[jail] removal by jid doesn't trigger pre/post stop scripts
This commit fixes bug: command "jail -r" didn't trigger pre/post stop commands (and others) defined in config file if jid is specified insted of name. Also it adds basic tests for usr.sbin/jail to avoid regression. Reviewed by: jamie, kevans, ray MFC after: 5 days Differential Revision: https://reviews.freebsd.org/D21328
This commit is contained in:
parent
09c9ed3b05
commit
cd38a86c63
@ -1082,6 +1082,8 @@
|
||||
..
|
||||
fstyp
|
||||
..
|
||||
jail
|
||||
..
|
||||
makefs
|
||||
..
|
||||
mixer
|
||||
|
@ -24,4 +24,7 @@ CFLAGS+= -DINET
|
||||
|
||||
CLEANFILES= y.output
|
||||
|
||||
HAS_TESTS=
|
||||
SUBDIR.${MK_TESTS}+= tests
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
|
@ -44,7 +44,7 @@ static void dep_add(struct cfjail *from, struct cfjail *to, unsigned flags);
|
||||
static int cmp_jailptr(const void *a, const void *b);
|
||||
static int cmp_jailptr_name(const void *a, const void *b);
|
||||
static struct cfjail *find_jail(const char *name);
|
||||
static int running_jid(const char *name, int flags);
|
||||
static struct cfjail *running_jail(const char *name, int flags);
|
||||
|
||||
static struct cfjail **jails_byname;
|
||||
static size_t njails;
|
||||
@ -72,7 +72,7 @@ dep_setup(int docf)
|
||||
if ((j = TAILQ_FIRST(&cfjails)) &&
|
||||
(p = j->intparams[IP_DEPEND])) {
|
||||
TAILQ_FOREACH(s, &p->val, tq) {
|
||||
if (running_jid(s->s, 0) < 0) {
|
||||
if (running_jail(s->s, 0) == NULL) {
|
||||
warnx("depends on nonexistent jail "
|
||||
"\"%s\"", s->s);
|
||||
j->flags |= JF_FAILED;
|
||||
@ -369,11 +369,7 @@ start_state(const char *target, int docf, unsigned state, int running)
|
||||
j = find_jail(target);
|
||||
if (j == NULL && state == JF_STOP) {
|
||||
/* Allow -[rR] to specify a currently running jail. */
|
||||
if ((jid = running_jid(target, JAIL_DYING)) > 0) {
|
||||
j = add_jail();
|
||||
j->name = estrdup(target);
|
||||
j->jid = jid;
|
||||
}
|
||||
j = running_jail(target, JAIL_DYING);
|
||||
}
|
||||
if (j == NULL) {
|
||||
warnx("\"%s\" not found", target);
|
||||
@ -447,32 +443,52 @@ find_jail(const char *name)
|
||||
{
|
||||
struct cfjail **jp;
|
||||
|
||||
if (jails_byname == NULL)
|
||||
return NULL;
|
||||
|
||||
jp = bsearch(name, jails_byname, njails, sizeof(struct cfjail *),
|
||||
cmp_jailptr_name);
|
||||
return jp ? *jp : NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* Return the named jail's jid if it is running, and -1 if it isn't.
|
||||
* Return jail if it is running, and NULL if it isn't.
|
||||
*/
|
||||
static int
|
||||
running_jid(const char *name, int flags)
|
||||
static struct cfjail *
|
||||
running_jail(const char *name, int flags)
|
||||
{
|
||||
struct iovec jiov[2];
|
||||
struct iovec jiov[4];
|
||||
struct cfjail *jail;
|
||||
char *ep;
|
||||
int jid;
|
||||
char jailname[MAXHOSTNAMELEN];
|
||||
int jid, ret, len;
|
||||
|
||||
if ((jid = strtol(name, &ep, 10)) && !*ep) {
|
||||
jiov[0].iov_base = __DECONST(char *, "jid");
|
||||
jiov[0].iov_len = sizeof("jid");
|
||||
jiov[1].iov_base = &jid;
|
||||
jiov[1].iov_len = sizeof(jid);
|
||||
memset(jailname,0,sizeof(jailname));
|
||||
len = sizeof(jailname);
|
||||
} else {
|
||||
jiov[0].iov_base = __DECONST(char *, "name");
|
||||
jiov[0].iov_len = sizeof("name");
|
||||
jiov[1].iov_len = strlen(name) + 1;
|
||||
jiov[1].iov_base = alloca(jiov[1].iov_len);
|
||||
strcpy(jiov[1].iov_base, name);
|
||||
strncpy(jailname, name,sizeof(jailname));
|
||||
len = strlen(name) + 1;
|
||||
jid = 0;
|
||||
}
|
||||
return jail_get(jiov, 2, flags);
|
||||
|
||||
jiov[0].iov_base = __DECONST(char *, "jid");
|
||||
jiov[0].iov_len = sizeof("jid");
|
||||
jiov[1].iov_base = &jid;
|
||||
jiov[1].iov_len = sizeof(jid);
|
||||
jiov[2].iov_base = __DECONST(char *, "name");
|
||||
jiov[2].iov_len = sizeof("name");
|
||||
jiov[3].iov_base = &jailname;
|
||||
jiov[3].iov_len = len;
|
||||
|
||||
if ((ret = jail_get(jiov, 4, flags)) < 0)
|
||||
return (NULL);
|
||||
|
||||
if ((jail = find_jail(jailname)) == NULL) {
|
||||
jail = add_jail();
|
||||
jail->name = estrdup(jailname);
|
||||
jail->jid = ret;
|
||||
}
|
||||
|
||||
return (jail);
|
||||
}
|
||||
|
9
usr.sbin/jail/tests/Makefile
Normal file
9
usr.sbin/jail/tests/Makefile
Normal file
@ -0,0 +1,9 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PACKAGE= tests
|
||||
|
||||
ATF_TESTS_SH+= jail_basic_test
|
||||
|
||||
${PACKAGE}FILES+= commands.jail.conf
|
||||
|
||||
.include <bsd.test.mk>
|
7
usr.sbin/jail/tests/commands.jail.conf
Normal file
7
usr.sbin/jail/tests/commands.jail.conf
Normal file
@ -0,0 +1,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
exec.prestop = "echo STOP";
|
||||
exec.prestart = "echo START";
|
||||
persist;
|
||||
|
||||
basejail {}
|
136
usr.sbin/jail/tests/jail_basic_test.sh
Executable file
136
usr.sbin/jail/tests/jail_basic_test.sh
Executable file
@ -0,0 +1,136 @@
|
||||
#
|
||||
# SPDX-License-Identifier: BSD-2-Clause-FreeBSD
|
||||
#
|
||||
# Copyright (c) 2019 Michael Zhilin
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
|
||||
# $FreeBSD$
|
||||
|
||||
atf_test_case "basic" "cleanup"
|
||||
atf_test_case "nested" "cleanup"
|
||||
atf_test_case "commands" "cleanup"
|
||||
|
||||
basic_head()
|
||||
{
|
||||
atf_set descr 'Basic jail test'
|
||||
atf_set require.user root
|
||||
}
|
||||
|
||||
basic_body()
|
||||
{
|
||||
# Create the jail
|
||||
atf_check -s exit:0 -o ignore jail -c name=basejail persist ip4.addr=192.0.1.1
|
||||
# Check output of jls
|
||||
atf_check -s exit:0 -o ignore jls
|
||||
atf_check -s exit:0 -o ignore jls -v
|
||||
atf_check -s exit:0 -o ignore jls -n
|
||||
# Stop jail
|
||||
atf_check -s exit:0 -o ignore jail -r basejail
|
||||
jail -c name=basejail persist ip4.addr=192.0.1.1
|
||||
# Stop jail by jid
|
||||
atf_check -s exit:0 -o ignore jail -r `jls -j basejail jid`
|
||||
# Recreate
|
||||
atf_check -s exit:0 -o ignore jail -cm name=basejail persist ip4.addr=192.0.1.1
|
||||
# Restart
|
||||
atf_check -s exit:0 -o ignore jail -rc name=basejail persist ip4.addr=192.0.1.1
|
||||
}
|
||||
|
||||
basic_cleanup()
|
||||
{
|
||||
jail -r basejail
|
||||
}
|
||||
|
||||
nested_head()
|
||||
{
|
||||
atf_set descr 'Hierarchical jails test'
|
||||
atf_set require.user root
|
||||
}
|
||||
|
||||
nested_body()
|
||||
{
|
||||
# Create the first jail
|
||||
jail -c name=basejail persist ip4.addr=192.0.1.1 children.max=1
|
||||
atf_check -s exit:0 -o empty \
|
||||
jexec basejail \
|
||||
jail -c name=nestedjail persist ip4.addr=192.0.1.1
|
||||
|
||||
atf_check -s exit:1 -o empty -e inline:"jail: prison limit exceeded\n"\
|
||||
jexec basejail \
|
||||
jail -c name=secondnestedjail persist ip4.addr=192.0.1.1
|
||||
# Check output of jls
|
||||
atf_check -s exit:0 -o ignore \
|
||||
jexec basejail jls
|
||||
atf_check -s exit:0 -o ignore \
|
||||
jexec basejail jls -v
|
||||
atf_check -s exit:0 -o ignore \
|
||||
jexec basejail jls -n
|
||||
# Create jail with no child - children.max should be 0 by default
|
||||
jail -c name=basejail_nochild persist ip4.addr=192.0.1.1
|
||||
atf_check -s exit:1 -o empty \
|
||||
-e inline:"jail: jail_set: Operation not permitted\n" \
|
||||
jexec basejail_nochild \
|
||||
jail -c name=nestedjail persist ip4.addr=192.0.1.1
|
||||
}
|
||||
|
||||
nested_cleanup()
|
||||
{
|
||||
jail -r nestedjail
|
||||
jail -r basejail
|
||||
jail -r basejail_nochild
|
||||
}
|
||||
|
||||
commands_header()
|
||||
{
|
||||
atf_set descr 'Commands jail test'
|
||||
atf_set require.user root
|
||||
}
|
||||
|
||||
commands_body()
|
||||
{
|
||||
# exec.prestart
|
||||
atf_check -s exit:0 -o inline:"START\n" \
|
||||
jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail
|
||||
# exec.prestop by jailname
|
||||
atf_check -s exit:0 -o inline:"STOP\n" \
|
||||
jail -f $(atf_get_srcdir)/commands.jail.conf -qr basejail
|
||||
# exec.prestop by jid
|
||||
jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail
|
||||
atf_check -s exit:0 -o inline:"STOP\n" \
|
||||
jail -f $(atf_get_srcdir)/commands.jail.conf -qr `jls -j basejail jid`
|
||||
}
|
||||
|
||||
commands_cleanup()
|
||||
{
|
||||
jls -j basejail > /dev/null 2>&1
|
||||
if [ $? -e 0 ]
|
||||
then
|
||||
jail -r basejail
|
||||
fi
|
||||
}
|
||||
|
||||
atf_init_test_cases()
|
||||
{
|
||||
atf_add_test_case "basic"
|
||||
atf_add_test_case "nested"
|
||||
atf_add_test_case "commands"
|
||||
}
|
Loading…
Reference in New Issue
Block a user