
.Xr sethostname 3 .
In the current jail implementation, the ability to set the hostname from
within the jail can impact management tools relying on the accuracy of jail
information in
.Pa /proc .
As such, this should be disabled in environments where privileged access to
jails is given out to untrusted parties.
.It Va security.jail.socket_unixiproute_only
The jail functionality binds an IPv4 address to each jail, and limits
access to other network addresses in the IPv4 space that may be available
in the host environment.
However, jail is not currently able to limit access to other network
protocol stacks that have not had jail functionality added to them.
As such, by default, processes within jails may only access protocols
in the following domains:
.Dv PF_LOCAL , PF_INET ,
and
.Dv PF_ROUTE ,
permitting them access to
.Ux
domain sockets,
IPv4 addresses, and routing sockets.
To enable access to other domains, this MIB variable may be set to
0.
.It Va security.jail.sysvipc_allowed
This MIB entry determines whether or not processes within a jail have access
to System V IPC primitives.
In the current jail implementation, System V primitives share a single
namespace across the host and jail environments, meaning that processes
within a jail would be able to communicate with (and potentially interfere
with) processes outside of the jail, and in other jails.
As such, this functionality is disabled by default, but can be enabled
by setting this MIB entry to 1.
.It Va security.jail.chflags_allowed
This MIB entry determines how a privileged user inside a jail will be
treated by
.Xr chflags 2 .
If zero, such users are treated as unprivileged, and are unable to set
or clear system file flags; if non-zero, such users are treated as
privileged, and may manipulate system file flags subject to the usual
constraints on
.Va kern.securelevel .
.It Va security.jail.mount_allowed
This MIB entry determines if a privileged user inside a jail will be
able to mount and unmount file system types marked as jail-friendly.
The
.Xr lsvfs 1
command can be used to find file system types available for mount from within
a jail.
This functionality is disabled by default, but can be enabled by setting this
MIB entry to 1.
.It Va security.jail.jail_max_af_ips
This MIB entry determines how may address per address family a prison
may have. The default is 255.
.El
.Pp
The read-only sysctl variable
The read-only entry
.Va security.jail.jailed
can be used to determine if a process is running inside a jail (value
is one) or not (value is zero).
.Pp
The
.Va security.jail.list
MIB entry is read-only and it returns an array of
.Vt "struct xprison"
defined in
.In sys/jail.h .
It is recommended to use the
.Xr jls 8
utility to see current active list of jails.
The variable
.Va security.jail.max_af_ips
determines how may address per address family a prison may have.
The default is 255.
.Pp
There are currently two MIB related variables that have per-jail settings.
There are currently two MIB variables that have per-jail settings.
Changes to these variables by a jailed process do not effect the host
environment, only the jail environment.
The variables are
.Va kern.securelevel
and
.Va kern.hostname .
.Ss "Hierarchical Jails"
By setting a jail's
.Va allow.jails
parameter, processes within a jail may be able to create jails of their own.
These child jails are kept in a hierarchy, with jails only able to see and/or
modify the jails they created (or those jails' children).
Each jail has a read-only
.Va parent
parameter, containing the
.Va jid
of the jail that created it; a
.Va jid
of 0 indicates the jail is a child of the current jail (or is a top-level
jail if the current process isn't jailed).
.Pp
Jailed processes are not allowed to confer greater permissions than they
themselves are given, e.g. if a jail is created with
.Va allow.nomount ,
it is not able to create a jail with
.Va allow.mount
set.
Similarly, such restrictions as
.Va ip4.addr
and
.Va securelevel
may not be bypassed in child jails.
.Pp
A child jail may in turn create its own child jails if its own
.Va allow.jails
parameter is set (remember it is off by default).
These jails are visible to and can be modified by their parent and all
ancestors.
.Pp
Jail names reflect this hierarchy, with a full name being an MIB-type string
separated by dots.
For example, if a base system process creates a jail
.Dq foo ,
and a process under that jail creates another jail
.Dq bar ,
then the second jail will be seen as
.Dq foo.bar
in the base system (though it is only seen as
.Dq bar
to any processes inside jail
.Dq foo ) .
Jids on the other hand exist in a single space, and each jail must have a
unique jid.
.Pp
Like the names, a child jail's
.Va path
is relative to its creator's own
.Va path .
This is by virtue of the child jail being created in the chrooted
environment of the first jail.
.Sh SEE ALSO
.Xr killall 1 ,
.Xr lsvfs 1 ,
@ -641,7 +807,7 @@ and
.Xr ps 1 ,
.Xr quota 1 ,
.Xr chroot 2 ,
.Xr jail 2 ,
.Xr jail_set 2 ,
.Xr jail_attach 2 ,
.Xr procfs 5 ,
.Xr rc.conf 5 ,
@ -665,6 +831,8 @@ The
.Nm
utility appeared in
.Fx 4.0 .
Hierarchical/extensible jails were introduced in
.Fx 8.0 .
.Sh AUTHORS
.An -nosplit
The jail feature was written by
@ -683,6 +851,9 @@ added multi-IP jail support for IPv4 and IPv6 based on a patch
originally done by
.An Pawel Jakub Dawidek
for IPv4.
.Pp
.An James Gritton
added the extensible jail parameters and hierchical jails.
.Sh BUGS
Jail currently lacks the ability to allow access to
specific jail information via

736
usr.sbin/jail/jail.c
View File

@ -1,5 +1,6 @@
/*-
* Copyright (c) 1999 Poul-Henning Kamp.
* Copyright (c) 2009 James Gritton
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -29,50 +30,53 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/jail.h>
#include <sys/queue.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <sys/types.h>
#include <sys/uio.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <netinet/in.h>
#include <ctype.h>
#include <err.h>
#include <errno.h>
#include <grp.h>
#include <login_cap.h>
#include <netdb.h>
#include <paths.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <strings.h>
#include <string.h>
#include <unistd.h>
static void usage(void);
static int add_addresses(struct addrinfo *);
static struct in_addr *copy_addr4(void);
#define SJPARAM "security.jail.param"
#define ERRMSG_SIZE 256
struct param {
struct iovec name;
struct iovec value;
};
static struct param *params;
static char **param_values;
static int nparams;
static char *ip4_addr;
#ifdef INET6
static struct in6_addr *copy_addr6(void);
static char *ip6_addr;
#endif
extern char **environ;
struct addr4entry {
STAILQ_ENTRY(addr4entry) addr4entries;
struct in_addr ip4;
int count;
};
struct addr6entry {
STAILQ_ENTRY(addr6entry) addr6entries;
static void add_ip_addr(char **addrp, char *newaddr);
#ifdef INET6
struct in6_addr ip6;
static void add_ip_addr46(char *newaddr);
#endif
int count;
};
STAILQ_HEAD(addr4head, addr4entry) addr4 = STAILQ_HEAD_INITIALIZER(addr4);
STAILQ_HEAD(addr6head, addr6entry) addr6 = STAILQ_HEAD_INITIALIZER(addr6);
static void add_ip_addrinfo(int ai_flags, char *value);
static void quoted_print(FILE *fp, char *str);
static void set_param(const char *name, char *value);
static void usage(void);
extern char **environ;
#define GET_USER_INFO do { \
pwd = getpwnam(username); \
@ -94,25 +98,28 @@ int
main(int argc, char **argv)
{
login_cap_t *lcap = NULL;
struct jail j;
struct iovec rparams[2];
struct passwd *pwd = NULL;
gid_t groups[NGROUPS];
int ch, error, i, ngroups, securelevel;
int hflag, iflag, Jflag, lflag, uflag, Uflag;
char path[PATH_MAX], *jailname, *ep, *username, *JidFile, *ip;
int ch, cmdarg, i, jail_set_flags, jid, ngroups;
int hflag, iflag, Jflag, lflag, rflag, uflag, Uflag;
char *ep, *jailname, *securelevel, *username, *JidFile;
char errmsg[ERRMSG_SIZE];
static char *cleanenv;
const char *shell, *p = NULL;
long ltmp;
FILE *fp;
struct addrinfo hints, *res0;
hflag = iflag = Jflag = lflag = uflag = Uflag = 0;
securelevel = -1;
jailname = username = JidFile = cleanenv = NULL;
hflag = iflag = Jflag = lflag = rflag = uflag = Uflag =
jail_set_flags = 0;
cmdarg = jid = -1;
jailname = securelevel = username = JidFile = cleanenv = NULL;
fp = NULL;
while ((ch = getopt(argc, argv, "hiln:s:u:U:J:")) != -1) {
while ((ch = getopt(argc, argv, "cdhilmn:r:s:u:U:J:")) != -1) {
switch (ch) {
case 'd':
jail_set_flags |= JAIL_DYING;
break;
case 'h':
hflag = 1;
break;
@ -127,10 +134,7 @@ main(int argc, char **argv)
jailname = optarg;
break;
case 's':
ltmp = strtol(optarg, &ep, 0);
if (*ep || ep == optarg || ltmp > INT_MAX || !ltmp)
errx(1, "invalid securelevel: `%s'", optarg);
securelevel = ltmp;
securelevel = optarg;
break;
case 'u':
username = optarg;
@ -143,13 +147,39 @@ main(int argc, char **argv)
case 'l':
lflag = 1;
break;
case 'c':
jail_set_flags |= JAIL_CREATE;
break;
case 'm':
jail_set_flags |= JAIL_UPDATE;
break;
case 'r':
jid = strtoul(optarg, &ep, 10);
if (!*optarg || *ep) {
*(const void **)&rparams[0].iov_base = "name";
rparams[0].iov_len = sizeof("name");
rparams[1].iov_base = optarg;
rparams[1].iov_len = strlen(optarg) + 1;
jid = jail_get(rparams, 2, 0);
if (jid < 0)
errx(1, "unknown jail: %s", optarg);
}
rflag = 1;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc < 4)
if (rflag) {
if (argc > 0 || iflag || Jflag || lflag || uflag || Uflag)
usage();
if (jail_remove(jid) < 0)
err(1, "jail_remove");
exit (0);
}
if (argc == 0)
usage();
if (uflag && Uflag)
usage();
@ -157,92 +187,118 @@ main(int argc, char **argv)
usage();
if (uflag)
GET_USER_INFO;
if (realpath(argv[0], path) == NULL)
err(1, "realpath: %s", argv[0]);
if (chdir(path) != 0)
err(1, "chdir: %s", path);
/* Initialize struct jail. */
memset(&j, 0, sizeof(j));
j.version = JAIL_API_VERSION;
j.path = path;
j.hostname = argv[1];
if (jailname != NULL)
j.jailname = jailname;
/* Handle IP addresses. If requested resolve hostname too. */
bzero(&hints, sizeof(struct addrinfo));
hints.ai_protocol = IPPROTO_TCP;
hints.ai_socktype = SOCK_STREAM;
if (JAIL_API_VERSION < 2)
hints.ai_family = PF_INET;
else
hints.ai_family = PF_UNSPEC;
/* Handle hostname. */
if (hflag != 0) {
error = getaddrinfo(j.hostname, NULL, &hints, &res0);
if (error != 0)
errx(1, "failed to handle hostname: %s",
gai_strerror(error));
error = add_addresses(res0);
freeaddrinfo(res0);
if (error != 0)
errx(1, "failed to add addresses.");
}
/* Handle IP addresses. */
hints.ai_flags = AI_NUMERICHOST;
ip = strtok(argv[2], ",");
while (ip != NULL) {
error = getaddrinfo(ip, NULL, &hints, &res0);
if (error != 0)
errx(1, "failed to handle ip: %s", gai_strerror(error));
error = add_addresses(res0);
freeaddrinfo(res0);
if (error != 0)
errx(1, "failed to add addresses.");
ip = strtok(NULL, ",");
}
/* Count IP addresses and add them to struct jail. */
if (!STAILQ_EMPTY(&addr4)) {
j.ip4s = STAILQ_FIRST(&addr4)->count;
j.ip4 = copy_addr4();
if (j.ip4s > 0 && j.ip4 == NULL)
errx(1, "copy_addr4()");
}
/*
* If the first argument (path) starts with a slash, and the third
* argument (IP address) starts with a digit, it is likely to be
* an old-style fixed-parameter command line.
*/
if (jailname)
set_param("name", jailname);
if (securelevel)
set_param("securelevel", securelevel);
if (jail_set_flags) {
for (i = 0; i < argc; i++) {
if (!strncmp(argv[i], "command=", 8)) {
cmdarg = i;
argv[cmdarg] += 8;
jail_set_flags |= JAIL_ATTACH;
break;
}
if (hflag) {
if (!strncmp(argv[i], "ip4.addr=", 9)) {
add_ip_addr(&ip4_addr, argv[i] + 9);
break;
}
#ifdef INET6
if (!STAILQ_EMPTY(&addr6)) {
j.ip6s = STAILQ_FIRST(&addr6)->count;
j.ip6 = copy_addr6();
if (j.ip6s > 0 && j.ip6 == NULL)
errx(1, "copy_addr6()");
if (!strncmp(argv[i], "ip6.addr=", 9)) {
add_ip_addr(&ip6_addr, argv[i] + 9);
break;
}
#endif
if (!strncmp(argv[i], "host.hostname=", 14))
add_ip_addrinfo(0, argv[i] + 14);
}
set_param(NULL, argv[i]);
}
} else {
if (argc < 4 || argv[0][0] != '/')
errx(1, "%s\n%s",
"no -c or -m, so this must be an old-style command.",
"But it doesn't look like one.");
set_param("path", argv[0]);
set_param("host.hostname", argv[1]);
if (hflag)
add_ip_addrinfo(0, argv[1]);
#ifdef INET6
add_ip_addr46(argv[2]);
#else
add_ip_addr(&ip4_addr, argv[2]);
#endif
cmdarg = 3;
}
#endif
if (ip4_addr != NULL)
set_param("ip4.addr", ip4_addr);
#ifdef INET6
if (ip6_addr != NULL)
set_param("ip6.addr", ip6_addr);
#endif
errmsg[0] = 0;
set_param("errmsg", errmsg);
if (Jflag) {
fp = fopen(JidFile, "w");
if (fp == NULL)
errx(1, "Could not create JidFile: %s", JidFile);
}
i = jail(&j);
if (i == -1)
err(1, "syscall failed with");
jid = jail_set(&params->name, 2 * nparams,
jail_set_flags ? jail_set_flags : JAIL_CREATE | JAIL_ATTACH);
if (jid < 0) {
if (errmsg[0] != '\0')
errx(1, "%s", errmsg);
err(1, "jail_set");
}
if (iflag) {
printf("%d\n", i);
printf("%d\n", jid);
fflush(stdout);
}
if (Jflag) {
if (fp != NULL) {
fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
i, j.path, j.hostname, argv[2], argv[3]);
(void)fclose(fp);
if (jail_set_flags) {
fprintf(fp, "jid=%d", jid);
for (i = 0; i < nparams; i++)
if (strcmp(params[i].name.iov_base, "jid") &&
strcmp(params[i].name.iov_base, "errmsg")) {
fprintf(fp, " %s",
(char *)params[i].name.iov_base);
if (param_values[i]) {
putc('=', fp);
quoted_print(fp,
param_values[i]);
}
}
fprintf(fp, "\n");
} else {
errx(1, "Could not write JidFile: %s", JidFile);
for (i = 0; i < nparams; i++)
if (!strcmp(params[i].name.iov_base, "path"))
break;
#ifdef INET6
fprintf(fp, "%d\t%s\t%s\t%s%s%s\t%s\n",
jid, i < nparams
? (char *)params[i].value.iov_base : argv[0],
argv[1], ip4_addr ? ip4_addr : "",
ip4_addr && ip4_addr[0] && ip6_addr && ip6_addr[0]
? "," : "", ip6_addr ? ip6_addr : "", argv[3]);
#else
fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
jid, i < nparams
? (char *)params[i].value.iov_base : argv[0],
argv[1], ip4_addr ? ip4_addr : "", argv[3]);
#endif
}
(void)fclose(fp);
}
if (securelevel > 0) {
if (sysctlbyname("kern.securelevel", NULL, 0, &securelevel,
sizeof(securelevel)))
err(1, "Can not set securelevel to %d", securelevel);
}
if (cmdarg < 0)
exit(0);
if (username != NULL) {
if (Uflag)
GET_USER_INFO;
@ -272,158 +328,328 @@ main(int argc, char **argv)
if (p)
setenv("TERM", p, 1);
}
if (execv(argv[3], argv + 3) != 0)
err(1, "execv: %s", argv[3]);
exit(0);
execvp(argv[cmdarg], argv + cmdarg);
err(1, "execvp: %s", argv[cmdarg]);
}
static void
add_ip_addr(char **addrp, char *value)
{
int addrlen;
char *addr;
if (!*addrp) {
*addrp = strdup(value);
if (!*addrp)
err(1, "malloc");
} else if (value[0]) {
addrlen = strlen(*addrp) + strlen(value) + 2;
addr = malloc(addrlen);
if (!addr)
err(1, "malloc");
snprintf(addr, addrlen, "%s,%s", *addrp, value);
free(*addrp);
*addrp = addr;
}
}
#ifdef INET6
static void
add_ip_addr46(char *value)
{
char *p, *np;
if (!value[0]) {
add_ip_addr(&ip4_addr, value);
add_ip_addr(&ip6_addr, value);
return;
}
for (p = value;; p = np + 1)
{
np = strchr(p, ',');
if (np)
*np = '\0';
add_ip_addrinfo(AI_NUMERICHOST, p);
if (!np)
break;
}
}
#endif
static void
add_ip_addrinfo(int ai_flags, char *value)
{
struct addrinfo hints, *ai0, *ai;
struct in_addr addr4;
int error;
char avalue4[INET_ADDRSTRLEN];
#ifdef INET6
struct in6_addr addr6;
char avalue6[INET6_ADDRSTRLEN];
#endif
/* Look up the hostname (or get the address) */
memset(&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
#ifdef INET6
hints.ai_family = PF_UNSPEC;
#else
hints.ai_family = PF_INET;
#endif
hints.ai_flags = ai_flags;
error = getaddrinfo(value, NULL, &hints, &ai0);
if (error != 0)
errx(1, "hostname %s: %s", value, gai_strerror(error));
/* Convert the addresses to ASCII so set_param can convert them back. */
for (ai = ai0; ai; ai = ai->ai_next)
switch (ai->ai_family) {
case AF_INET:
memcpy(&addr4, &((struct sockaddr_in *)
(void *)ai->ai_addr)->sin_addr, sizeof(addr4));
if (inet_ntop(AF_INET, &addr4, avalue4,
INET_ADDRSTRLEN) == NULL)
err(1, "inet_ntop");
add_ip_addr(&ip4_addr, avalue4);
break;
#ifdef INET6
case AF_INET6:
memcpy(&addr6, &((struct sockaddr_in6 *)
(void *)ai->ai_addr)->sin6_addr, sizeof(addr6));
if (inet_ntop(AF_INET6, &addr6, avalue6,
INET6_ADDRSTRLEN) == NULL)
err(1, "inet_ntop");
add_ip_addr(&ip6_addr, avalue6);
break;
#endif
}
freeaddrinfo(ai0);
}
static void
quoted_print(FILE *fp, char *str)
{
int c, qc;
char *p = str;
/* An empty string needs quoting. */
if (!*p) {
fputs("\"\"", fp);
return;
}
/*
* The value will be surrounded by quotes if it contains spaces
* or quotes.
*/
qc = strchr(p, '\'') ? '"'
: strchr(p, '"') ? '\''
: strchr(p, ' ') || strchr(p, '\t') ? '"'
: 0;
if (qc)
putc(qc, fp);
while ((c = *p++)) {
if (c == '\\' || c == qc)
putc('\\', fp);
putc(c, fp);
}
if (qc)
putc(qc, fp);
}
static void
set_param(const char *name, char *value)
{
struct param *param;
char *ep, *p;
size_t buflen, mlen;
int i, nval, mib[CTL_MAXNAME];
struct {
int i;
char s[MAXPATHLEN];
} buf;
static int paramlistsize;
/* Separate the name from the value, if not done already. */
if (name == NULL) {
name = value;
if ((value = strchr(value, '=')))
*value++ = '\0';
}
/* Check for repeat parameters */
for (i = 0; i < nparams; i++)
if (!strcmp(name, params[i].name.iov_base)) {
memcpy(params + i, params + i + 1,
(--nparams - i) * sizeof(struct param));
break;
}
/* Make sure there is room for the new param record. */
if (!nparams) {
paramlistsize = 32;
params = malloc(paramlistsize * sizeof(*params));
param_values = malloc(paramlistsize * sizeof(*param_values));
if (params == NULL || param_values == NULL)
err(1, "malloc");
} else if (nparams >= paramlistsize) {
paramlistsize *= 2;
params = realloc(params, paramlistsize * sizeof(*params));
param_values = realloc(param_values,
paramlistsize * sizeof(*param_values));
if (params == NULL)
err(1, "realloc");
}
/* Look up the paramter. */
param_values[nparams] = value;
param = params + nparams++;
*(const void **)&param->name.iov_base = name;
param->name.iov_len = strlen(name) + 1;
/* Trivial values - no value or errmsg. */
if (value == NULL) {
param->value.iov_base = NULL;
param->value.iov_len = 0;
return;
}
if (!strcmp(name, "errmsg")) {
param->value.iov_base = value;
param->value.iov_len = ERRMSG_SIZE;
return;
}
mib[0] = 0;
mib[1] = 3;
snprintf(buf.s, sizeof(buf.s), SJPARAM ".%s", name);
mlen = sizeof(mib) - 2 * sizeof(int);
if (sysctl(mib, 2, mib + 2, &mlen, buf.s, strlen(buf.s)) < 0)
errx(1, "unknown parameter: %s", name);
mib[1] = 4;
buflen = sizeof(buf);
if (sysctl(mib, (mlen / sizeof(int)) + 2, &buf, &buflen, NULL, 0) < 0)
err(1, "sysctl(0.4.%s)", name);
/*
* See if this is an array type.
* Treat non-arrays as an array of one.
*/
p = strchr(buf.s, '\0');
nval = 1;
if (p - 2 >= buf.s && !strcmp(p - 2, ",a")) {
if (value[0] == '\0' ||
(value[0] == '-' && value[1] == '\0')) {
param->value.iov_base = value;
param->value.iov_len = 0;
return;
}
p[-2] = 0;
for (p = strchr(value, ','); p; p = strchr(p + 1, ',')) {
*p = '\0';
nval++;
}
}
/* Set the values according to the parameter type. */
switch (buf.i & CTLTYPE) {
case CTLTYPE_INT:
case CTLTYPE_UINT:
param->value.iov_len = nval * sizeof(int);
break;
case CTLTYPE_LONG:
case CTLTYPE_ULONG:
param->value.iov_len = nval * sizeof(long);
break;
case CTLTYPE_STRUCT:
if (!strcmp(buf.s, "S,in_addr"))
param->value.iov_len = nval * sizeof(struct in_addr);
#ifdef INET6
else if (!strcmp(buf.s, "S,in6_addr"))
param->value.iov_len = nval * sizeof(struct in6_addr);
#endif
else
errx(1, "%s: unknown parameter structure (%s)",
name, buf.s);
break;
case CTLTYPE_STRING:
if (!strcmp(name, "path")) {
param->value.iov_base = malloc(MAXPATHLEN);
if (param->value.iov_base == NULL)
err(1, "malloc");
if (realpath(value, param->value.iov_base) == NULL)
err(1, "%s: realpath(%s)", name, value);
if (chdir(param->value.iov_base) != 0)
err(1, "chdir: %s",
(char *)param->value.iov_base);
} else
param->value.iov_base = value;
param->value.iov_len = strlen(param->value.iov_base) + 1;
return;
default:
errx(1, "%s: unknown parameter type %d (%s)",
name, buf.i, buf.s);
}
param->value.iov_base = malloc(param->value.iov_len);
for (i = 0; i < nval; i++) {
switch (buf.i & CTLTYPE) {
case CTLTYPE_INT:
((int *)param->value.iov_base)[i] =
strtol(value, &ep, 10);
if (ep[0] != '\0')
errx(1, "%s: non-integer value \"%s\"",
name, value);
break;
case CTLTYPE_UINT:
((unsigned *)param->value.iov_base)[i] =
strtoul(value, &ep, 10);
if (ep[0] != '\0')
errx(1, "%s: non-integer value \"%s\"",
name, value);
break;
case CTLTYPE_LONG:
((long *)param->value.iov_base)[i] =
strtol(value, &ep, 10);
if (ep[0] != '\0')
errx(1, "%s: non-integer value \"%s\"",
name, value);
break;
case CTLTYPE_ULONG:
((unsigned long *)param->value.iov_base)[i] =
strtoul(value, &ep, 10);
if (ep[0] != '\0')
errx(1, "%s: non-integer value \"%s\"",
name, value);
break;
case CTLTYPE_STRUCT:
if (!strcmp(buf.s, "S,in_addr")) {
if (inet_pton(AF_INET, value,
&((struct in_addr *)
param->value.iov_base)[i]) != 1)
errx(1, "%s: not an IPv4 address: %s",
name, value);
}
#ifdef INET6
else if (!strcmp(buf.s, "S,in6_addr")) {
if (inet_pton(AF_INET6, value,
&((struct in6_addr *)
param->value.iov_base)[i]) != 1)
errx(1, "%s: not an IPv6 address: %s",
name, value);
}
#endif
}
if (i > 0)
value[-1] = ',';
value = strchr(value, '\0') + 1;
}
}
static void
usage(void)
{
(void)fprintf(stderr, "%s%s%s\n",
"usage: jail [-hi] [-n jailname] [-J jid_file] ",
"[-s securelevel] [-l -u username | -U username] ",
"path hostname [ip[,..]] command ...");
(void)fprintf(stderr,
"usage: jail [-d] [-h] [-i] [-J jid_file] "
"[-l -u username | -U username]\n"
" [-c | -m] param=value ... [command=command ...]\n"
" jail [-r jail]\n");
exit(1);
}
static int
add_addresses(struct addrinfo *res0)
{
int error;
struct addrinfo *res;
struct addr4entry *a4p;
struct sockaddr_in *sai;
#ifdef INET6
struct addr6entry *a6p;
struct sockaddr_in6 *sai6;
#endif
int count;
error = 0;
for (res = res0; res && error == 0; res = res->ai_next) {
switch (res->ai_family) {
case AF_INET:
sai = (struct sockaddr_in *)(void *)res->ai_addr;
STAILQ_FOREACH(a4p, &addr4, addr4entries) {
if (bcmp(&sai->sin_addr, &a4p->ip4,
sizeof(struct in_addr)) == 0) {
err(1, "Ignoring duplicate IPv4 address.");
break;
}
}
a4p = (struct addr4entry *) malloc(
sizeof(struct addr4entry));
if (a4p == NULL) {
error = 1;
break;
}
bzero(a4p, sizeof(struct addr4entry));
bcopy(&sai->sin_addr, &a4p->ip4,
sizeof(struct in_addr));
if (!STAILQ_EMPTY(&addr4))
count = STAILQ_FIRST(&addr4)->count;
else
count = 0;
STAILQ_INSERT_TAIL(&addr4, a4p, addr4entries);
STAILQ_FIRST(&addr4)->count = count + 1;
break;
#ifdef INET6
case AF_INET6:
sai6 = (struct sockaddr_in6 *)(void *)res->ai_addr;
STAILQ_FOREACH(a6p, &addr6, addr6entries) {
if (bcmp(&sai6->sin6_addr, &a6p->ip6,
sizeof(struct in6_addr)) == 0) {
err(1, "Ignoring duplicate IPv6 address.");
break;
}
}
a6p = (struct addr6entry *) malloc(
sizeof(struct addr6entry));
if (a6p == NULL) {
error = 1;
break;
}
bzero(a6p, sizeof(struct addr6entry));
bcopy(&sai6->sin6_addr, &a6p->ip6,
sizeof(struct in6_addr));
if (!STAILQ_EMPTY(&addr6))
count = STAILQ_FIRST(&addr6)->count;
else
count = 0;
STAILQ_INSERT_TAIL(&addr6, a6p, addr6entries);
STAILQ_FIRST(&addr6)->count = count + 1;
break;
#endif
default:
err(1, "Address family %d not supported. Ignoring.\n",
res->ai_family);
break;
}
}
return (error);
}
static struct in_addr *
copy_addr4(void)
{
size_t len;
struct in_addr *ip4s, *p, ia;
struct addr4entry *a4p;
if (STAILQ_EMPTY(&addr4))
return NULL;
len = STAILQ_FIRST(&addr4)->count * sizeof(struct in_addr);
ip4s = p = (struct in_addr *)malloc(len);
if (ip4s == NULL)
return (NULL);
bzero(p, len);
while (!STAILQ_EMPTY(&addr4)) {
a4p = STAILQ_FIRST(&addr4);
STAILQ_REMOVE_HEAD(&addr4, addr4entries);
ia.s_addr = a4p->ip4.s_addr;
bcopy(&ia, p, sizeof(struct in_addr));
p++;
free(a4p);
}
return (ip4s);
}
#ifdef INET6
static struct in6_addr *
copy_addr6(void)
{
size_t len;
struct in6_addr *ip6s, *p;
struct addr6entry *a6p;
if (STAILQ_EMPTY(&addr6))
return NULL;
len = STAILQ_FIRST(&addr6)->count * sizeof(struct in6_addr);
ip6s = p = (struct in6_addr *)malloc(len);
if (ip6s == NULL)
return (NULL);
bzero(p, len);
while (!STAILQ_EMPTY(&addr6)) {
a6p = STAILQ_FIRST(&addr6);
STAILQ_REMOVE_HEAD(&addr6, addr6entries);
bcopy(&a6p->ip6, p, sizeof(struct in6_addr));
p++;
free(a6p);
}
return (ip6s);
}
#endif

2
usr.sbin/jexec/Makefile
View File

@ -6,6 +6,4 @@ DPADD= ${LIBUTIL}
LDADD= -lutil
WARNS?= 6
CFLAGS+= -DSUPPORT_OLD_XPRISON
.include <bsd.prog.mk>

28
usr.sbin/jexec/jexec.8
View File

@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd November 29, 2008
.Dd May 27, 2009
.Dt JEXEC 8
.Os
.Sh NAME
@ -34,36 +34,18 @@
.Sh SYNOPSIS
.Nm
.Op Fl u Ar username | Fl U Ar username
.Op Fl n Ar jailname
.Ar jid command ...
.Ar jail command ...
.Sh DESCRIPTION
The
.Nm
utility executes
.Ar command
inside the jail identified by either
.Ar jailname
or
.Ar jid
or both.
.Pp
If the jail cannot be identified uniquely by the given parameters,
an error message is printed.
.Nm
will also check the state of the jail (once supported) to be
.Dv ALIVE
and ignore jails in other states.
The mandatory argument
.Ar jid
is the unique jail identifier as given by
.Xr jls 8 .
In case you only want to match on other criteria, give an empty string.
inside the
.Ar jail
identified by its jid or name.
.Pp
The following options are available:
.Bl -tag -width indent
.It Fl n Ar jailname
The name of the jail, if given upon creation of the jail.
This is not the hostname of the jail.
.It Fl u Ar username
The user name from host environment as whom the
.Ar command

189
usr.sbin/jexec/jexec.c
View File

@ -29,12 +29,16 @@
#include <sys/param.h>
#include <sys/jail.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <sys/uio.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <err.h>
#include <errno.h>
#include <limits.h>
#include <login_cap.h>
#include <stdio.h>
#include <stdlib.h>
@ -44,153 +48,6 @@
static void usage(void);
#ifdef SUPPORT_OLD_XPRISON
static
char *lookup_xprison_v1(void *p, char *end, int *id)
{
struct xprison_v1 *xp;
if (id == NULL)
errx(1, "Internal error. Invalid ID pointer.");
if ((char *)p + sizeof(struct xprison_v1) > end)
errx(1, "Invalid length for jail");
xp = (struct xprison_v1 *)p;
*id = xp->pr_id;
return ((char *)(xp + 1));
}
#endif
static
char *lookup_xprison_v3(void *p, char *end, int *id, char *jailname)
{
struct xprison *xp;
char *q;
int ok;
if (id == NULL)
errx(1, "Internal error. Invalid ID pointer.");
if ((char *)p + sizeof(struct xprison) > end)
errx(1, "Invalid length for jail");
xp = (struct xprison *)p;
ok = 1;
/* Jail state and name. */
if (xp->pr_state < 0 || xp->pr_state >=
(int)((sizeof(prison_states) / sizeof(struct prison_state))))
errx(1, "Invalid jail state.");
else if (xp->pr_state != PRISON_STATE_ALIVE)
ok = 0;
if (jailname != NULL) {
if (xp->pr_name[0] == '\0')
ok = 0;
else if (strcmp(jailname, xp->pr_name) != 0)
ok = 0;
}
q = (char *)(xp + 1);
/* IPv4 addresses. */
q += (xp->pr_ip4s * sizeof(struct in_addr));
if ((char *)q > end)
errx(1, "Invalid length for jail");
/* IPv6 addresses. */
q += (xp->pr_ip6s * sizeof(struct in6_addr));
if ((char *)q > end)
errx(1, "Invalid length for jail");
if (ok)
*id = xp->pr_id;
return (q);
}
static int
lookup_jail(int jid, char *jailname)
{
size_t i, j, len;
void *p, *q;
int version, id, xid, count;
if (sysctlbyname("security.jail.list", NULL, &len, NULL, 0) == -1)
err(1, "sysctlbyname(): security.jail.list");
j = len;
for (i = 0; i < 4; i++) {
if (len == 0)
return (-1);
p = q = malloc(len);
if (p == NULL)
err(1, "malloc()");
if (sysctlbyname("security.jail.list", q, &len, NULL, 0) == -1) {
if (errno == ENOMEM) {
free(p);
p = NULL;
len += j;
continue;
}
err(1, "sysctlbyname(): security.jail.list");
}
break;
}
if (p == NULL)
err(1, "sysctlbyname(): security.jail.list");
if (len < sizeof(int))
errx(1, "This is no prison. Kernel and userland out of sync?");
version = *(int *)p;
if (version > XPRISON_VERSION)
errx(1, "Sci-Fi prison. Kernel/userland out of sync?");
count = 0;
xid = -1;
for (; q != NULL && (char *)q + sizeof(int) < (char *)p + len;) {
version = *(int *)q;
if (version > XPRISON_VERSION)
errx(1, "Sci-Fi prison. Kernel/userland out of sync?");
id = -1;
switch (version) {
#ifdef SUPPORT_OLD_XPRISON
case 1:
if (jailname != NULL)
errx(1, "Version 1 prisons did not "
"support jail names.");
q = lookup_xprison_v1(q, (char *)p + len, &id);
break;
case 2:
errx(1, "Version 2 was used by multi-IPv4 jail "
"implementations that never made it into the "
"official kernel.");
/* NOTREACHED */
break;
#endif
case 3:
q = lookup_xprison_v3(q, (char *)p + len, &id, jailname);
break;
default:
errx(1, "Prison unknown. Kernel/userland out of sync?");
/* NOTREACHED */
break;
}
/* Possible match; see if we have a jail ID to match as well. */
if (id > 0 && (jid <= 0 || id == jid)) {
xid = id;
count++;
}
}
free(p);
if (count == 1)
return (xid);
else if (count > 1)
errx(1, "Could not uniquely identify the jail.");
else
return (-1);
}
#define GET_USER_INFO do { \
pwd = getpwnam(username); \
if (pwd == NULL) { \
@ -210,21 +67,20 @@ lookup_jail(int jid, char *jailname)
int
main(int argc, char *argv[])
{
struct iovec params[2];
int jid;
login_cap_t *lcap = NULL;
struct passwd *pwd = NULL;
gid_t groups[NGROUPS];
int ch, ngroups, uflag, Uflag;
char *jailname, *username;
char *ep, *username;
ch = uflag = Uflag = 0;
jailname = username = NULL;
jid = -1;
username = NULL;
while ((ch = getopt(argc, argv, "i:n:u:U:")) != -1) {
while ((ch = getopt(argc, argv, "nu:U:")) != -1) {
switch (ch) {
case 'n':
jailname = optarg;
/* Specified name, now unused */
break;
case 'u':
username = optarg;
@ -242,22 +98,20 @@ main(int argc, char *argv[])
argv += optind;
if (argc < 2)
usage();
if (strlen(argv[0]) > 0) {
jid = (int)strtol(argv[0], NULL, 10);
if (errno)
err(1, "Unable to parse jail ID.");
}
if (jid <= 0 && jailname == NULL) {
fprintf(stderr, "Neither jail ID nor jail name given.\n");
usage();
}
if (uflag && Uflag)
usage();
if (uflag)
GET_USER_INFO;
jid = lookup_jail(jid, jailname);
if (jid <= 0)
errx(1, "Cannot identify jail.");
jid = strtoul(argv[0], &ep, 10);
if (!*argv[0] || *ep) {
*(const void **)&params[0].iov_base = "name";
params[0].iov_len = sizeof("name");
params[1].iov_base = argv[0];
params[1].iov_len = strlen(argv[0]) + 1;
jid = jail_get(params, 2, 0);
if (jid < 0)
errx(1, "Unknown jail: %s", argv[0]);
}
if (jail_attach(jid) == -1)
err(1, "jail_attach(): %d", jid);
if (chdir("/") == -1)
@ -283,8 +137,7 @@ static void
usage(void)
{
fprintf(stderr, "%s%s\n",
"usage: jexec [-u username | -U username]",
" [-n jailname] jid command ...");
fprintf(stderr, "%s\n",
"usage: jexec [-u username | -U username] jail command ...");
exit(1);
}

2
usr.sbin/jls/Makefile
View File

@ -4,6 +4,4 @@ PROG= jls
MAN= jls.8
WARNS?= 6
CFLAGS+= -DSUPPORT_OLD_XPRISON
.include <bsd.prog.mk>

84
usr.sbin/jls/jls.8
View File

@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd November 29, 2008
.Dd May 27, 2009
.Dt JLS 8
.Os
.Sh NAME
@ -33,38 +33,68 @@
.Nd "list jails"
.Sh SYNOPSIS
.Nm
.Op Fl av
.Op Fl dhnqsv
.Op Fl j Ar jail
.Op Ar parameter ...
.Sh DESCRIPTION
The
.Nm
utility lists all jails.
By default only active jails are listed.
utility lists all active jails, or the specified jail.
Each jail is represented by one row which contains space-separated values of
the listed
.Ar parameters ,
including the pseudo-parameter
.Va all
which will show all available jail parameters.
A list of available parameters can be retrieved via
.Dq Nm sysctl Fl d Va security.jail.param .
See
.Xr jail 8
for a description of some core parameters.
.Pp
The options are as follows:
.Bl -tag -width ".Fl a"
.It Fl a
Show jails in all states, not only active ones.
If no
.Ar parameters
are given, the following four columns will be printed:
jail identifier (jid), IP address (ip4.addr), hostname (host.hostname),
and path (path).
.Pp
The following options are available:
.Bl -tag -width indent
.It Fl d
List
.Va dying
as well as active jails.
.It Fl h
Print a header line containing the parameters listed.
If no parameters are given on the command line, the default output always
contains a header.
.It Fl n
Print parameters in
.Dq name=value
format, where each parameter is preceded by its name.
This option is ignored for the default four-column output.
.It Fl q
Put quotes around parameters if they contain spaces or quotes, or are
the empty string.
.It Fl c
Print parameters suitable for passing to
.Xr jail 8 ,
skipping read-only and unused parameters.
Implies
.Fl nq .
.It Fl v
Show more verbose information.
This also lists cpusets, jail state, multi-IP, etc. instead of the
classic single-IP jail output.
.El
.Pp
Each jail is represented by rows which, depending on
.Fl v ,
contain the following columns:
.Bl -item -offset indent -compact
.It
jail identifier (JID), hostname and path
.It
jail state and name
.It
jail cpuset
.It
followed by one IP adddress per line.
Print a multiple-line summary per jail, with the following parameters:
jail identifier (jid), hostname (host.hostname), path (path),
jail name (name), jail state (dying), cpuset ID (cpuset),
IP address(es) (ip4.addr and ip6.addr).
.It Fl j Ar jail
The jid or name of the
.Ar jail
to list.
Without this option, all active jails will be listed.
.El
.Sh SEE ALSO
.Xr jail 2 ,
.Xr jail_get 2 ,
.Xr jail 8 ,
.Xr jexec 8
.Sh HISTORY
@ -72,3 +102,5 @@ The
.Nm
utility was added in
.Fx 5.1 .
Extensible jail parameters were introduced in
.Fx 8.0 .

914
usr.sbin/jls/jls.c
View File

@ -1,6 +1,7 @@
/*-
* Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org>
* Copyright (c) 2008 Bjoern A. Zeeb <bz@FreeBSD.org>
* Copyright (c) 2009 James Gritton <jamie@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -23,18 +24,20 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#include <sys/param.h>
#include <sys/types.h>
#include <sys/jail.h>
#include <sys/sysctl.h>
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/jail.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/sysctl.h>
#include <sys/uio.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <err.h>
#include <errno.h>
#include <limits.h>
@ -43,215 +46,718 @@
#include <string.h>
#include <unistd.h>
#define FLAG_A 0x00001
#define FLAG_V 0x00002
#define SJPARAM "security.jail.param"
#define ARRAY_SLOP 5
#ifdef SUPPORT_OLD_XPRISON
static
char *print_xprison_v1(void *p, char *end, unsigned flags)
#define CTLTYPE_BOOL (CTLTYPE + 1)
#define CTLTYPE_NOBOOL (CTLTYPE + 2)
#define CTLTYPE_IPADDR (CTLTYPE + 3)
#define CTLTYPE_IP6ADDR (CTLTYPE + 4)
#define PARAM_KEY 0x01
#define PARAM_USER 0x02
#define PARAM_ARRAY 0x04
#define PARAM_OPT 0x08
#define PARAM_WR 0x10
#define PRINT_DEFAULT 0x01
#define PRINT_HEADER 0x02
#define PRINT_NAMEVAL 0x04
#define PRINT_QUOTED 0x08
#define PRINT_SKIP 0x10
#define PRINT_VERBOSE 0x20
struct param {
char *name;
void *value;
size_t size;
int type;
unsigned flags;
int noparent;
};
struct iovec2 {
struct iovec name;
struct iovec value;
};
static struct param *params;
static int nparams;
static char errmsg[256];
static int add_param(const char *name, void *value, unsigned flags);
static int get_param(const char *name, struct param *param);
static int sort_param(const void *a, const void *b);
static char *noname(const char *name);
static char *nononame(const char *name);
static int print_jail(int pflags, int jflags);
static void quoted_print(char *str, int len);
int
main(int argc, char **argv)
{
struct xprison_v1 *xp;
struct in_addr in;
char *dot, *ep, *jname, *nname;
int c, i, jflags, jid, lastjid, pflags, spc;
if ((char *)p + sizeof(struct xprison_v1) > end)
errx(1, "Invalid length for jail");
jname = NULL;
pflags = jflags = jid = 0;
while ((c = getopt(argc, argv, "adj:hnqsv")) >= 0)
switch (c) {
case 'a':
case 'd':
jflags |= JAIL_DYING;
break;
case 'j':
jid = strtoul(optarg, &ep, 10);
if (!*optarg || *ep)
jname = optarg;
break;
case 'h':
pflags = (pflags & ~PRINT_SKIP) | PRINT_HEADER;
break;
case 'n':
pflags = (pflags & ~PRINT_VERBOSE) | PRINT_NAMEVAL;
break;
case 'q':
pflags |= PRINT_QUOTED;
break;
case 's':
pflags = (pflags & ~(PRINT_HEADER | PRINT_VERBOSE)) |
PRINT_NAMEVAL | PRINT_QUOTED | PRINT_SKIP;
break;
case 'v':
pflags = (pflags & ~(PRINT_NAMEVAL | PRINT_SKIP)) |
PRINT_VERBOSE;
break;
default:
errx(1, "usage: jls [-dhnqv] [-j jail] [param ...]");
}
xp = (struct xprison_v1 *)p;
if (flags & FLAG_V) {
printf("%6d %-29.29s %.74s\n",
xp->pr_id, xp->pr_host, xp->pr_path);
/* We are not printing an empty line here for state and name. */
/* We are not printing an empty line here for cpusetid. */
/* IPv4 address. */
in.s_addr = htonl(xp->pr_ip);
printf("%6s %-15.15s\n", "", inet_ntoa(in));
} else {
printf("%6d %-15.15s %-29.29s %.74s\n",
xp->pr_id, inet_ntoa(in), xp->pr_host, xp->pr_path);
}
/* Add the parameters to print. */
if (optind == argc) {
if (pflags & PRINT_VERBOSE) {
add_param("jid", NULL, PARAM_USER);
add_param("host.hostname", NULL, PARAM_USER);
add_param("path", NULL, PARAM_USER);
add_param("name", NULL, PARAM_USER);
add_param("dying", NULL, PARAM_USER);
add_param("cpuset", NULL, PARAM_USER);
add_param("ip4.addr", NULL, PARAM_USER);
add_param("ip6.addr", NULL, PARAM_USER | PARAM_OPT);
} else {
pflags = (pflags &
~(PRINT_NAMEVAL | PRINT_SKIP | PRINT_VERBOSE)) |
PRINT_DEFAULT;
add_param("jid", NULL, PARAM_USER);
add_param("ip4.addr", NULL, PARAM_USER);
add_param("host.hostname", NULL, PARAM_USER);
add_param("path", NULL, PARAM_USER);
}
} else
while (optind < argc)
add_param(argv[optind++], NULL, PARAM_USER);
return ((char *)(xp + 1));
}
#endif
static
char *print_xprison_v3(void *p, char *end, unsigned flags)
{
struct xprison *xp;
struct in_addr *iap, in;
struct in6_addr *ia6p;
char buf[INET6_ADDRSTRLEN];
const char *state;
char *q;
uint32_t i;
if ((char *)p + sizeof(struct xprison) > end)
errx(1, "Invalid length for jail");
xp = (struct xprison *)p;
if (xp->pr_state < 0 || xp->pr_state >= (int)
((sizeof(prison_states) / sizeof(struct prison_state))))
state = "(bogus)";
else
state = prison_states[xp->pr_state].state_name;
/* See if we should print non-ACTIVE jails. No? */
if ((flags & FLAG_A) == 0 && strcmp(state, "ALIVE")) {
q = (char *)(xp + 1);
q += (xp->pr_ip4s * sizeof(struct in_addr));
if (q > end)
errx(1, "Invalid length for jail");
q += (xp->pr_ip6s * sizeof(struct in6_addr));
if (q > end)
errx(1, "Invalid length for jail");
return (q);
}
if (flags & FLAG_V)
printf("%6d %-29.29s %.74s\n",
xp->pr_id, xp->pr_host, xp->pr_path);
/* Jail state and name. */
if (flags & FLAG_V)
printf("%6s %-29.29s %.74s\n",
"", (xp->pr_name[0] != '\0') ? xp->pr_name : "", state);
/* cpusetid. */
if (flags & FLAG_V)
printf("%6s %-6d\n",
"", xp->pr_cpusetid);
q = (char *)(xp + 1);
/* IPv4 addresses. */
iap = (struct in_addr *)(void *)q;
q += (xp->pr_ip4s * sizeof(struct in_addr));
if (q > end)
errx(1, "Invalid length for jail");
in.s_addr = 0;
for (i = 0; i < xp->pr_ip4s; i++) {
if (i == 0 || flags & FLAG_V)
in.s_addr = iap[i].s_addr;
if (flags & FLAG_V)
printf("%6s %-15.15s\n", "", inet_ntoa(in));
}
/* IPv6 addresses. */
ia6p = (struct in6_addr *)(void *)q;
q += (xp->pr_ip6s * sizeof(struct in6_addr));
if (q > end)
errx(1, "Invalid length for jail");
for (i = 0; i < xp->pr_ip6s; i++) {
if (flags & FLAG_V) {
inet_ntop(AF_INET6, &ia6p[i], buf, sizeof(buf));
printf("%6s %s\n", "", buf);
if (pflags & PRINT_SKIP) {
/* Check for parameters with boolean parents. */
for (i = 0; i < nparams; i++) {
if ((params[i].flags & PARAM_USER) &&
(dot = strchr(params[i].name, '.'))) {
*dot = 0;
nname = noname(params[i].name);
*dot = '.';
params[i].noparent =
add_param(nname, NULL, PARAM_OPT);
free(nname);
}
}
}
/* If requested print the old style single line version. */
if (!(flags & FLAG_V))
printf("%6d %-15.15s %-29.29s %.74s\n",
xp->pr_id, (in.s_addr) ? inet_ntoa(in) : "",
xp->pr_host, xp->pr_path);
/* Add the index key and errmsg parameters. */
if (jid != 0)
add_param("jid", &jid, PARAM_KEY);
else if (jname != NULL)
add_param("name", jname, PARAM_KEY);
else
add_param("lastjid", &lastjid, PARAM_KEY);
add_param("errmsg", errmsg, PARAM_KEY);
return (q);
/* Print a header line if requested. */
if (pflags & PRINT_VERBOSE)
printf(" JID Hostname Path\n"
" Name State\n"
" CPUSetID\n"
" IP Address(es)\n");
else if (pflags & PRINT_DEFAULT)
printf(" JID IP Address "
"Hostname Path\n");
else if (pflags & PRINT_HEADER) {
for (i = spc = 0; i < nparams; i++)
if (params[i].flags & PARAM_USER) {
if (spc)
putchar(' ');
else
spc = 1;
fputs(params[i].name, stdout);
}
putchar('\n');
}
/* Fetch the jail(s) and print the paramters. */
if (jid != 0 || jname != NULL) {
if (print_jail(pflags, jflags) < 0) {
if (errmsg[0])
errx(1, "%s", errmsg);
err(1, "jail_get");
}
} else {
for (lastjid = 0;
(lastjid = print_jail(pflags, jflags)) >= 0; )
;
if (errno != 0 && errno != ENOENT) {
if (errmsg[0])
errx(1, "%s", errmsg);
err(1, "jail_get");
}
}
return (0);
}
static int
add_param(const char *name, void *value, unsigned flags)
{
struct param *param;
char *nname;
size_t mlen1, mlen2, buflen;
int mib1[CTL_MAXNAME], mib2[CTL_MAXNAME - 2];
int i, tnparams;
char buf[MAXPATHLEN];
static int paramlistsize;
/* The pseudo-parameter "all" scans the list of available parameters. */
if (!strcmp(name, "all")) {
tnparams = nparams;
mib1[0] = 0;
mib1[1] = 2;
mlen1 = CTL_MAXNAME - 2;
if (sysctlnametomib(SJPARAM, mib1 + 2, &mlen1) < 0)
err(1, "sysctlnametomib(" SJPARAM ")");
for (;;) {
/* Get the next parameter. */
mlen2 = sizeof(mib2);
if (sysctl(mib1, mlen1 + 2, mib2, &mlen2, NULL, 0) < 0)
err(1, "sysctl(0.2)");
if (mib2[0] != mib1[2] || mib2[1] != mib1[3] ||
mib2[2] != mib1[4])
break;
/* Convert it to an ascii name. */
memcpy(mib1 + 2, mib2, mlen2);
mlen1 = mlen2 / sizeof(int);
mib1[1] = 1;
buflen = sizeof(buf);
if (sysctl(mib1, mlen1 + 2, buf, &buflen, NULL, 0) < 0)
err(1, "sysctl(0.1)");
add_param(buf + sizeof(SJPARAM), NULL, flags);
/*
* Convert nobool parameters to bool if their
* counterpart is a node, ortherwise discard them.
*/
param = &params[nparams - 1];
if (param->type == CTLTYPE_NOBOOL) {
nname = nononame(param->name);
if (get_param(nname, param) >= 0 &&
param->type != CTLTYPE_NODE) {
free(nname);
nparams--;
} else {
free(param->name);
param->name = nname;
param->type = CTLTYPE_BOOL;
param->size = sizeof(int);
param->value = NULL;
}
}
mib1[1] = 2;
}
qsort(params + tnparams, (size_t)(nparams - tnparams),
sizeof(struct param), sort_param);
return -1;
}
/* Check for repeat parameters. */
for (i = 0; i < nparams; i++)
if (!strcmp(name, params[i].name)) {
params[i].value = value;
params[i].flags |= flags;
return i;
}
/* Make sure there is room for the new param record. */
if (!nparams) {
paramlistsize = 32;
params = malloc(paramlistsize * sizeof(*params));
if (params == NULL)
err(1, "malloc");
} else if (nparams >= paramlistsize) {
paramlistsize *= 2;
params = realloc(params, paramlistsize * sizeof(*params));
if (params == NULL)
err(1, "realloc");
}
/* Look up the parameter. */
param = params + nparams++;
memset(param, 0, sizeof *param);
param->name = strdup(name);
if (param->name == NULL)
err(1, "strdup");
param->flags = flags;
param->noparent = -1;
/* We have to know about pseudo-parameters without asking. */
if (!strcmp(param->name, "lastjid")) {
param->type = CTLTYPE_INT;
param->size = sizeof(int);
goto got_type;
}
if (!strcmp(param->name, "errmsg")) {
param->type = CTLTYPE_STRING;
param->size = sizeof(errmsg);
goto got_type;
}
if (get_param(name, param) < 0) {
if (errno != ENOENT)
err(1, "sysctl(0.3.%s)", name);
/* See if this the "no" part of an existing boolean. */
if ((nname = nononame(name))) {
i = get_param(nname, param);
free(nname);
if (i >= 0 && param->type == CTLTYPE_BOOL) {
param->type = CTLTYPE_NOBOOL;
goto got_type;
}
}
if (flags & PARAM_OPT) {
nparams--;
return -1;
}
errx(1, "unknown parameter: %s", name);
}
if (param->type == CTLTYPE_NODE) {
/*
* A node isn't normally a parameter, but may be a boolean
* if its "no" counterpart exists.
*/
nname = noname(name);
i = get_param(nname, param);
free(nname);
if (i >= 0 && param->type == CTLTYPE_NOBOOL) {
param->type = CTLTYPE_BOOL;
goto got_type;
}
errx(1, "unknown parameter: %s", name);
}
got_type:
param->value = value;
return param - params;
}
static int
get_param(const char *name, struct param *param)
{
char *p;
size_t buflen, mlen;
int mib[CTL_MAXNAME];
struct {
int i;
char s[MAXPATHLEN];
} buf;
/* Look up the MIB. */
mib[0] = 0;
mib[1] = 3;
snprintf(buf.s, sizeof(buf.s), SJPARAM ".%s", name);
mlen = sizeof(mib) - 2 * sizeof(int);
if (sysctl(mib, 2, mib + 2, &mlen, buf.s, strlen(buf.s)) < 0)
return (-1);
/* Get the type and size. */
mib[1] = 4;
buflen = sizeof(buf);
if (sysctl(mib, (mlen / sizeof(int)) + 2, &buf, &buflen, NULL, 0) < 0)
err(1, "sysctl(0.4.%s)", name);
param->type = buf.i & CTLTYPE;
if (buf.i & (CTLFLAG_WR | CTLFLAG_TUN))
param->flags |= PARAM_WR;
p = strchr(buf.s, '\0');
if (p - 2 >= buf.s && !strcmp(p - 2, ",a")) {
p[-2] = 0;
param->flags |= PARAM_ARRAY;
}
switch (param->type) {
case CTLTYPE_INT:
/* An integer parameter might be a boolean. */
if (buf.s[0] == 'B')
param->type = buf.s[1] == 'N'
? CTLTYPE_NOBOOL : CTLTYPE_BOOL;
case CTLTYPE_UINT:
param->size = sizeof(int);
break;
case CTLTYPE_LONG:
case CTLTYPE_ULONG:
param->size = sizeof(long);
break;
case CTLTYPE_STRUCT:
if (!strcmp(buf.s, "S,in_addr")) {
param->type = CTLTYPE_IPADDR;
param->size = sizeof(struct in_addr);
} else if (!strcmp(buf.s, "S,in6_addr")) {
param->type = CTLTYPE_IP6ADDR;
param->size = sizeof(struct in6_addr);
}
break;
case CTLTYPE_STRING:
buf.s[0] = 0;
sysctl(mib + 2, mlen / sizeof(int), buf.s, &buflen, NULL, 0);
param->size = strtoul(buf.s, NULL, 10);
if (param->size == 0)
param->size = BUFSIZ;
}
return (0);
}
static int
sort_param(const void *a, const void *b)
{
const struct param *parama, *paramb;
char *ap, *bp;
/* Put top-level parameters first. */
parama = a;
paramb = b;
ap = strchr(parama->name, '.');
bp = strchr(paramb->name, '.');
if (ap && !bp)
return (1);
if (bp && !ap)
return (-1);
return (strcmp(parama->name, paramb->name));
}
static char *
noname(const char *name)
{
char *nname, *p;
nname = malloc(strlen(name) + 3);
if (nname == NULL)
err(1, "malloc");
p = strrchr(name, '.');
if (p != NULL)
sprintf(nname, "%.*s.no%s", (int)(p - name), name, p + 1);
else
sprintf(nname, "no%s", name);
return nname;
}
static char *
nononame(const char *name)
{
char *nname, *p;
p = strrchr(name, '.');
if (strncmp(p ? p + 1 : name, "no", 2))
return NULL;
nname = malloc(strlen(name) - 1);
if (nname == NULL)
err(1, "malloc");
if (p != NULL)
sprintf(nname, "%.*s.%s", (int)(p - name), name, p + 3);
else
strcpy(nname, name + 2);
return nname;
}
static int
print_jail(int pflags, int jflags)
{
char *nname;
int i, ai, jid, count, sanity, spc;
char ipbuf[INET6_ADDRSTRLEN];
static struct iovec2 *iov, *aiov;
static int narray, nkey;
/* Set up the parameter list(s) the first time around. */
if (iov == NULL) {
iov = malloc(nparams * sizeof(struct iovec2));
if (iov == NULL)
err(1, "malloc");
for (i = narray = 0; i < nparams; i++) {
iov[i].name.iov_base = params[i].name;
iov[i].name.iov_len = strlen(params[i].name) + 1;
iov[i].value.iov_base = params[i].value;
iov[i].value.iov_len =
params[i].type == CTLTYPE_STRING &&
params[i].value != NULL &&
((char *)params[i].value)[0] != '\0'
? strlen(params[i].value) + 1 : params[i].size;
if (params[i].flags & (PARAM_KEY | PARAM_ARRAY)) {
narray++;
if (params[i].flags & PARAM_KEY)
nkey++;
}
}
if (narray > nkey) {
aiov = malloc(narray * sizeof(struct iovec2));
if (aiov == NULL)
err(1, "malloc");
for (i = ai = 0; i < nparams; i++)
if (params[i].flags &
(PARAM_KEY | PARAM_ARRAY))
aiov[ai++] = iov[i];
}
}
/* If there are array parameters, find their sizes. */
if (aiov != NULL) {
for (ai = 0; ai < narray; ai++)
if (aiov[ai].value.iov_base == NULL)
aiov[ai].value.iov_len = 0;
if (jail_get((struct iovec *)aiov, 2 * narray, jflags) < 0)
return (-1);
}
/* Allocate storage for all parameters. */
for (i = ai = 0; i < nparams; i++) {
if (params[i].flags & (PARAM_KEY | PARAM_ARRAY)) {
if (params[i].flags & PARAM_ARRAY) {
iov[i].value.iov_len = aiov[ai].value.iov_len +
ARRAY_SLOP * params[i].size;
iov[i].value.iov_base =
malloc(iov[i].value.iov_len);
}
ai++;
} else
iov[i].value.iov_base = malloc(params[i].size);
if (iov[i].value.iov_base == NULL)
err(1, "malloc");
if (params[i].value == NULL)
memset(iov[i].value.iov_base, 0, iov[i].value.iov_len);
}
/*
* Get the actual prison. If there are array elements, retry a few
* times in case the size changed from under us.
*/
if ((jid = jail_get((struct iovec *)iov, 2 * nparams, jflags)) < 0) {
if (errno != EINVAL || aiov == NULL || errmsg[0])
return (-1);
for (sanity = 0;; sanity++) {
if (sanity == 10)
return (-1);
for (ai = 0; ai < narray; ai++)
if (params[i].flags & PARAM_ARRAY)
aiov[ai].value.iov_len = 0;
if (jail_get((struct iovec *)iov, 2 * narray, jflags) <
0)
return (-1);
for (i = ai = 0; i < nparams; i++) {
if (!(params[i].flags &
(PARAM_KEY | PARAM_ARRAY)))
continue;
if (params[i].flags & PARAM_ARRAY) {
iov[i].value.iov_len =
aiov[ai].value.iov_len +
ARRAY_SLOP * params[i].size;
iov[i].value.iov_base =
realloc(iov[i].value.iov_base,
iov[i].value.iov_len);
if (iov[i].value.iov_base == NULL)
err(1, "malloc");
}
ai++;
}
}
}
if (pflags & PRINT_VERBOSE) {
printf("%6d %-29.29s %.74s\n"
"%6s %-29.29s %.74s\n"
"%6s %-6d\n",
*(int *)iov[0].value.iov_base,
(char *)iov[1].value.iov_base,
(char *)iov[2].value.iov_base,
"",
(char *)iov[3].value.iov_base,
*(int *)iov[4].value.iov_base ? "DYING" : "ACTIVE",
"",
*(int *)iov[5].value.iov_base);
count = iov[6].value.iov_len / sizeof(struct in_addr);
for (ai = 0; ai < count; ai++)
if (inet_ntop(AF_INET,
&((struct in_addr *)iov[6].value.iov_base)[ai],
ipbuf, sizeof(ipbuf)) == NULL)
err(1, "inet_ntop");
else
printf("%6s %-15.15s\n", "", ipbuf);
if (!strcmp(params[7].name, "ip6.addr")) {
count = iov[7].value.iov_len / sizeof(struct in6_addr);
for (ai = 0; ai < count; ai++)
if (inet_ntop(AF_INET6, &((struct in_addr *)
iov[7].value.iov_base)[ai],
ipbuf, sizeof(ipbuf)) == NULL)
err(1, "inet_ntop");
else
printf("%6s %-15.15s\n", "", ipbuf);
}
} else if (pflags & PRINT_DEFAULT)
printf("%6d %-15.15s %-29.29s %.74s\n",
*(int *)iov[0].value.iov_base,
iov[1].value.iov_len == 0 ? "-"
: inet_ntoa(*(struct in_addr *)iov[1].value.iov_base),
(char *)iov[2].value.iov_base,
(char *)iov[3].value.iov_base);
else {
for (i = spc = 0; i < nparams; i++) {
if (!(params[i].flags & PARAM_USER))
continue;
if ((pflags & PRINT_SKIP) &&
((!(params[i].flags & PARAM_WR)) ||
(params[i].noparent >= 0 &&
*(int *)iov[params[i].noparent].value.iov_base)))
continue;
if (spc)
putchar(' ');
else
spc = 1;
if (pflags & PRINT_NAMEVAL) {
/*
* Generally "name=value", but for booleans
* either "name" or "noname".
*/
switch (params[i].type) {
case CTLTYPE_BOOL:
if (*(int *)iov[i].value.iov_base)
printf("%s", params[i].name);
else {
nname = noname(params[i].name);
printf("%s", nname);
free(nname);
}
break;
case CTLTYPE_NOBOOL:
if (*(int *)iov[i].value.iov_base)
printf("%s", params[i].name);
else {
nname =
nononame(params[i].name);
printf("%s", nname);
free(nname);
}
break;
default:
printf("%s=", params[i].name);
}
}
count = params[i].flags & PARAM_ARRAY
? iov[i].value.iov_len / params[i].size : 1;
if (count == 0) {
if (pflags & PRINT_QUOTED)
printf("\"\"");
else if (!(pflags & PRINT_NAMEVAL))
putchar('-');
}
for (ai = 0; ai < count; ai++) {
if (ai > 0)
putchar(',');
switch (params[i].type) {
case CTLTYPE_INT:
printf("%d", ((int *)
iov[i].value.iov_base)[ai]);
break;
case CTLTYPE_UINT:
printf("%u", ((int *)
iov[i].value.iov_base)[ai]);
break;
case CTLTYPE_IPADDR:
if (inet_ntop(AF_INET,
&((struct in_addr *)
iov[i].value.iov_base)[ai],
ipbuf, sizeof(ipbuf)) == NULL)
err(1, "inet_ntop");
else
printf("%s", ipbuf);
break;
case CTLTYPE_IP6ADDR:
if (inet_ntop(AF_INET6,
&((struct in6_addr *)
iov[i].value.iov_base)[ai],
ipbuf, sizeof(ipbuf)) == NULL)
err(1, "inet_ntop");
else
printf("%s", ipbuf);
break;
case CTLTYPE_LONG:
printf("%ld", ((long *)
iov[i].value.iov_base)[ai]);
case CTLTYPE_ULONG:
printf("%lu", ((long *)
iov[i].value.iov_base)[ai]);
break;
case CTLTYPE_STRING:
if (pflags & PRINT_QUOTED)
quoted_print((char *)
iov[i].value.iov_base,
params[i].size);
else
printf("%.*s",
(int)params[i].size,
(char *)
iov[i].value.iov_base);
break;
case CTLTYPE_BOOL:
case CTLTYPE_NOBOOL:
if (!(pflags & PRINT_NAMEVAL))
printf(((int *)
iov[i].value.iov_base)[ai]
? "true" : "false");
}
}
}
putchar('\n');
}
for (i = 0; i < nparams; i++)
if (params[i].value == NULL)
free(iov[i].value.iov_base);
return (jid);
}
static void
usage(void)
quoted_print(char *str, int len)
{
int c, qc;
char *p = str;
char *ep = str + len;
(void)fprintf(stderr, "usage: jls [-av]\n");
exit(1);
}
int
main(int argc, char *argv[])
{
int ch, version;
unsigned flags;
size_t i, j, len;
void *p, *q;
flags = 0;
while ((ch = getopt(argc, argv, "av")) != -1) {
switch (ch) {
case 'a':
flags |= FLAG_A;
break;
case 'v':
flags |= FLAG_V;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (sysctlbyname("security.jail.list", NULL, &len, NULL, 0) == -1)
err(1, "sysctlbyname(): security.jail.list");
j = len;
for (i = 0; i < 4; i++) {
if (len <= 0)
exit(0);
p = q = malloc(len);
if (p == NULL)
err(1, "malloc()");
if (sysctlbyname("security.jail.list", q, &len, NULL, 0) == -1) {
if (errno == ENOMEM) {
free(p);
p = NULL;
len += j;
continue;
}
err(1, "sysctlbyname(): security.jail.list");
}
break;
}
if (p == NULL)
err(1, "sysctlbyname(): security.jail.list");
if (len < sizeof(int))
errx(1, "This is no prison. Kernel and userland out of sync?");
version = *(int *)p;
if (version > XPRISON_VERSION)
errx(1, "Sci-Fi prison. Kernel/userland out of sync?");
if (flags & FLAG_V) {
printf(" JID Hostname Path\n");
printf(" Name State\n");
printf(" CPUSetID\n");
printf(" IP Address(es)\n");
} else {
printf(" JID IP Address Hostname"
" Path\n");
}
for (; q != NULL && (char *)q + sizeof(int) < (char *)p + len;) {
version = *(int *)q;
if (version > XPRISON_VERSION)
errx(1, "Sci-Fi prison. Kernel/userland out of sync?");
switch (version) {
#ifdef SUPPORT_OLD_XPRISON
case 1:
q = print_xprison_v1(q, (char *)p + len, flags);
break;
case 2:
errx(1, "Version 2 was used by multi-IPv4 jail "
"implementations that never made it into the "
"official kernel.");
/* NOTREACHED */
break;
#endif
case 3:
q = print_xprison_v3(q, (char *)p + len, flags);
break;
default:
errx(1, "Prison unknown. Kernel/userland out of sync?");
/* NOTREACHED */
break;
}
}
free(p);
exit(0);
/* An empty string needs quoting. */
if (!*p) {
fputs("\"\"", stdout);
return;
}
/*
* The value will be surrounded by quotes if it contains spaces
* or quotes.
*/
qc = strchr(p, '\'') ? '"'
: strchr(p, '"') ? '\''
: strchr(p, ' ') || strchr(p, '\t') ? '"'
: 0;
if (qc)
putchar(qc);
while (p < ep && (c = *p++)) {
if (c == '\\' || c == qc)
putchar('\\');
putchar(c);
}
if (qc)
putchar(qc);
}