bectl(8): Allow running a custom command in the 'jail' subcommand
Instead of always running /bin/sh, allow the user to specify the command to run. The jail is not removed when the command finishes. Meaning, `bectl unjail` will still need to be run. For example: ``` bectl jail newBE pkg upgrade bectl ujail newBE ``` Submitted by: Shawn Webb Obtained from: HardenedBSD (8b451014ab)
This commit is contained in:
parent
b6413b6db8
commit
cd816834d4
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=337993
@ -18,7 +18,7 @@
|
|||||||
.\"
|
.\"
|
||||||
.\" $FreeBSD$
|
.\" $FreeBSD$
|
||||||
.\"
|
.\"
|
||||||
.Dd August 16, 2018
|
.Dd August 17, 2018
|
||||||
.Dt BECTL 8
|
.Dt BECTL 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
@ -54,6 +54,7 @@ jail
|
|||||||
.Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ...
|
.Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ...
|
||||||
.Ao Ar jailID | jailName Ac
|
.Ao Ar jailID | jailName Ac
|
||||||
.Ao Ar bootenv Ac
|
.Ao Ar bootenv Ac
|
||||||
|
.Op Ar utility Op Ar argument ...
|
||||||
.Nm
|
.Nm
|
||||||
list
|
list
|
||||||
.Op Fl a
|
.Op Fl a
|
||||||
@ -150,6 +151,7 @@ from
|
|||||||
.Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ...
|
.Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ...
|
||||||
.Ao Ar jailID | jailName Ac
|
.Ao Ar jailID | jailName Ac
|
||||||
.Ao Ar bootenv Ac
|
.Ao Ar bootenv Ac
|
||||||
|
.Op Ar utility Op Ar argument ...
|
||||||
.Pp
|
.Pp
|
||||||
Creates a jail of the given boot environment.
|
Creates a jail of the given boot environment.
|
||||||
Multiple
|
Multiple
|
||||||
@ -161,8 +163,16 @@ arguments may be specified.
|
|||||||
will set a jail parameter, and
|
will set a jail parameter, and
|
||||||
.Fl u
|
.Fl u
|
||||||
will unset a jail parameter.
|
will unset a jail parameter.
|
||||||
By default, jails are created in interactive mode, with a shell being
|
.Pp
|
||||||
|
By default, jails are created in interactive mode and
|
||||||
|
.Pa /bin/sh
|
||||||
|
is
|
||||||
executed within the jail.
|
executed within the jail.
|
||||||
|
If
|
||||||
|
.Ar utility
|
||||||
|
is specified, it will be executed instead of
|
||||||
|
.Pa /bin/sh .
|
||||||
|
.Pp
|
||||||
The
|
The
|
||||||
.Fl b
|
.Fl b
|
||||||
argument enables batch mode, thereby disabling interactive mode.
|
argument enables batch mode, thereby disabling interactive mode.
|
||||||
|
@ -77,7 +77,7 @@ usage(bool explicit)
|
|||||||
#if SOON
|
#if SOON
|
||||||
"\tbectl add (path)*\n"
|
"\tbectl add (path)*\n"
|
||||||
#endif
|
#endif
|
||||||
"\tbectl jail [-b] [ -o key=value | -u key ]... bootenv\n"
|
"\tbectl jail [-b] [ -o key=value | -u key ]... bootenv [utility [argument ...]]\n"
|
||||||
"\tbectl list [-a] [-D] [-H] [-s]\n"
|
"\tbectl list [-a] [-D] [-H] [-s]\n"
|
||||||
"\tbectl mount beName [mountpoint]\n"
|
"\tbectl mount beName [mountpoint]\n"
|
||||||
"\tbectl rename origBeName newBeName\n"
|
"\tbectl rename origBeName newBeName\n"
|
||||||
|
@ -238,10 +238,6 @@ bectl_cmd_jail(int argc, char *argv[])
|
|||||||
fprintf(stderr, "bectl jail: missing boot environment name\n");
|
fprintf(stderr, "bectl jail: missing boot environment name\n");
|
||||||
return (usage(false));
|
return (usage(false));
|
||||||
}
|
}
|
||||||
if (argc > 2) {
|
|
||||||
fprintf(stderr, "bectl jail: too many arguments\n");
|
|
||||||
return (usage(false));
|
|
||||||
}
|
|
||||||
|
|
||||||
bootenv = argv[0];
|
bootenv = argv[0];
|
||||||
|
|
||||||
@ -284,7 +280,10 @@ bectl_cmd_jail(int argc, char *argv[])
|
|||||||
if (interactive) {
|
if (interactive) {
|
||||||
/* We're attached within the jail... good bye! */
|
/* We're attached within the jail... good bye! */
|
||||||
chdir("/");
|
chdir("/");
|
||||||
execl("/bin/sh", "/bin/sh", NULL);
|
if (argc > 1)
|
||||||
|
execve(argv[1], &argv[1], NULL);
|
||||||
|
else
|
||||||
|
execl("/bin/sh", "/bin/sh", NULL);
|
||||||
return (1);
|
return (1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user