Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),

sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't work
 with names.

PR:		229266
MFC after:	3 days
Differential Revision:	D16047

lib/libugidfw/ugidfw.c

@@ -34,9 +34,11 @@
  */
 #include <sys/param.h>
 #include <sys/errno.h>
+#include <sys/jail.h>
 #include <sys/time.h>
 #include <sys/sysctl.h>
 #include <sys/ucred.h>
+#include <sys/uio.h>
 #include <sys/mount.h>
 
 #include <security/mac_bsdextended/mac_bsdextended.h>
@@ -599,17 +601,46 @@ bsde_parse_gidrange(char *spec, gid_t *min, gid_t *max,
 	return (0);
 }
 
+static int
+bsde_get_jailid(const char *name, size_t buflen, char *errstr)
+{
+	char *ep;
+	int jid;
+	struct iovec jiov[4];
+
+	/* Copy jail_getid(3) instead of messing with library dependancies */
+	jid = strtoul(name, &ep, 10);
+	if (*name && !*ep)
+		return jid;
+	jiov[0].iov_base = __DECONST(char *, "name");
+	jiov[0].iov_len = sizeof("name");
+	jiov[1].iov_len = strlen(name) + 1;
+	jiov[1].iov_base = alloca(jiov[1].iov_len);
+	strcpy(jiov[1].iov_base, name);
+	if (errstr && buflen) {
+		jiov[2].iov_base = __DECONST(char *, "errmsg");
+		jiov[2].iov_len = sizeof("errmsg");
+		jiov[3].iov_base = errstr;
+		jiov[3].iov_len = buflen;
+		errstr[0] = 0;
+		jid = jail_get(jiov, 4, 0);
+		if (jid < 0 && !errstr[0])
+			snprintf(errstr, buflen, "jail_get: %s",
+			    strerror(errno));
+	} else
+		jid = jail_get(jiov, 2, 0);
+	return jid;
+}
+
 static int
 bsde_parse_subject(int argc, char *argv[],
     struct mac_bsdextended_subject *subject, size_t buflen, char *errstr)
 {
 	int not_seen, flags;
 	int current, neg, nextnot;
-	char *endp;
 	uid_t uid_min, uid_max;
 	gid_t gid_min, gid_max;
 	int jid = 0;
-	long value;
 
 	current = 0;
 	flags = 0;
@@ -668,13 +699,9 @@ bsde_parse_subject(int argc, char *argv[],
 				snprintf(errstr, buflen, "one jail only");
 				return (-1);
 			}
-			value = strtol(argv[current+1], &endp, 10);
+			jid = bsde_get_jailid(argv[current+1], buflen, errstr);
-			if (*endp != '\0') {
+			if (jid < 0)
-				snprintf(errstr, buflen, "invalid jid: '%s'",
-				    argv[current+1]);
 				return (-1);
-			}
-			jid = value;
 			flags |= MBS_PRISON_DEFINED;
 			if (nextnot) {
 				neg ^= MBS_PRISON_DEFINED;

sbin/ipfw/Makefile

@@ -13,7 +13,7 @@ SRCS+=	altq.c
 CFLAGS+=-DPF
 .endif
 
-LIBADD=	util
+LIBADD=	jail util
 MAN=	ipfw.8
 
 .include <bsd.prog.mk>

sbin/ipfw/ipfw.8

@@ -1,7 +1,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd June 28, 2018
+.Dd July 3, 2018
 .Dt IPFW 8
 .Os
 .Sh NAME
@@ -1535,10 +1535,10 @@ Matches all TCP or UDP packets sent by or received for a
 A
 .Ar group
 may be specified by name or number.
-.It Cm jail Ar prisonID
+.It Cm jail Ar jail
 Matches all TCP or UDP packets sent by or received for the
-jail whos prison ID is
+jail whose ID or name is
-.Ar prisonID .
+.Ar jail .
 .It Cm icmptypes Ar types
 Matches ICMP packets whose ICMP type is in the list
 .Ar types .

sbin/ipfw/ipfw2.c

@@ -32,6 +32,7 @@
 #include <err.h>
 #include <errno.h>
 #include <grp.h>
+#include <jail.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <stdio.h>
@@ -4581,13 +4582,12 @@ compile_rule(char *av[], uint32_t *rbuf, int *rbufsize, struct tidx *tstate)
 		case TOK_JAIL:
 			NEED1("jail requires argument");
 		    {
-			char *end;
 			int jid;
 
 			cmd->opcode = O_JAIL;
-			jid = (int)strtol(*av, &end, 0);
+			jid = jail_getid(*av);
-			if (jid < 0 || *end != '\0')
+			if (jid < 0)
-				errx(EX_DATAERR, "jail requires prison ID");
+				errx(EX_DATAERR, "%s", jail_errmsg);
 			cmd32->d[0] = (uint32_t)jid;
 			cmd->len |= F_INSN_SIZE(ipfw_insn_u32);
 			av++;

usr.bin/cpuset/Makefile

@@ -2,4 +2,6 @@
 
 PROG=   cpuset
 
+LIBADD=	jail
+
 .include <bsd.prog.mk>

usr.bin/cpuset/cpuset.1

@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd February 26, 2018
+.Dd July 3, 2018
 .Dt CPUSET 1
 .Os
 .Sh NAME
@@ -56,7 +56,7 @@
 .Nm
 .Fl g
 .Op Fl cir
-.Op Fl d Ar domain | Fl j Ar jailid | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
+.Op Fl d Ar domain | Fl j Ar jail | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
 .Sh DESCRIPTION
 The
 .Nm
@@ -68,7 +68,7 @@ available processors and memory domains in the system.
 .Nm
 requires a target to modify or query.
 The target may be specified as a command, process id, thread id, a
-cpuset id, an irq, a jail id, or a NUMA domain.
+cpuset id, an irq, a jail, or a NUMA domain.
 Using
 .Fl g
 the target's set id or mask may be queried.
@@ -136,8 +136,8 @@ the id of the target.
 When used with the
 .Fl g
 option print the id rather than the valid mask of the target.
-.It Fl j Ar jailid
+.It Fl j Ar jail
-Specifies a jail id as the target of the operation.
+Specifies a jail id or name as the target of the operation.
 .It Fl l Ar cpu-list
 Specifies a list of CPUs to apply to a target.
 Specification may include

usr.bin/cpuset/cpuset.c

@@ -42,6 +42,7 @@ __FBSDID("$FreeBSD$");
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
+#include <jail.h>
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -320,7 +321,9 @@ main(int argc, char *argv[])
 		case 'j':
 			jflag = 1;
 			which = CPU_WHICH_JAIL;
-			id = atoi(optarg);
+			id = jail_getid(optarg);
+			if (id < 0)
+				errx(EXIT_FAILURE, "%s", jail_errmsg);
 			break;
 		case 'l':
 			lflag = 1;

usr.bin/sockstat/Makefile

@@ -2,4 +2,6 @@
 
 PROG=		sockstat
 
+LIBADD=		jail
+
 .include <bsd.prog.mk>

usr.bin/sockstat/sockstat.1

@@ -27,7 +27,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 23, 2018
+.Dd July 3, 2018
 .Dt SOCKSTAT 1
 .Os
 .Sh NAME
@@ -58,8 +58,8 @@ Show
 (IPv6) sockets.
 .It Fl c
 Show connected sockets.
-.It Fl j Ar jid
+.It Fl j Ar jail
-Show only sockets belonging to the specified jail ID.
+Show only sockets belonging to the specified jail ID or name.
 .It Fl L
 Only show Internet sockets if the local and foreign addresses are not
 in the loopback network prefix

usr.bin/sockstat/sockstat.c

@@ -57,6 +57,7 @@ __FBSDID("$FreeBSD$");
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
+#include <jail.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <stdarg.h>
@@ -1263,7 +1264,9 @@ main(int argc, char *argv[])
 			opt_c = 1;
 			break;
 		case 'j':
-			opt_j = atoi(optarg);
+			opt_j = jail_getid(optarg);
+			if (opt_j < 0)
+				errx(1, "%s", jail_errmsg);
 			break;
 		case 'L':
 			opt_L = 1;