o Add jls(8) for listing active jails.

o Add jexec(8) to execute a command in an existing jail.
o Add -j option for killall(1) to kill all processes in a specified
  jail.
o Add -i option to jail(8) to output jail ID of newly created jail.

usr.bin/killall/killall.1

@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd June 25, 1995
+.Dd April 8, 2003
 .Os
 .Dt KILLALL 1
 .Sh NAME
@@ -39,6 +39,7 @@
 .Op Fl m
 .Op Fl s
 .Op Fl z
+.Op Fl j Ar jid
 .Op Fl u Ar user
 .Op Fl t Ar tty
 .Op Fl c Ar procname
@@ -89,6 +90,9 @@ The signal may be specified either as a name
 (with or without a leading
 .Dv SIG ) ,
 or numerically.
+.It Fl j Ar jid
+Kill processes in the jail specified by
+.Ar jid .
 .It Fl u Ar user
 Limit potentially matching processes to those belonging to
 the specified
@@ -133,7 +137,8 @@ Diagnostic messages will only be printed if requested by
 options.
 .Sh SEE ALSO
 .Xr kill 1 ,
-.Xr sysctl 3
+.Xr sysctl 3 ,
+.Xr jail 8
 .Sh HISTORY
 The
 .Nm

usr.bin/killall/killall.c

@@ -29,6 +29,7 @@
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/jail.h>
 #include <sys/stat.h>
 #include <sys/user.h>
 #include <sys/sysctl.h>
@@ -49,7 +50,9 @@ static void __dead2
 usage(void)
 {
 
-	fprintf(stderr, "usage: killall [-l] [-v] [-m] [-sig] [-u user] [-t tty] [-c cmd] [cmd]...\n");
+	fprintf(stderr, "usage: killall [-l] [-v] [-m] [-sig] [-j jid]\n");
+	fprintf(stderr,
+	    "               [-u user] [-t tty] [-c cmd] [cmd]...\n");
 	fprintf(stderr, "At least one option or argument to specify processes must be given.\n");
 	exit(1);
 }
@@ -110,6 +113,7 @@ main(int ac, char **av)
 	int		vflag = 0;
 	int		sflag = 0;
 	int		dflag = 0;
+	int		jflag = 0;
 	int		mflag = 0;
 	int		zflag = 0;
 	uid_t		uid = 0;
@@ -122,6 +126,7 @@ main(int ac, char **av)
 	const char *const *p;
 	char		*ep;
 	int		errors = 0;
+	int		jid;
 	int		mib[4];
 	size_t		miblen;
 	int		st, nprocs;
@@ -142,6 +147,18 @@ main(int ac, char **av)
 		if (**av == '-') {
 			++*av;
 			switch (**av) {
+			case 'j':
+				++*av;
+				if (**av == '\0')
+					++av;
+				--ac;
+				jflag++;
+				jid = strtol(*av, &ep, 10);
+				if (!*av || *ep)
+					errx(1, "illegal jid: %s", *av);
+				if (jail_attach(jid) == -1)
+					err(1, "jail_attach(): %d", jid);
+				break;
 			case 'u':
 				++*av;
 				if (**av == '\0')
@@ -206,7 +223,7 @@ main(int ac, char **av)
 		}
 	}
 
-	if (user == NULL && tty == NULL && cmd == NULL && ac == 0)
+	if (user == NULL && tty == NULL && cmd == NULL && !jflag && ac == 0)
 		usage();
 
 	if (tty) {
@@ -324,6 +341,8 @@ main(int ac, char **av)
 					matched = 0;
 			}
 		}
+		if (jflag && thispid == getpid())
+			matched = 0;
 		if (matched == 0)
 			continue;
 		if (ac > 0)

usr.sbin/Makefile

@@ -45,6 +45,8 @@ SUBDIR=	IPXrouted \
 	inetd \
 	iostat \
 	jail \
+	jexec \
+	jls \
 	kbdcontrol \
 	kbdmap \
 	kernbb \

usr.sbin/jail/jail.8

@@ -33,7 +33,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 12, 2001
+.Dd April 8, 2003
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -41,6 +41,7 @@
 .Nd "imprison process and its descendants"
 .Sh SYNOPSIS
 .Nm
+.Op Fl i
 .Op Fl u Ar username
 .Ar path hostname ip-number command ...
 .Sh DESCRIPTION
@@ -50,6 +51,8 @@ utility imprisons a process and all future descendants.
 .Pp
 The options are as follows:
 .Bl -tag -width ".Fl u Ar username"
+.It Fl i
+Output the jail identifier of the newly created jail.
 .It Fl u Ar username
 The user name as whom the
 .Ar command
@@ -275,6 +278,9 @@ and other processes running within the jail using
 with the
 .Ql J
 flag appearing beside jailed processes.
+To see an active list of jails, use the
+.Xr jls 8
+utility.
 You should also be able to
 .Xr telnet 1
 to the hostname or IP address of the jailed environment, and log
@@ -304,12 +310,16 @@ Depending on
 the intended use of the jail, you may also want to run
 .Pa /etc/rc.shutdown
 from within the jail.
-Currently there is no way to insert new processes
-into a jail, so you must first log into the jail before performing these
-actions.
+To kill processes from outside the jail, use the
+.Xr jexec 8
+utility in conjuction with the one of the
+.Xr kill 1
+commands above, or use the
+.Xr killall 1
+utility with the
+.Fl j
+option.
 .Pp
-To kill processes from outside the jail, you must individually identify the
-PID of each process to be killed.
 The
 .Pa /proc/ Ns Ar pid Ns Pa /status
 file contains, as its last field, the hostname of the jail in which the
@@ -335,11 +345,6 @@ Just add the following line to
 .Pa /etc/sysctl.conf :
 .Pp
 .Dl security.jail.set_hostname_allowed=0
-.Pp
-In a future version of
-.Fx ,
-the mechanisms for managing jails will be
-more refined.
 .Ss "Sysctl MIB Entries"
 Certain aspects of the jail containments environment may be modified from
 the host environment using
@@ -388,15 +393,19 @@ As such, this functionality is disabled by default, but can be enabled
 by setting this MIB entry to 1.
 .El
 .Sh SEE ALSO
+.Xr killall 1 ,
 .Xr newaliases 1 ,
 .Xr ps 1 ,
 .Xr chroot 2 ,
 .Xr jail 2 ,
+.Xr jail_attach 2 ,
 .Xr procfs 5 ,
 .Xr rc.conf 5 ,
 .Xr sysctl.conf 5 ,
 .Xr halt 8 ,
 .Xr inetd 8 ,
+.Xr jexec 8 ,
+.Xr jls 8 ,
 .Xr mount_devfs 8 ,
 .Xr named 8 ,
 .Xr reboot 8 ,
@@ -423,8 +432,7 @@ who contributed it to
 wrote the extended documentation, found a few bugs, added
 a few new features, and cleaned up the userland jail environment.
 .Sh BUGS
-Jail currently lacks strong management functionality, such as the ability
-to deliver signals to all processes in a jail, and to allow access to
+Jail currently lacks the ability to allow access to
 specific jail information via
 .Xr ps 1
 as opposed to

usr.sbin/jail/jail.c

@@ -34,20 +34,24 @@ main(int argc, char **argv)
 	struct jail j;
 	struct passwd *pwd;
 	struct in_addr in;
-	int ch, groups[NGROUPS], ngroups;
+	int ch, groups[NGROUPS], i, iflag, ngroups;
 	char *username;
 
+	iflag = 0;
 	username = NULL;
 
-	while ((ch = getopt(argc, argv, "u:")) != -1)
+	while ((ch = getopt(argc, argv, "iu:")) != -1) {
 		switch (ch) {
+		case 'i':
+			iflag = 1;
+			break;
 		case 'u':
 			username = optarg;
 			break;
 		default:
 			usage();
-			break;
 		}
+	}
 	argc -= optind;
 	argv += optind;
 	if (argc < 4)
@@ -73,8 +77,11 @@ main(int argc, char **argv)
 	if (inet_aton(argv[2], &in) == 0)
 		errx(1, "Could not make sense of ip-number: %s", argv[2]);
 	j.ip_number = ntohl(in.s_addr);
-	if (jail(&j) != 0)
+	i = jail(&j);
+	if (i == -1)
 		err(1, "jail");
+	if (iflag)
+		printf("%d\n", i);
 	if (username != NULL) {
 		if (setgroups(ngroups, groups) != 0)
 			err(1, "setgroups");
@@ -87,14 +94,14 @@ main(int argc, char **argv)
 	}
 	if (execv(argv[3], argv + 3) != 0)
 		err(1, "execv: %s", argv[3]);
-	exit (0);
+	exit(0);
 }
 
 static void
 usage(void)
 {
 
-	(void)fprintf(stderr, "%s\n",
-	    "Usage: jail [-u username] path hostname ip-number command ...");
+	(void)fprintf(stderr,
+	"usage: jail [-i] [-u username] path hostname ip-number command ...\n");
 	exit(1);
 }

usr.sbin/jexec/Makefile

@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+PROG=	jexec
+MAN=	jexec.8
+WARNS?=	6
+
+.include <bsd.prog.mk>

usr.sbin/jexec/jexec.8

@@ -0,0 +1,52 @@
+.\"
+.\" Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd April 8, 2003
+.Dt JEXEC 8
+.Os
+.Sh NAME
+.Nm jexec
+.Nd "excute a command inside an existing jail"
+.Sh SYNOPSIS
+.Nm
+.Ar jid command ...
+.Sh DESCRIPTION
+The
+.Nm
+utility excutes
+.Ar command
+inside the jail identified by,
+.Ar jid.
+.Sh SEE ALSO
+.Xr jail_attach 2 ,
+.Xr jail 8 ,
+.Xr jls 8
+.Sh HISTORY
+The
+.Nm
+utility was added in
+.Fx 5.1 .

usr.sbin/jexec/jexec.c

@@ -0,0 +1,62 @@
+/*-
+ * Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/jail.h>
+
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+static void	usage(void);
+
+int
+main(int argc, char *argv[])
+{
+	int jid;
+
+	if (argc < 3)
+		usage();
+	jid = (int)strtol(argv[1], NULL, 10);
+	if (jail_attach(jid) == -1)
+		err(1, "jail_attach(): %d", jid);
+	if (chdir("/") == -1)
+		err(1, "chdir(): /");
+	if (execv(argv[2], argv + 2) == -1)
+		err(1, "execv(): %s", argv[2]);
+	exit(0);
+}
+
+static void
+usage(void)
+{
+
+	fprintf(stderr, "usage: jexec jid command [...]\n");
+	exit(1); 
+}

usr.sbin/jls/Makefile

@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+PROG=	jls
+MAN=	jls.8
+WARNS?=	6
+
+.include <bsd.prog.mk>

usr.sbin/jls/jls.8

@@ -0,0 +1,50 @@
+.\"
+.\" Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org>
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd April 8, 2003
+.Dt JLS 8
+.Os
+.Sh NAME
+.Nm jls
+.Nd "list active jails"
+.Sh SYNOPSIS
+.Nm
+.Sh DESCRIPTION
+The
+.Nm
+utility lists all active jails.
+Each jail is represented by one row which contains the following columns:
+jail identifier (JID), IP address, hostname, and path.
+.Sh SEE ALSO
+.Xr jail 2 ,
+.Xr jail 8 ,
+.Xr jexec 8
+.Sh HISTORY
+The
+.Nm
+utility was added in
+.Fx 5.1 .

usr.sbin/jls/jls.c

@@ -0,0 +1,77 @@
+/*-
+ * Copyright (c) 2003 Mike Barcroft <mike@FreeBSD.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+#include <sys/param.h>
+#include <sys/jail.h>
+#include <sys/sysctl.h>
+
+#include <arpa/inet.h>
+#include <err.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+
+int
+main(void)
+{ 
+	struct xprison *sxp, *xp;
+	struct in_addr in;
+	size_t i, len;
+
+	if (sysctlbyname("security.jail.list", NULL, &len, NULL, 0) == -1)
+		err(1, "sysctlbyname(): security.jail.list");
+retry:
+	if (len <= 0)
+		exit(0);	
+	sxp = xp = calloc(len, 1);
+	if (sxp == NULL)
+		err(1, "malloc()");
+
+	if (sysctlbyname("security.jail.list", xp, &len, NULL, 0) == -1) {
+		if (errno == ENOMEM) {
+			free(sxp);
+			goto retry;
+		}
+		err(1, "sysctlbyname(): security.jail.list", NULL);
+	}
+	if (len < sizeof(*xp) || len % sizeof(*xp) ||
+	    xp->pr_version != XPRISON_VERSION)
+		errx(1, "Kernel and userland out of sync");
+
+	printf("   JID  IP Address   Hostname                      Path\n");
+	for (i = 0; i < len / sizeof(*xp); i++) {
+		in.s_addr = ntohl(xp->pr_ip);
+		printf("%6d  %-12.12s %-29.29s %.77s\n",
+		    xp->pr_id, inet_ntoa(in), xp->pr_host, xp->pr_path);
+		xp++;
+	}
+	free(sxp);
+	exit(0);
+}