Commit Graph

37 Commits

Author SHA1 Message Date
Kyle Evans
466df976ba jail(8): reset to root cpuset before attaching to run commands
Recent changes have made it such that attaching to a jail will augment
the attaching process' cpu mask with the jail's cpuset. While this is
convenient for allowing the administrator to cpuset arbitrary programs
that will attach to a jail, this is decidedly not convenient for
executing long-running daemons during jail creation.

This change inserts a reset of the process cpuset to the root cpuset
between the fork and attach to execute a command. This allows commands
executed to have the widest mask possible, and the administrator can
cpuset(1) it back down inside the jail as needed.

With this applied, one should be able to change a jail's cpuset at
exec.poststart in addition to exec.created.  The former was made
difficult if jail(8) itself was running with a constrained set, as then
some processes may have been spawned inside the jail with a non-root
set.  The latter is the preferred option so that processes starting in
the jail are constrained appropriately up front.

Note that all system commands are still run with the process' initial
cpuset applied.

PR:		253724
MFC after:	3 days
Reviewed by:	jamie
Differential Revision:	https://reviews.freebsd.org/D29008
2021-03-04 13:28:53 -06:00
Ryan Moeller
66005c453d jail: Add exec.prepare and exec.release command hooks
This change introduces new jail command hooks that run before and after any
other actions.

The exec.prepare hook can be used for example to invoke a script that checks
if the jail's root exists, creating it if it does not. Since arbitrary
variables in jail.conf can be passed to the command, it can be pretty useful
for templating jails.

An example use case for exec.release would be to remove the filesystem of an
ephemeral jail.

The names "prepare" and "release" are borrowed from the names of similar hooks
in libvirt.

Reviewed by:	jamie, manpages, mmacy
Approved by:	mmacy (mentor)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D24829
2020-05-14 23:38:11 +00:00
Dmitry Morozovsky
be659d72bb Clarify error messages a bit.
X-Found-With:	r343112
MFC after:	1 month
2019-01-18 23:00:52 +00:00
Eugene Grosbein
bd24e861b4 jail(8): stop crashing with SIGSEGV inside run_command() function
while processing not entirely correct jail.conf(5) file
having something like "ip4.addr = 127.0.0.1;" and no "ip4 = ...;"
so extrap variable stays NULL.

Reported by:	marck
MFC after:	1 month
2019-01-17 14:09:55 +00:00
Alexander Leidinger
f6c0e63bf7 - Add exec hook "exec.created". This is called when the jail is
created and before exec.start is called.			[1]
- Bump __FreeBSD_version.

This allows to attach ZFS datasets and various other things to be
done before any command/service/rc-script is started in the new
jail.

PR:			228066					[1]
Reviewed by:		jamie					[1]
Submitted by:		Stefan Grönke <stefan@gronke.net>	[1]
Differential Revision:	https://reviews.freebsd.org/D15330	[1]
2018-08-15 18:35:42 +00:00
Pedro F. Giffuni
1de7b4b805 various: general adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
2017-11-27 15:37:16 +00:00
Ed Maste
72130735d8 Strip EOL whitespace in usr.sbin/{jail,jexec} 2017-11-10 14:53:16 +00:00
Jamie Gritton
4c86c0fa98 Fix up the order in which jail creation processes are run, to preserve
the config file's order in the non-parallel-start case.

PR:		209112
MFC after:	3 days
2016-07-14 20:15:55 +00:00
Jamie Gritton
a99d821068 Make jail(8) interpret escape codes in fstab the same as getfsent(3).
PR:		208663
MFC after:	3 days
2016-04-25 03:24:48 +00:00
Jamie Gritton
fcc43d065a Clear errno before calling getpw*. 2016-01-16 18:13:28 +00:00
Eitan Adler
463a577b27 Fix a ton of speelling errors
arc lint is helpful

Reviewed By: allanjude, wblock, #manpages, chris@bsdjunk.com
Differential Revision: https://reviews.freebsd.org/D3337
2015-10-21 05:37:09 +00:00
Jamie Gritton
07a7869fb2 Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.

Also fix a typo while I'm at it.

PR:		197237 197066
MFC after:	3 days
2015-02-06 17:54:53 +00:00
Jamie Gritton
eb28afe422 Setgid before running a command as a specified user. Previously only
initgroups(3) was called, what isn't quite enough.  This brings jail(8)
in line with jexec(8), which was already doing the right thing.

PR:		195984
MFC after:	1 week
2014-12-18 18:10:39 +00:00
Jamie Gritton
d031802b05 In preparation for using clang's -Wcast-qual:
Use __DECONST (instead of my own attempted re-invention) for the iov
parameters to jail_get/set(2).  Similarly remove the decost-ish hack
from execvp's argv, except the __DECONST is only added at very end.

While I'm at it, remove an unused variable and fix a comment typo.
2014-11-25 21:01:08 +00:00
Steven Hartland
b22b6abd34 Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be  used in jails e.g.
ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"

Before this change using exec.prestart to configure a CARP address
would result in the wrong MAC being broadcast on startup as jail creates
IP aliases to support ip[4|6].addr before exec.prestart is executed.

PR:		191832
Reviewed by:	jamie
MFC after:	1 week
X-MFC-With:	r269340
Phabric:	D528
Sponsored by:	Multiplay
2014-08-04 16:32:08 +00:00
Hiroki Sato
fbd868c9d8 - Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs.  The mount happens just after
  mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
  fails to start.

Approved by:	re (gjb)
2013-10-12 17:27:59 +00:00
Jamie Gritton
bea2eefca4 Reverse the order of some implicit commands (FS mounts and ifconfigs)
when stopping jails.  This matters particularly for nested filesystem
mounts.

PR:		kern/177325
Submitted by:	Harald Schmalzbauer
MFC after:	3 days
2013-03-28 21:02:49 +00:00
Jamie Gritton
e593549587 Handle (ignore) when a process disappears before it can be tracked. 2013-02-14 19:27:52 +00:00
Jamie Gritton
a6486f6008 When writing the jid via the -i flag, do it right when the jail is created,
before any commands run.  /etc/rc.d/jail depends on this.
2012-05-28 20:44:11 +00:00
Jamie Gritton
8632fa3e92 Don't try to set a null TERM environment.
Submitted by:	Mateusz Guzik <mjguzik gmail.com>
2012-05-25 00:38:06 +00:00
Jamie Gritton
6fcbac3cd5 Add a meta-parameter IP__NULL to enum intparam, instead of mixing
enum values and zeroes.  This keeps clang happy (and is just good form).

Submitted by:	dim
2012-05-03 21:39:23 +00:00
Jamie Gritton
0c4d49e94a Use the defvs_ruleset paramater when mounting a jail's /dev,
instead of a mount.devfs.ruleset pseudo-parameter.
2012-02-27 22:37:35 +00:00
Jamie Gritton
1ca35de448 Improvements in error messages:
Some errors printed the jail name for unnamed (command line) jails.

Attempting to create an already-existing jail from the command line
returned with no error (even for non-root) due to bad logic in
start_state.

Ignore kvm_proc errors, which are typically caused by permission
problems.  Instead, stop ignoring permission errors when removing
a jail (but continue to silently ignore other errors, i.e. the
jail no longer existing).  This makes non-root attempts at removing
a jail give a clearer error message.
2012-02-08 23:51:46 +00:00
Jamie Gritton
eadec913d9 Don't report errors for the exit status of processes that are killed
as part of jail removal (IP_STOP_TIMEOUT).

Note a jail as "removed" even if it wasn't jail_remove() that did
the deed, e.g. if it already went away because all its processes
were killed.
2011-07-06 21:49:56 +00:00
Jamie Gritton
600802304e Advance to the next command before running anything, so errors found in
finish_command can be processed properly.
Call failed() once in next_command() instead of multiple times in
 run_command().
Continue processing commands when a no-wait operation (IP__OP or background
 command) succeeds.
2011-06-22 21:18:37 +00:00
Jamie Gritton
c6eff841df Fix a couple of NULL dereferences. 2011-06-21 19:13:48 +00:00
Jamie Gritton
5fb611c2bf Following r222465:
Check for IPv4 or IPv6 to be available by the kernel to not
  provoke errors trying to query options not available.
  Make it possible to compile out INET or INET6 only parts.
2011-06-20 23:04:13 +00:00
Jamie Gritton
e16fb8fba8 Linty stuff. 2011-06-20 07:58:44 +00:00
Jamie Gritton
2b00f7ba65 Move the actual create/remove (IP__OP) handling into run_command,
and the cost of an ugly single-use global variable.
2011-06-18 15:23:08 +00:00
Jamie Gritton
d8352076b1 Update copyright dates and other whitespacey stuff. 2011-06-17 16:21:03 +00:00
Jamie Gritton
3b40332c44 Split run_command up into an outer function (next_command) that chooses
a single command string to run, and an inner function (run_command) that
 runs that single string.
Move the list of start/stop commands to run from a switch statement into
 an array, with a new placeholder parameter IP__OP for actually creating
 or removing the jail.
When jail creation fails, revert all non-exec commands in reverse order.
2011-06-17 16:18:44 +00:00
Jamie Gritton
2a194551a7 Change cfstrings from an STAILQ into a TAILQ to allow commands to be
traversed in reverse order.
2011-06-17 16:06:13 +00:00
Jamie Gritton
aa02af5404 run_command (mostly) cleanup:
Make the parallelism limit a global instead of always passing it
 to run_command and finish_command.
In the case of an empty command string, try to run any other strings
 the command may have.
Replace JF_BACKGROUND with its sort-of opposite JF_SLEEPQ.
Change j->comstring earlier to render JF_RUNQ unncessary.
Change the if-else series to a more readable switch statement.
Treat IP_STOP_TIMEOUT like a command, calling run_command which then
 calls term_procs.
When the IP_STOP_TIMEOUT "command" finishes, it shouldn't mess with
 the parallelism limit.
Make sufficient checks in finish_command and run_command so that
 the nonintuitive j->comstring null check isn't necessary to run them.
Rename the "waiting" queue to "depend", because the "sleeping" and
 "runnable" queues are also used to wait for something.
2010-12-10 23:57:55 +00:00
Jamie Gritton
5264032f22 Check unmounts for a mount point of the right FS type. 2010-11-04 19:32:32 +00:00
Jamie Gritton
8ebbf0e287 Check paths for security:
path must be absolute.
 mount paths must exist and have no symlinks beyond the jail's path itself.
 consolelog must exist (apart from the final component) and have no
  symlinks beyond the jail's path itself.
2010-11-04 18:40:29 +00:00
Jamie Gritton
52a4962202 Reads the mount.fstab file, and put its lines separately into the
IP__MOUNT_FROM_FSTAB internal parameter.
2010-11-04 17:01:21 +00:00
Jamie Gritton
2671ee736f Initial work on the new jail(8). There are more features to add, and some
cleaning up to do on existing features, but this is pretty much what the
final product will look like.
2010-10-20 20:42:33 +00:00