Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
sockstat(1), ugidfw(8) These are the last of the jail-aware userland utilities that didn't work with names. PR: 229266 MFC after: 3 days Differential Revision: D16047
This commit is contained in:
parent
6f2eb073ec
commit
95deb222cf
@ -34,9 +34,11 @@
|
||||
*/
|
||||
#include <sys/param.h>
|
||||
#include <sys/errno.h>
|
||||
#include <sys/jail.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sys/ucred.h>
|
||||
#include <sys/uio.h>
|
||||
#include <sys/mount.h>
|
||||
|
||||
#include <security/mac_bsdextended/mac_bsdextended.h>
|
||||
@ -599,17 +601,46 @@ bsde_parse_gidrange(char *spec, gid_t *min, gid_t *max,
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
bsde_get_jailid(const char *name, size_t buflen, char *errstr)
|
||||
{
|
||||
char *ep;
|
||||
int jid;
|
||||
struct iovec jiov[4];
|
||||
|
||||
/* Copy jail_getid(3) instead of messing with library dependancies */
|
||||
jid = strtoul(name, &ep, 10);
|
||||
if (*name && !*ep)
|
||||
return jid;
|
||||
jiov[0].iov_base = __DECONST(char *, "name");
|
||||
jiov[0].iov_len = sizeof("name");
|
||||
jiov[1].iov_len = strlen(name) + 1;
|
||||
jiov[1].iov_base = alloca(jiov[1].iov_len);
|
||||
strcpy(jiov[1].iov_base, name);
|
||||
if (errstr && buflen) {
|
||||
jiov[2].iov_base = __DECONST(char *, "errmsg");
|
||||
jiov[2].iov_len = sizeof("errmsg");
|
||||
jiov[3].iov_base = errstr;
|
||||
jiov[3].iov_len = buflen;
|
||||
errstr[0] = 0;
|
||||
jid = jail_get(jiov, 4, 0);
|
||||
if (jid < 0 && !errstr[0])
|
||||
snprintf(errstr, buflen, "jail_get: %s",
|
||||
strerror(errno));
|
||||
} else
|
||||
jid = jail_get(jiov, 2, 0);
|
||||
return jid;
|
||||
}
|
||||
|
||||
static int
|
||||
bsde_parse_subject(int argc, char *argv[],
|
||||
struct mac_bsdextended_subject *subject, size_t buflen, char *errstr)
|
||||
{
|
||||
int not_seen, flags;
|
||||
int current, neg, nextnot;
|
||||
char *endp;
|
||||
uid_t uid_min, uid_max;
|
||||
gid_t gid_min, gid_max;
|
||||
int jid = 0;
|
||||
long value;
|
||||
|
||||
current = 0;
|
||||
flags = 0;
|
||||
@ -668,13 +699,9 @@ bsde_parse_subject(int argc, char *argv[],
|
||||
snprintf(errstr, buflen, "one jail only");
|
||||
return (-1);
|
||||
}
|
||||
value = strtol(argv[current+1], &endp, 10);
|
||||
if (*endp != '\0') {
|
||||
snprintf(errstr, buflen, "invalid jid: '%s'",
|
||||
argv[current+1]);
|
||||
jid = bsde_get_jailid(argv[current+1], buflen, errstr);
|
||||
if (jid < 0)
|
||||
return (-1);
|
||||
}
|
||||
jid = value;
|
||||
flags |= MBS_PRISON_DEFINED;
|
||||
if (nextnot) {
|
||||
neg ^= MBS_PRISON_DEFINED;
|
||||
|
@ -13,7 +13,7 @@ SRCS+= altq.c
|
||||
CFLAGS+=-DPF
|
||||
.endif
|
||||
|
||||
LIBADD= util
|
||||
LIBADD= jail util
|
||||
MAN= ipfw.8
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
|
@ -1,7 +1,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd June 28, 2018
|
||||
.Dd July 3, 2018
|
||||
.Dt IPFW 8
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -1535,10 +1535,10 @@ Matches all TCP or UDP packets sent by or received for a
|
||||
A
|
||||
.Ar group
|
||||
may be specified by name or number.
|
||||
.It Cm jail Ar prisonID
|
||||
.It Cm jail Ar jail
|
||||
Matches all TCP or UDP packets sent by or received for the
|
||||
jail whos prison ID is
|
||||
.Ar prisonID .
|
||||
jail whose ID or name is
|
||||
.Ar jail .
|
||||
.It Cm icmptypes Ar types
|
||||
Matches ICMP packets whose ICMP type is in the list
|
||||
.Ar types .
|
||||
|
@ -32,6 +32,7 @@
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <grp.h>
|
||||
#include <jail.h>
|
||||
#include <netdb.h>
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
@ -4581,13 +4582,12 @@ compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate)
|
||||
case TOK_JAIL:
|
||||
NEED1("jail requires argument");
|
||||
{
|
||||
char *end;
|
||||
int jid;
|
||||
|
||||
cmd->opcode = O_JAIL;
|
||||
jid = (int)strtol(*av, &end, 0);
|
||||
if (jid < 0 || *end != '\0')
|
||||
errx(EX_DATAERR, "jail requires prison ID");
|
||||
jid = jail_getid(*av);
|
||||
if (jid < 0)
|
||||
errx(EX_DATAERR, "%s", jail_errmsg);
|
||||
cmd32->d[0] = (uint32_t)jid;
|
||||
cmd->len |= F_INSN_SIZE(ipfw_insn_u32);
|
||||
av++;
|
||||
|
@ -2,4 +2,6 @@
|
||||
|
||||
PROG= cpuset
|
||||
|
||||
LIBADD= jail
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
|
@ -25,7 +25,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd February 26, 2018
|
||||
.Dd July 3, 2018
|
||||
.Dt CPUSET 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -56,7 +56,7 @@
|
||||
.Nm
|
||||
.Fl g
|
||||
.Op Fl cir
|
||||
.Op Fl d Ar domain | Fl j Ar jailid | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
|
||||
.Op Fl d Ar domain | Fl j Ar jail | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Nm
|
||||
@ -68,7 +68,7 @@ available processors and memory domains in the system.
|
||||
.Nm
|
||||
requires a target to modify or query.
|
||||
The target may be specified as a command, process id, thread id, a
|
||||
cpuset id, an irq, a jail id, or a NUMA domain.
|
||||
cpuset id, an irq, a jail, or a NUMA domain.
|
||||
Using
|
||||
.Fl g
|
||||
the target's set id or mask may be queried.
|
||||
@ -136,8 +136,8 @@ the id of the target.
|
||||
When used with the
|
||||
.Fl g
|
||||
option print the id rather than the valid mask of the target.
|
||||
.It Fl j Ar jailid
|
||||
Specifies a jail id as the target of the operation.
|
||||
.It Fl j Ar jail
|
||||
Specifies a jail id or name as the target of the operation.
|
||||
.It Fl l Ar cpu-list
|
||||
Specifies a list of CPUs to apply to a target.
|
||||
Specification may include
|
||||
|
@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <ctype.h>
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <jail.h>
|
||||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
@ -320,7 +321,9 @@ main(int argc, char *argv[])
|
||||
case 'j':
|
||||
jflag = 1;
|
||||
which = CPU_WHICH_JAIL;
|
||||
id = atoi(optarg);
|
||||
id = jail_getid(optarg);
|
||||
if (id < 0)
|
||||
errx(EXIT_FAILURE, "%s", jail_errmsg);
|
||||
break;
|
||||
case 'l':
|
||||
lflag = 1;
|
||||
|
@ -2,4 +2,6 @@
|
||||
|
||||
PROG= sockstat
|
||||
|
||||
LIBADD= jail
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
|
@ -27,7 +27,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd January 23, 2018
|
||||
.Dd July 3, 2018
|
||||
.Dt SOCKSTAT 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -58,8 +58,8 @@ Show
|
||||
(IPv6) sockets.
|
||||
.It Fl c
|
||||
Show connected sockets.
|
||||
.It Fl j Ar jid
|
||||
Show only sockets belonging to the specified jail ID.
|
||||
.It Fl j Ar jail
|
||||
Show only sockets belonging to the specified jail ID or name.
|
||||
.It Fl L
|
||||
Only show Internet sockets if the local and foreign addresses are not
|
||||
in the loopback network prefix
|
||||
|
@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$");
|
||||
#include <ctype.h>
|
||||
#include <err.h>
|
||||
#include <errno.h>
|
||||
#include <jail.h>
|
||||
#include <netdb.h>
|
||||
#include <pwd.h>
|
||||
#include <stdarg.h>
|
||||
@ -1263,7 +1264,9 @@ main(int argc, char *argv[])
|
||||
opt_c = 1;
|
||||
break;
|
||||
case 'j':
|
||||
opt_j = atoi(optarg);
|
||||
opt_j = jail_getid(optarg);
|
||||
if (opt_j < 0)
|
||||
errx(1, "%s", jail_errmsg);
|
||||
break;
|
||||
case 'L':
|
||||
opt_L = 1;
|
||||
|
Loading…
Reference in New Issue
Block a user