From 0eb6603f6b2c6fd77f8b38d61c65a730656341fa Mon Sep 17 00:00:00 2001
From: Jamie Gritton <jamie@FreeBSD.org>
Date: Thu, 27 Aug 2020 17:04:55 +0000
Subject: [PATCH] Disregard jails in jail.conf that have bad parameters
 (parameter/variable clash, or redefining name/jid).  The current behvaior, of
 merely warning and moving on, can lead to unexpected behavior when a jail is
 created without the offending parameter defined at all.

---
 usr.sbin/jail/config.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c
index e81128ff1b93..e6ebc585bcd7 100644
--- a/usr.sbin/jail/config.c
+++ b/usr.sbin/jail/config.c
@@ -369,11 +369,13 @@ add_param(struct cfjail *j, const struct cfparam *p, enum intparam ipnum,
 		if ((flags ^ dp->flags) & PF_VAR) {
 			jail_warnx(j, "variable \"$%s\" cannot have the same "
 			    "name as a parameter.", name);
+			j->flags |= JF_FAILED;
 			return;
 		}
 		if (dp->flags & PF_IMMUTABLE) {
 			jail_warnx(j, "cannot redefine parameter \"%s\".",
 			    dp->name);
+			j->flags |= JF_FAILED;
 			return;
 		}
 		if (strcmp(dp->name, name)) {
@@ -405,6 +407,7 @@ add_param(struct cfjail *j, const struct cfparam *p, enum intparam ipnum,
 						    "cannot have the same "
 						    "name as a parameter.",
 						    name);
+						j->flags |= JF_FAILED;
 						return;
 					}
 					j->intparams[ipnum] = np;