Commit Graph

239 Commits

Author SHA1 Message Date
Hiroki Sato
64bb8a3881 Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in
jail.conf parameters.  This flag disallows redefinition of the parameter.

"name" and/or "jid" are automatically defined in jail.conf by using
the jail names at the front of jail parameter definitions.  However,
one could override them by using a variable with the same name like
$name = "foo".  This confused the parser and could end up with SIGSEGV.

Note that this change also affects a case when all of parameters are
defined in the command line arguments, not in jail.conf.  Specifically,
"jail -c name=j1 name=j2" no longer works.  This should be harmless.

PR:		196574
Reviewed by:	jamie
Differential Revision:	https://reviews.freebsd.org/D3017
2015-07-08 16:37:48 +00:00
Hiroki Sato
882efc9ac2 Fix offset calculation in variable substitution
in jail.conf.  The following did not work correctly:

 A="A_${B}_C_${D}"
 B="BBBBB"
 D="DDDD_${E}_FFFFF"
 E="EEEEE"

PR:		189139
Reviewed by:	jamie
Differential Revision:	https://reviews.freebsd.org/D3018
2015-07-08 00:51:53 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Joel Dahl
952364486a Fix minor mdoc issues. 2015-04-24 14:36:06 +00:00
Allan Jude
946ea17f0c Fix typo in jail(8) man page
PR:		198790
Differential Revision:	https://reviews.freebsd.org/D2111
Submitted by:	Jimmy Olgeni
Approved by:	wblock (mentor)
Sponsored by:	ScaleEngine Inc.
2015-03-22 20:38:28 +00:00
Ian Lepore
b96bd95b85 Allow the kern.osrelease and kern.osreldate sysctl values to be set in a
jail's creation parameters.  This allows the kernel version to be reliably
spoofed within the jail whether examined directly with sysctl or
indirectly with the uname -r and -K options.

The values can only be set at jail creation time, to eliminate the need
for any locking when accessing the values via sysctl.

The overridden values are inherited by nested jails (unless the config for
the nested jails also overrides the values).

There is no sanity or range checking, other than disallowing an empty
release string or a zero release date, by design.  The system
administrator is trusted to set sane values.  Setting values that are
newer than the actual running kernel will likely cause compatibility
problems.

Differential Revision:	https://reviews.freebsd.org/D1948
Relnotes:	yes
2015-02-27 16:28:55 +00:00
Jamie Gritton
07a7869fb2 Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.

Also fix a typo while I'm at it.

PR:		197237 197066
MFC after:	3 days
2015-02-06 17:54:53 +00:00
Jamie Gritton
464aad1407 Add allow.mount.fdescfs jail flag.
PR:		192951
Submitted by:	ruben@verweg.com
MFC after:	3 days
2015-01-28 21:08:09 +00:00
Joel Dahl
914f6e6290 mdoc: sort SEE ALSO. 2014-12-26 21:56:23 +00:00
Jamie Gritton
eb28afe422 Setgid before running a command as a specified user. Previously only
initgroups(3) was called, what isn't quite enough.  This brings jail(8)
in line with jexec(8), which was already doing the right thing.

PR:		195984
MFC after:	1 week
2014-12-18 18:10:39 +00:00
Jamie Gritton
d031802b05 In preparation for using clang's -Wcast-qual:
Use __DECONST (instead of my own attempted re-invention) for the iov
parameters to jail_get/set(2).  Similarly remove the decost-ish hack
from execvp's argv, except the __DECONST is only added at very end.

While I'm at it, remove an unused variable and fix a comment typo.
2014-11-25 21:01:08 +00:00
Baptiste Daroussin
c6db8143ed Convert usr.sbin to LIBADD
Reduce overlinking
2014-11-25 16:57:27 +00:00
Simon J. Gerraty
9268022b74 Merge from head@274682 2014-11-19 01:07:58 +00:00
Simon J. Gerraty
ee7b0571c2 Merge head from 7/28 2014-08-19 06:50:54 +00:00
Steven Hartland
b22b6abd34 Added support for extra ifconfig args to jail ip4.addr & ip6.addr params
This allows for CARP interfaces to be  used in jails e.g.
ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"

Before this change using exec.prestart to configure a CARP address
would result in the wrong MAC being broadcast on startup as jail creates
IP aliases to support ip[4|6].addr before exec.prestart is executed.

PR:		191832
Reviewed by:	jamie
MFC after:	1 week
X-MFC-With:	r269340
Phabric:	D528
Sponsored by:	Multiplay
2014-08-04 16:32:08 +00:00
Gavin Atkinson
6bfc8b0112 The month's name shall not be abbreviated. 2014-07-11 22:38:05 +00:00
Gavin Atkinson
4b829b3ee0 Reword an awkward option description
PR:		191726
Reported by:	yaneurabeya gmail.com
MFC after:	3 days
2014-07-10 10:00:10 +00:00
Benjamin Kaduk
aaf40f14ee Bump .Dd, missed in r266206
Approved by:	hrs (mentor, implicit)
2014-05-17 02:53:10 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Benjamin Kaduk
06e36338ca Review pass through jail.8
Replace usage of "prison" with "jail", since that term has mostly dropped
out of use.  Note once at the beginning that the "prison" term is equivalent,
but do not use it otherwise. [1]

Some grammar issues.

Some mdoc formatting fixes.

Consistently use \(em for em dashes, with spaces around it.

Avoid contractions.

Prefer ssh to telnet.

PR:		docs/176832 [1]
Approved by:	hrs (mentor)
2014-05-16 01:50:04 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
cc3f4b9965 Merge from head 2014-05-08 23:54:15 +00:00
Warner Losh
c6063d0da8 Use src.opts.mk in preference to bsd.own.mk except where we need stuff
from the latter.
2014-05-06 04:22:01 +00:00
Simon J. Gerraty
3b8f084595 Merge head 2014-04-28 07:50:45 +00:00
Robert Watson
994e8550e6 Line-wrapping tweak: make the sample jail command line fit in 80 characters.
MFC after:	3 days
2014-03-17 14:19:42 +00:00
Niclas Zeising
d4f5f0007e Bump .Dd forgotten in r261832.
MFC after:	2 weeks
2014-02-13 13:11:34 +00:00
Niclas Zeising
22e9d10a7f Add commas (,) to the list in the SEE ALSO section, to match most other
manuals.

MFC after:	2 weeks
2014-02-13 12:53:57 +00:00
Niclas Zeising
a074a227fa Add cross references between rc.conf(5) and jail.conf(5).
MFC after:	2 weeks
2014-02-13 12:52:26 +00:00
Jamie Gritton
f15444cc97 Back out r261266 pending security buy-in.
r261266:
  Add a jail parameter, allow.kmem, which lets jailed processes access
  /dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE).
  This in conjunction with changing the drm driver's permission check from
  PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server.
2014-01-31 17:39:51 +00:00
Jamie Gritton
109ca2d5f1 Add a jail parameter, allow.kmem, which lets jailed processes access
/dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE).
This in conjunction with changing the drm driver's permission check from
PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server.

Submitted by:	netchild
MFC after:	1 week
2014-01-29 13:41:13 +00:00
Simon J. Gerraty
3caf0790a8 Merge head@256284 2013-10-13 02:35:19 +00:00
Hiroki Sato
fbd868c9d8 - Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs.  The mount happens just after
  mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
  fails to start.

Approved by:	re (gjb)
2013-10-12 17:27:59 +00:00
Hiroki Sato
84b354cb9a - Update rc.d/jail to use a jail(8) configuration file instead of
command line options.  The "jail_<jname>_*" rc.conf(5) variables for
  per-jail configuration are automatically converted to
  /var/run/jail.<jname>.conf before the jail(8) utility is invoked.
  This is transparently backward compatible.

- Fix a minor bug in jail(8) which prevented it from returning false
  when jail -r failed.

Approved by:	re (glebius)
2013-10-10 09:32:27 +00:00
Simon J. Gerraty
d1d0158641 Merge from head 2013-09-05 20:18:59 +00:00
Xin LI
2454886e05 Allow tmpfs be mounted inside jail. 2013-08-23 22:52:20 +00:00
Jung-uk Kim
9c5a52cf88 Work around build breakages with GCC 4.2.
Reported by:	tinderbox
2013-05-23 05:42:35 +00:00
Jung-uk Kim
a7880d59c9 Improve compatibility with recent flex from flex.sourceforge.net. 2013-05-03 23:51:32 +00:00
Ed Schouten
7e659f9491 Add the Clang specific -Wmissing-variable-declarations to WARNS=6.
This compiler flag enforces that that people either mark variables
static or use an external declarations for the variable, similar to how
-Wmissing-prototypes works for functions.

Due to the fact that Yacc/Lex generate code that cannot trivially be
changed to not warn because of this (lots of yy* variables), add a
NO_WMISSING_VARIABLE_DECLARATIONS that can be used to turn off this
specific compiler warning.

Announced on:	toolchain@
2013-04-19 19:45:00 +00:00
Simon J. Gerraty
69e6d7b75e sync from head 2013-04-12 20:48:55 +00:00
Jamie Gritton
bea2eefca4 Reverse the order of some implicit commands (FS mounts and ifconfigs)
when stopping jails.  This matters particularly for nested filesystem
mounts.

PR:		kern/177325
Submitted by:	Harald Schmalzbauer
MFC after:	3 days
2013-03-28 21:02:49 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Jamie Gritton
e593549587 Handle (ignore) when a process disappears before it can be tracked. 2013-02-14 19:27:52 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Jamie Gritton
01591cd540 Move properly to the next parameter when jailparam_init fails
(i.e. on an unknown parameter), to avoid freeing bogus pointers.
2012-10-04 18:59:46 +00:00
Dag-Erling Smørgrav
6cbae38f63 Warn about filesystem-based attacks. 2012-09-16 15:22:15 +00:00
Jamie Gritton
e9322de834 Partially roll back r239601 - keep parameter strings both length-delimited
and null-terminated at the same time, because they're later passed to
libjail as null-terminated.  That means I also need to add a nul byte when
comma-combining array parameters.

MFC after:	6 days
2012-08-23 19:39:23 +00:00
Jamie Gritton
b01d717742 Pre-separate IP addresses passed on the command line, so they can be
properly parsed for interface prefixes and netmask suffixes.  This was
already done for the old-style (fixed) command line, but missed for
the new-style.

MFC after:	1 week
2012-08-23 01:43:22 +00:00