a85d762796
Some errors printed the jail name for unnamed (command line) jails. Attempting to create an already-existing jail from the command line returned with no error (even for non-root) due to bad logic in start_state. Ignore kvm_proc errors, which are typically caused by permission problems. Instead, stop ignoring permission errors when removing a jail (but continue to silently ignore other errors, i.e. the jail no longer existing). This makes non-root attempts at removing a jail give a clearer error message.
470 lines
11 KiB
C
470 lines
11 KiB
C
/*-
|
|
* Copyright (c) 2011 James Gritton
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <sys/cdefs.h>
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
#include <sys/uio.h>
|
|
|
|
#include <err.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include "jailp.h"
|
|
|
|
struct cfjails ready = TAILQ_HEAD_INITIALIZER(ready);
|
|
struct cfjails depend = TAILQ_HEAD_INITIALIZER(depend);
|
|
|
|
static void dep_add(struct cfjail *from, struct cfjail *to, unsigned flags);
|
|
static int cmp_jailptr(const void *a, const void *b);
|
|
static int cmp_jailptr_name(const void *a, const void *b);
|
|
static struct cfjail *find_jail(const char *name);
|
|
static int running_jid(const char *name, int flags);
|
|
|
|
static struct cfjail **jails_byname;
|
|
static size_t njails;
|
|
|
|
/*
|
|
* Set up jail dependency lists.
|
|
*/
|
|
void
|
|
dep_setup(int docf)
|
|
{
|
|
struct cfjail *j, *dj;
|
|
struct cfparam *p;
|
|
struct cfstring *s;
|
|
struct cfdepend *d;
|
|
const char *cs;
|
|
char *pname;
|
|
size_t plen;
|
|
int error, deps, ldeps;
|
|
|
|
if (!docf) {
|
|
/*
|
|
* With no config file, let "depend" for a single jail
|
|
* look at currently running jails.
|
|
*/
|
|
if ((j = TAILQ_FIRST(&cfjails)) &&
|
|
(p = j->intparams[IP_DEPEND])) {
|
|
TAILQ_FOREACH(s, &p->val, tq) {
|
|
if (running_jid(s->s, 0) < 0) {
|
|
warnx("depends on nonexistent jail "
|
|
"\"%s\"", s->s);
|
|
j->flags |= JF_FAILED;
|
|
}
|
|
}
|
|
}
|
|
return;
|
|
}
|
|
|
|
njails = 0;
|
|
TAILQ_FOREACH(j, &cfjails, tq)
|
|
njails++;
|
|
jails_byname = emalloc(njails * sizeof(struct cfjail *));
|
|
njails = 0;
|
|
TAILQ_FOREACH(j, &cfjails, tq)
|
|
jails_byname[njails++] = j;
|
|
qsort(jails_byname, njails, sizeof(struct cfjail *), cmp_jailptr);
|
|
error = 0;
|
|
deps = 0;
|
|
ldeps = 0;
|
|
plen = 0;
|
|
pname = NULL;
|
|
TAILQ_FOREACH(j, &cfjails, tq) {
|
|
if (j->flags & JF_FAILED)
|
|
continue;
|
|
if ((p = j->intparams[IP_DEPEND])) {
|
|
TAILQ_FOREACH(s, &p->val, tq) {
|
|
dj = find_jail(s->s);
|
|
if (dj != NULL) {
|
|
deps++;
|
|
dep_add(j, dj, 0);
|
|
} else {
|
|
jail_warnx(j,
|
|
"depends on undefined jail \"%s\"",
|
|
s->s);
|
|
j->flags |= JF_FAILED;
|
|
}
|
|
}
|
|
}
|
|
/* A jail has an implied dependency on its parent. */
|
|
if ((cs = strrchr(j->name, '.')))
|
|
{
|
|
if (plen < (size_t)(cs - j->name + 1)) {
|
|
plen = (cs - j->name) + 1;
|
|
pname = erealloc(pname, plen);
|
|
}
|
|
strlcpy(pname, j->name, plen);
|
|
dj = find_jail(pname);
|
|
if (dj != NULL) {
|
|
ldeps++;
|
|
dep_add(j, dj, DF_LIGHT);
|
|
}
|
|
}
|
|
}
|
|
|
|
/* Look for dependency loops. */
|
|
if (deps && (deps > 1 || ldeps)) {
|
|
(void)start_state(NULL, 0, 0, 0);
|
|
while ((j = TAILQ_FIRST(&ready))) {
|
|
requeue(j, &cfjails);
|
|
dep_done(j, DF_NOFAIL);
|
|
}
|
|
while ((j = TAILQ_FIRST(&depend)) != NULL) {
|
|
jail_warnx(j, "dependency loop");
|
|
j->flags |= JF_FAILED;
|
|
do {
|
|
requeue(j, &cfjails);
|
|
dep_done(j, DF_NOFAIL);
|
|
} while ((j = TAILQ_FIRST(&ready)));
|
|
}
|
|
TAILQ_FOREACH(j, &cfjails, tq)
|
|
STAILQ_FOREACH(d, &j->dep[DEP_FROM], tq[DEP_FROM])
|
|
d->flags &= ~DF_SEEN;
|
|
}
|
|
if (pname != NULL)
|
|
free(pname);
|
|
}
|
|
|
|
/*
|
|
* Return if a jail has dependencies.
|
|
*/
|
|
int
|
|
dep_check(struct cfjail *j)
|
|
{
|
|
int reset, depfrom, depto, ndeps, rev;
|
|
struct cfjail *dj;
|
|
struct cfdepend *d;
|
|
|
|
static int bits[] = { 0, 1, 1, 2, 1, 2, 2, 3 };
|
|
|
|
if (j->ndeps == 0)
|
|
return 0;
|
|
ndeps = 0;
|
|
if ((rev = JF_DO_STOP(j->flags))) {
|
|
depfrom = DEP_TO;
|
|
depto = DEP_FROM;
|
|
} else {
|
|
depfrom = DEP_FROM;
|
|
depto = DEP_TO;
|
|
}
|
|
STAILQ_FOREACH(d, &j->dep[depfrom], tq[depfrom]) {
|
|
if (d->flags & DF_SEEN)
|
|
continue;
|
|
dj = d->j[depto];
|
|
if (dj->flags & JF_FAILED) {
|
|
if (!(j->flags & (JF_DEPEND | JF_FAILED)) &&
|
|
verbose >= 0)
|
|
jail_warnx(j, "skipped");
|
|
j->flags |= JF_FAILED;
|
|
continue;
|
|
}
|
|
/*
|
|
* The dependee's state may be set (or changed) as a result of
|
|
* being in a dependency it wasn't in earlier.
|
|
*/
|
|
reset = 0;
|
|
if (bits[dj->flags & JF_OP_MASK] <= 1) {
|
|
if (!(dj->flags & JF_OP_MASK)) {
|
|
reset = 1;
|
|
dj->flags |= JF_DEPEND;
|
|
requeue(dj, &ready);
|
|
}
|
|
/* Set or change the dependee's state. */
|
|
switch (j->flags & JF_OP_MASK) {
|
|
case JF_START:
|
|
dj->flags |= JF_START;
|
|
break;
|
|
case JF_SET:
|
|
if (!(dj->flags & JF_OP_MASK))
|
|
dj->flags |= JF_SET;
|
|
else if (dj->flags & JF_STOP)
|
|
dj->flags |= JF_START;
|
|
break;
|
|
case JF_STOP:
|
|
case JF_RESTART:
|
|
if (!(dj->flags & JF_STOP))
|
|
reset = 1;
|
|
dj->flags |= JF_STOP;
|
|
if (dj->flags & JF_SET)
|
|
dj->flags ^= (JF_START | JF_SET);
|
|
break;
|
|
}
|
|
}
|
|
if (reset)
|
|
dep_reset(dj);
|
|
if (!((d->flags & DF_LIGHT) &&
|
|
(rev ? dj->jid < 0 : dj->jid > 0)))
|
|
ndeps++;
|
|
}
|
|
if (ndeps == 0)
|
|
return 0;
|
|
requeue(j, &depend);
|
|
return 1;
|
|
}
|
|
|
|
/*
|
|
* Resolve any dependencies from a finished jail.
|
|
*/
|
|
void
|
|
dep_done(struct cfjail *j, unsigned flags)
|
|
{
|
|
struct cfjail *dj;
|
|
struct cfdepend *d;
|
|
int depfrom, depto;
|
|
|
|
if (JF_DO_STOP(j->flags)) {
|
|
depfrom = DEP_TO;
|
|
depto = DEP_FROM;
|
|
} else {
|
|
depfrom = DEP_FROM;
|
|
depto = DEP_TO;
|
|
}
|
|
STAILQ_FOREACH(d, &j->dep[depto], tq[depto]) {
|
|
if ((d->flags & DF_SEEN) | (flags & ~d->flags & DF_LIGHT))
|
|
continue;
|
|
d->flags |= DF_SEEN;
|
|
dj = d->j[depfrom];
|
|
if (!(flags & DF_NOFAIL) && (j->flags & JF_FAILED) &&
|
|
(j->flags & (JF_OP_MASK | JF_DEPEND)) !=
|
|
(JF_SET | JF_DEPEND)) {
|
|
if (!(dj->flags & (JF_DEPEND | JF_FAILED)) &&
|
|
verbose >= 0)
|
|
jail_warnx(dj, "skipped");
|
|
dj->flags |= JF_FAILED;
|
|
}
|
|
if (!--dj->ndeps && dj->queue == &depend)
|
|
requeue(dj, &ready);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Count a jail's dependencies and mark them as unseen.
|
|
*/
|
|
void
|
|
dep_reset(struct cfjail *j)
|
|
{
|
|
int depfrom;
|
|
struct cfdepend *d;
|
|
|
|
depfrom = JF_DO_STOP(j->flags) ? DEP_TO : DEP_FROM;
|
|
j->ndeps = 0;
|
|
STAILQ_FOREACH(d, &j->dep[depfrom], tq[depfrom])
|
|
j->ndeps++;
|
|
}
|
|
|
|
/*
|
|
* Find the next jail ready to do something.
|
|
*/
|
|
struct cfjail *
|
|
next_jail(void)
|
|
{
|
|
struct cfjail *j;
|
|
|
|
if (!(j = next_proc(!TAILQ_EMPTY(&ready))) &&
|
|
(j = TAILQ_FIRST(&ready)) && JF_DO_STOP(j->flags) &&
|
|
(j = TAILQ_LAST(&ready, cfjails)) && !JF_DO_STOP(j->flags)) {
|
|
TAILQ_FOREACH_REVERSE(j, &ready, cfjails, tq)
|
|
if (JF_DO_STOP(j->flags))
|
|
break;
|
|
}
|
|
if (j != NULL)
|
|
requeue(j, &cfjails);
|
|
return j;
|
|
}
|
|
|
|
/*
|
|
* Set jails to the proper start state.
|
|
*/
|
|
int
|
|
start_state(const char *target, int docf, unsigned state, int running)
|
|
{
|
|
struct iovec jiov[6];
|
|
struct cfjail *j, *tj;
|
|
int jid;
|
|
char namebuf[MAXHOSTNAMELEN];
|
|
|
|
if (!target || (!docf && state != JF_STOP) ||
|
|
(!running && !strcmp(target, "*"))) {
|
|
/*
|
|
* For a global wildcard (including no target specified),
|
|
* set the state on all jails and start with those that
|
|
* have no dependencies.
|
|
*/
|
|
TAILQ_FOREACH_SAFE(j, &cfjails, tq, tj) {
|
|
j->flags = (j->flags & JF_FAILED) | state |
|
|
(docf ? JF_WILD : 0);
|
|
dep_reset(j);
|
|
requeue(j, j->ndeps ? &depend : &ready);
|
|
}
|
|
} else if (wild_jail_name(target)) {
|
|
/*
|
|
* For targets specified singly, or with a non-global wildcard,
|
|
* set their state and call them ready (even if there are
|
|
* dependencies). Leave everything else unqueued for now.
|
|
*/
|
|
if (running) {
|
|
/*
|
|
* -R matches its wildcards against currently running
|
|
* jails, not against the config file.
|
|
*/
|
|
*(const void **)&jiov[0].iov_base = "lastjid";
|
|
jiov[0].iov_len = sizeof("lastjid");
|
|
jiov[1].iov_base = &jid;
|
|
jiov[1].iov_len = sizeof(jid);
|
|
*(const void **)&jiov[2].iov_base = "jid";
|
|
jiov[2].iov_len = sizeof("jid");
|
|
jiov[3].iov_base = &jid;
|
|
jiov[3].iov_len = sizeof(jid);
|
|
*(const void **)&jiov[4].iov_base = "name";
|
|
jiov[4].iov_len = sizeof("name");
|
|
jiov[5].iov_base = &namebuf;
|
|
jiov[5].iov_len = sizeof(namebuf);
|
|
for (jid = 0; jail_get(jiov, 6, 0) > 0; ) {
|
|
if (wild_jail_match(namebuf, target)) {
|
|
j = add_jail();
|
|
j->name = estrdup(namebuf);
|
|
j->jid = jid;
|
|
j->flags = (j->flags & JF_FAILED) |
|
|
state | JF_WILD;
|
|
dep_reset(j);
|
|
requeue(j, &ready);
|
|
}
|
|
}
|
|
} else {
|
|
TAILQ_FOREACH_SAFE(j, &cfjails, tq, tj) {
|
|
if (wild_jail_match(j->name, target)) {
|
|
j->flags = (j->flags & JF_FAILED) |
|
|
state | JF_WILD;
|
|
dep_reset(j);
|
|
requeue(j, &ready);
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
j = find_jail(target);
|
|
if (j == NULL && state == JF_STOP) {
|
|
/* Allow -[rR] to specify a currently running jail. */
|
|
if ((jid = running_jid(target, JAIL_DYING)) > 0) {
|
|
j = add_jail();
|
|
j->name = estrdup(target);
|
|
j->jid = jid;
|
|
}
|
|
}
|
|
if (j == NULL) {
|
|
warnx("\"%s\" not found", target);
|
|
return -1;
|
|
}
|
|
j->flags = (j->flags & JF_FAILED) | state;
|
|
dep_reset(j);
|
|
requeue(j, &ready);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Move a jail to a new list.
|
|
*/
|
|
void
|
|
requeue(struct cfjail *j, struct cfjails *queue)
|
|
{
|
|
if (j->queue != queue) {
|
|
TAILQ_REMOVE(j->queue, j, tq);
|
|
TAILQ_INSERT_TAIL(queue, j, tq);
|
|
j->queue = queue;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Add a dependency edge between two jails.
|
|
*/
|
|
static void
|
|
dep_add(struct cfjail *from, struct cfjail *to, unsigned flags)
|
|
{
|
|
struct cfdepend *d;
|
|
|
|
d = emalloc(sizeof(struct cfdepend));
|
|
d->flags = flags;
|
|
d->j[DEP_FROM] = from;
|
|
d->j[DEP_TO] = to;
|
|
STAILQ_INSERT_TAIL(&from->dep[DEP_FROM], d, tq[DEP_FROM]);
|
|
STAILQ_INSERT_TAIL(&to->dep[DEP_TO], d, tq[DEP_TO]);
|
|
}
|
|
|
|
/*
|
|
* Compare jail pointers for qsort/bsearch.
|
|
*/
|
|
static int
|
|
cmp_jailptr(const void *a, const void *b)
|
|
{
|
|
return strcmp((*((struct cfjail * const *)a))->name,
|
|
((*(struct cfjail * const *)b))->name);
|
|
}
|
|
|
|
static int
|
|
cmp_jailptr_name(const void *a, const void *b)
|
|
{
|
|
return strcmp((const char *)a, ((*(struct cfjail * const *)b))->name);
|
|
}
|
|
|
|
/*
|
|
* Find a jail object by name.
|
|
*/
|
|
static struct cfjail *
|
|
find_jail(const char *name)
|
|
{
|
|
struct cfjail **jp;
|
|
|
|
jp = bsearch(name, jails_byname, njails, sizeof(struct cfjail *),
|
|
cmp_jailptr_name);
|
|
return jp ? *jp : NULL;
|
|
}
|
|
|
|
/*
|
|
* Return the named jail's jid if it is running, and -1 if it isn't.
|
|
*/
|
|
static int
|
|
running_jid(const char *name, int flags)
|
|
{
|
|
struct iovec jiov[2];
|
|
char *ep;
|
|
int jid;
|
|
|
|
if ((jid = strtol(name, &ep, 10)) && !*ep) {
|
|
*(const void **)&jiov[0].iov_base = "jid";
|
|
jiov[0].iov_len = sizeof("jid");
|
|
jiov[1].iov_base = &jid;
|
|
jiov[1].iov_len = sizeof(jid);
|
|
} else {
|
|
*(const void **)&jiov[0].iov_base = "name";
|
|
jiov[0].iov_len = sizeof("name");
|
|
jiov[1].iov_len = strlen(name) + 1;
|
|
jiov[1].iov_base = alloca(jiov[1].iov_len);
|
|
strcpy(jiov[1].iov_base, name);
|
|
}
|
|
return jail_get(jiov, 2, flags);
|
|
}
|