service(8): Add support for interfacing with services in jails

Provide a -j option that can take a jail name or id. If -j is specified, check that the jail exists and proxy the service request through to service(8) in the jail. This allows for cleaner workflows when updating services in a jail, turning the following: pkg -j dns upgrade jexec dns service named restart into: pkg -j dns upgrade service -j dns named restart PR: 223325 Submitted by: David O'Rourke (with slight changes) MFC after: 2 weeks
2018-01-15 22:24:11 +00:00 · 2018-01-15 22:24:11 +00:00 · 65136f65bd
commit 65136f65bd
parent 082f2fb1a6
2 changed files with 44 additions and 6 deletions
--- a/usr.sbin/service/service.8
+++ b/usr.sbin/service/service.8
@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 11, 2012
+.Dd January 15, 2018
 .Dt SERVICE 8
 .Os
 .Sh NAME
@ -32,13 +32,17 @@
 .Nd "control (start/stop/etc.) or list system services"
 .Sh SYNOPSIS
 .Nm
+.Op Fl j Ao jail name or id Ac
 .Fl e
 .Nm
+.Op Fl j Ao jail name or id Ac
 .Fl R
 .Nm
+.Op Fl j Ao jail name or id Ac
 .Op Fl v
 .Fl l | r
 .Nm
+.Op Fl j Ao jail name or id Ac
 .Op Fl v
 .Ar <rc.d script> start|stop|etc.
 .Sh DESCRIPTION
@ -54,6 +58,8 @@ the scripts using various criteria.
 .Pp
 The options are as follows:
 .Bl -tag -width F1
+.It Fl j Ao jail name or id Ac
+Perform the given actions under the named jail.
 .It Fl e
 List services that are enabled.
 The list of scripts to check is compiled using
@ -107,6 +113,7 @@ The following are examples of typical usage of the
 command:
 .Pp
 .Dl "service named status"
+.Dl "service -j dns named status"
 .Dl "service -rv"
 .Pp
 The following programmable completion entry can be use in
--- a/usr.sbin/service/service.sh
+++ b/usr.sbin/service/service.sh
@ -34,12 +34,13 @@ load_rc_config 'XXX'
 usage () {
 	echo ''
 	echo 'Usage:'
-	echo "${0##*/} -e"
-	echo "${0##*/} -R"
-	echo "${0##*/} [-v] -l | -r"
-	echo "${0##*/} [-v] <rc.d script> start|stop|etc."
+	echo "${0##*/} [-j <jail name or id>] -e"
+	echo "${0##*/} [-j <jail name or id>] -R"
+	echo "${0##*/} [-j <jail name or id>] [-v] -l | -r"
+	echo "${0##*/} [-j <jail name or id>] [-v] <rc.d script> start|stop|etc."
 	echo "${0##*/} -h"
 	echo ''
+	echo "-j	Perform actions within the named jail"
 	echo '-e	Show services that are enabled'
 	echo "-R	Stop and start enabled $local_startup services"
 	echo "-l	List all scripts in /etc/rc.d and $local_startup"
@ -48,7 +49,37 @@ usage () {
 	echo ''
 }

-while getopts 'ehlrRv' COMMAND_LINE_ARGUMENT ; do
+accepted_argstr='jehlrRv'
+
+# Only deal with the -j option here. If found, JAIL is set and the opt and
+# arg are shifted out. OPTIND is left untouched. We strip the -j option out
+# here because we'll be proxying this invocation through to the jail via
+# jls(8) instead of handling it ourselves.
+while getopts ${accepted_argstr} COMMAND_LINE_ARGUMENT ; do
+	case "${COMMAND_LINE_ARGUMENT}" in
+	j)	JAIL="$2" ; shift ; shift ;;
+	esac
+done
+
+# If -j was provided, then we pass everthing along to the jexec command
+# and execute `service` within the named JAIL. Provided that the jail
+# actually exists, as checked by `jls`.
+# We do this so that if the jail does exist, we can then return the exit
+# code of `jexec` and it should be the exit code of whatever ran in the jail.
+# There is a race condition here in that the jail might exist at `jls` time
+# and be gone by `jexec` time, but it shouldn't be a big deal.
+if [ -n "$JAIL" ]; then
+	/usr/sbin/jls -j "$JAIL" 2>/dev/null >/dev/null
+	if [ $? -ne 0 ]; then
+		echo "Jail '$JAIL' does not exist."
+		exit 1
+	fi
+
+	/usr/sbin/jexec -l "$JAIL" /usr/sbin/service $*
+	exit $?
+fi
+
+while getopts ${accepted_argstr} COMMAND_LINE_ARGUMENT ; do
 	case "${COMMAND_LINE_ARGUMENT}" in
 	e)	ENABLED=eopt ;;
 	h)	usage ; exit 0 ;;