Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab. Also fix a typo while I'm at it. PR: 197237 197066 MFC after: 3 days
This commit is contained in:
parent
92847ee1f3
commit
07a7869fb2
@ -28,7 +28,7 @@ extra_commands="config console status"
|
||||
|
||||
need_dad_wait=
|
||||
|
||||
# extact_var jail name param num defval
|
||||
# extract_var jail name param num defval
|
||||
# Extract value from ${jail_$jail_$name} or ${jail_$name} and
|
||||
# set it to $param. If not defined, $defval is used.
|
||||
# When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and
|
||||
@ -233,8 +233,7 @@ parse_options()
|
||||
fi
|
||||
eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}}
|
||||
if checkyesno jail_${_j}_procfs_enable; then
|
||||
echo " mount += " \
|
||||
"\"procfs ${_rootdir%/}/proc procfs rw 0 0\";"
|
||||
echo " mount.procfs;"
|
||||
fi
|
||||
|
||||
eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}}
|
||||
|
@ -112,6 +112,12 @@ next_command(struct cfjail *j)
|
||||
if (!bool_param(j->intparams[IP_MOUNT_FDESCFS]))
|
||||
continue;
|
||||
j->comstring = &dummystring;
|
||||
break;
|
||||
case IP_MOUNT_PROCFS:
|
||||
if (!bool_param(j->intparams[IP_MOUNT_PROCFS]))
|
||||
continue;
|
||||
j->comstring = &dummystring;
|
||||
break;
|
||||
case IP__OP:
|
||||
case IP_STOP_TIMEOUT:
|
||||
j->comstring = &dummystring;
|
||||
@ -528,6 +534,32 @@ run_command(struct cfjail *j)
|
||||
}
|
||||
break;
|
||||
|
||||
case IP_MOUNT_PROCFS:
|
||||
argv = alloca(7 * sizeof(char *));
|
||||
path = string_param(j->intparams[KP_PATH]);
|
||||
if (path == NULL) {
|
||||
jail_warnx(j, "mount.procfs: no path");
|
||||
return -1;
|
||||
}
|
||||
devpath = alloca(strlen(path) + 6);
|
||||
sprintf(devpath, "%s/proc", path);
|
||||
if (check_path(j, "mount.procfs", devpath, 0,
|
||||
down ? "procfs" : NULL) < 0)
|
||||
return -1;
|
||||
if (down) {
|
||||
argv[0] = "/sbin/umount";
|
||||
argv[1] = devpath;
|
||||
argv[2] = NULL;
|
||||
} else {
|
||||
argv[0] = _PATH_MOUNT;
|
||||
argv[1] = "-t";
|
||||
argv[2] = "procfs";
|
||||
argv[3] = ".";
|
||||
argv[4] = devpath;
|
||||
argv[5] = NULL;
|
||||
}
|
||||
break;
|
||||
|
||||
case IP_COMMAND:
|
||||
if (j->name != NULL)
|
||||
goto default_command;
|
||||
|
@ -84,6 +84,7 @@ static const struct ipspec intparams[] = {
|
||||
[IP_MOUNT] = {"mount", PF_INTERNAL | PF_REV},
|
||||
[IP_MOUNT_DEVFS] = {"mount.devfs", PF_INTERNAL | PF_BOOL},
|
||||
[IP_MOUNT_FDESCFS] = {"mount.fdescfs", PF_INTERNAL | PF_BOOL},
|
||||
[IP_MOUNT_PROCFS] = {"mount.procfs", PF_INTERNAL | PF_BOOL},
|
||||
[IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL},
|
||||
[IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT},
|
||||
[IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL},
|
||||
|
@ -25,7 +25,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd January 28, 2015
|
||||
.Dd February 6, 2015
|
||||
.Dt JAIL 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -753,6 +753,12 @@ Mount a
|
||||
filesystem on the chrooted
|
||||
.Pa /dev/fd
|
||||
directory.
|
||||
.It Va mount.procfs
|
||||
Mount a
|
||||
.Xr procfs 5
|
||||
filesystem on the chrooted
|
||||
.Pa /proc
|
||||
directory.
|
||||
.It Va allow.dying
|
||||
Allow making changes to a
|
||||
.Va dying
|
||||
@ -1207,6 +1213,7 @@ environment of the first jail.
|
||||
.Xr jls 8 ,
|
||||
.Xr mount 8 ,
|
||||
.Xr named 8 ,
|
||||
.Xr procfs 5 ,
|
||||
.Xr reboot 8 ,
|
||||
.Xr rpcbind 8 ,
|
||||
.Xr sendmail 8 ,
|
||||
|
@ -93,6 +93,7 @@ static const enum intparam startcommands[] = {
|
||||
IP__MOUNT_FROM_FSTAB,
|
||||
IP_MOUNT_DEVFS,
|
||||
IP_MOUNT_FDESCFS,
|
||||
IP_MOUNT_PROCFS,
|
||||
IP_EXEC_PRESTART,
|
||||
IP__OP,
|
||||
IP_VNET_INTERFACE,
|
||||
@ -109,6 +110,7 @@ static const enum intparam stopcommands[] = {
|
||||
IP_STOP_TIMEOUT,
|
||||
IP__OP,
|
||||
IP_EXEC_POSTSTOP,
|
||||
IP_MOUNT_PROCFS,
|
||||
IP_MOUNT_FDESCFS,
|
||||
IP_MOUNT_DEVFS,
|
||||
IP__MOUNT_FROM_FSTAB,
|
||||
|
@ -96,6 +96,7 @@ enum intparam {
|
||||
IP_MOUNT, /* Mount points in fstab(5) form */
|
||||
IP_MOUNT_DEVFS, /* Mount /dev under prison root */
|
||||
IP_MOUNT_FDESCFS, /* Mount /dev/fd under prison root */
|
||||
IP_MOUNT_PROCFS, /* Mount /proc under prison root */
|
||||
IP_MOUNT_FSTAB, /* A standard fstab(5) file */
|
||||
IP_STOP_TIMEOUT, /* Time to wait after sending SIGTERM */
|
||||
IP_VNET_INTERFACE, /* Assign interface(s) to vnet jail */
|
||||
|
Loading…
Reference in New Issue
Block a user