Use __DECONST (instead of my own attempted re-invention) for the iov
parameters to jail_get/set(2). Similarly remove the decost-ish hack
from execvp's argv, except the __DECONST is only added at very end.
While I'm at it, remove an unused variable and fix a comment typo.
mount.devfs but mounts fdescfs. The mount happens just after
mount.devfs.
- rc.d/jail now displays whole error message from jail(8) when a jail
fails to start.
Approved by: re (gjb)
command line options. The "jail_<jname>_*" rc.conf(5) variables for
per-jail configuration are automatically converted to
/var/run/jail.<jname>.conf before the jail(8) utility is invoked.
This is transparently backward compatible.
- Fix a minor bug in jail(8) which prevented it from returning false
when jail -r failed.
Approved by: re (glebius)
properly parsed for interface prefixes and netmask suffixes. This was
already done for the old-style (fixed) command line, but missed for
the new-style.
MFC after: 1 week
Some errors printed the jail name for unnamed (command line) jails.
Attempting to create an already-existing jail from the command line
returned with no error (even for non-root) due to bad logic in
start_state.
Ignore kvm_proc errors, which are typically caused by permission
problems. Instead, stop ignoring permission errors when removing
a jail (but continue to silently ignore other errors, i.e. the
jail no longer existing). This makes non-root attempts at removing
a jail give a clearer error message.
jail(8) does a chdir(2) to the given path argument. Kernel evaluates the
jail path from the new cwd and not from the original cwd, which leads to
undesired behavior if given a relative path.
Reviewed by: jamie
MFC after: 2 weeks
finish_command can be processed properly.
Call failed() once in next_command() instead of multiple times in
run_command().
Continue processing commands when a no-wait operation (IP__OP or background
command) succeeds.
Check for IPv4 or IPv6 to be available by the kernel to not
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.
a single command string to run, and an inner function (run_command) that
runs that single string.
Move the list of start/stop commands to run from a switch statement into
an array, with a new placeholder parameter IP__OP for actually creating
or removing the jail.
When jail creation fails, revert all non-exec commands in reverse order.
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.
Reviewed by: jamie
Sponsored by: The FreeBSD Foundation
Sponsored by: iXsystems
MFC after: 10 days
Make the parallelism limit a global instead of always passing it
to run_command and finish_command.
In the case of an empty command string, try to run any other strings
the command may have.
Replace JF_BACKGROUND with its sort-of opposite JF_SLEEPQ.
Change j->comstring earlier to render JF_RUNQ unncessary.
Change the if-else series to a more readable switch statement.
Treat IP_STOP_TIMEOUT like a command, calling run_command which then
calls term_procs.
When the IP_STOP_TIMEOUT "command" finishes, it shouldn't mess with
the parallelism limit.
Make sufficient checks in finish_command and run_command so that
the nonintuitive j->comstring null check isn't necessary to run them.
Rename the "waiting" queue to "depend", because the "sleeping" and
"runnable" queues are also used to wait for something.
path must be absolute.
mount paths must exist and have no symlinks beyond the jail's path itself.
consolelog must exist (apart from the final component) and have no
symlinks beyond the jail's path itself.
the jail(8) command. [10:04]
Fix a one-NUL-byte buffer overflow in libopie. [10:05]
Correctly sanity-check a buffer length in nfs mount. [10:06]
Approved by: so (cperciva)
Approved by: re (kensmith)
Security: FreeBSD-SA-10:04.jail
Security: FreeBSD-SA-10:05.opie
Security: FreeBSD-SA-10:06.nfsclient
parameter unless a (numeric) IPv6 address is given. Even the default
binaries built with -DINET6 will work with IPv6-less kernels. With an
eye to the future, similarly handle the possibility of an IPv4-less kernel.
Approved by: re (kib), bz (mentor)
system callers of getgroups(), getgrouplist(), and setgroups() to
allocate buffers dynamically. Specifically, allocate a buffer of size
sysconf(_SC_NGROUPS_MAX)+1 (+2 in a few cases to allow for overflow).
This (or similar gymnastics) is required for the code to actually follow
the POSIX.1-2008 specification where {NGROUPS_MAX} may differ at runtime
and where getgroups may return {NGROUPS_MAX}+1 results on systems like
FreeBSD which include the primary group.
In id(1), don't pointlessly add the primary group to the list of all
groups, it is always the first result from getgroups(). In principle
the old code was more portable, but this was only done in one of the two
places where getgroups() was called to the overall effect was pointless.
Document the actual POSIX requirements in the getgroups(2) and
setgroups(2) manpages. We do not yet support a dynamic NGROUPS, but we
may in the future.
MFC after: 2 weeks
and jail_get(2). Jail(8) can now create jails using a "name=value"
format instead of just specifying a limited set of fixed parameters; it
can also modify parameters of existing jails. Jls(8) can display all
parameters of jails, or a specified set of parameters. The available
parameters are gathered from the kernel, and not hard-coded into these
programs.
Small patches on killall(1) and jexec(8) to support jail names with
jail_get(2).
Approved by: bz (mentor)
Bring in updated jail support from bz_jail branch.
This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..
SCTP support was updated and supports IPv6 in jails as well.
Cpuset support permits jails to be bound to specific processor
sets after creation.
Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.
DDB 'show jails' command was added to aid debugging.
Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.
Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.
Bump __FreeBSD_version for the afore mentioned and in kernel changes.
Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
on cluster machines as well as all the testers and people
who provided feedback the last months on freebsd-jail and
other channels.
- My employer, CK Software GmbH, for the support so I could work on this.
Reviewed by: (see above)
MFC after: 3 months (this is just so that I get the mail)
X-MFC Before: 7.2-RELEASE if possible
containing the jailid, path, hostname, ip and the command used to start
the jail.
PR: misc/89883
Submitted by: L. Jason Godsey <lannygodsey -at- yahoo.com>
Reviewed by: phk
MFC after: 1 week
hence bump it to 6.
Note that the last commit message was not quite accurate. While the
assumption exists in the code, it's not possible to have an
uninitialized p there because if lflag is set when username is NULL
then execution would be terminated earlier.
seeing status of mounted file system for jailed processes.
Pass full path of jail's root directory to the kernel. mount(8) utility is
doing the same thing already.
o getpwnam(3) returns NULL and does not set errno when the user does
not exist. Bail out with "no such user" instead of "Unknown error: 0".
PR: bin/67262
Submitted by: demon (-U flag)
MFC after: 3 weeks
o Add jexec(8) to execute a command in an existing jail.
o Add -j option for killall(1) to kill all processes in a specified
jail.
o Add -i option to jail(8) to output jail ID of newly created jail.
