kern/69064: No multiple ip4/6's could assigned to a jail.
Meno Abels
abels at adviser.com
Sat Jul 31 01:40:24 PDT 2004
The following reply was made to PR kern/69064; it has been noted by GNATS.
From: "Meno Abels" <abels at adviser.com>
To: FreeBSD-gnats-submit at freebsd.org
Cc:
Subject: Re: kern/69064: No multiple ip4/6's could assigned to a jail.
Date: Sat, 31 Jul 2004 10:35:21 +0200
sorry I missed to convert the userland tools in the unified diff
format. Here they are.
regards
meno
Index: usr.sbin/jail/jail.8
===================================================================
RCS file: /usr/freebsd.cvs/src/usr.sbin/jail/jail.8,v
retrieving revision 1.57
diff -u -r1.57 jail.8
--- usr.sbin/jail/jail.8 2 Jul 2004 23:12:45 -0000 1.57
+++ usr.sbin/jail/jail.8 14 Jul 2004 19:09:14 -0000
@@ -43,7 +43,10 @@
.Nm
.Op Fl i
.Op Fl u Ar username | Fl U Ar username
-.Ar path hostname ip-number command ...
+.Op Fl j Ar jail identifier
+.Op Fl a Ar ip4 or ip6 address
+.Op Fl d Ar ip4 or ip6 address
+.Ar path hostname [ip4|ip6] command ...
.Sh DESCRIPTION
The
.Nm
@@ -52,13 +55,22 @@
The options are as follows:
.Bl -tag -width ".Fl u Ar username"
.It Fl i
-Output the jail identifier of the newly created jail.
+Output the jail identifier of the newly created jail. Only valid without -j.
.It Fl u Ar username
The user name from host environment as whom the
.Ar command
should run.
.It Fl U Ar username
-The user name from jailed environment as whom the
+The user name from jailed environment as whom the. Only valid without -j.
+.It Fl j Ar jail identifier
+This options set the jail identifier which is modified with -a oder -d.
+The jail identifier could be retrieved with jls.
+.It Fl a Ar ip4 or ip6
+This options add the specified ip number to the jail that is give with -j. You
+can only have one -a per call.
+.It Fl d Ar ip4 or ip6
+This options deletes the specified ip number from the jail that is give with -j.
+You can only have one -d per call.
.Ar command
should run.
.It Ar path
@@ -66,7 +78,7 @@
.It Ar hostname
Hostname of the prison.
.It Ar ip-number
-IP number assigned to the prison.
+IP4 or IP6 number assigned to the prison.
.It Ar command
Pathname of the program which is to be executed.
.El
Index: usr.sbin/jail/jail.c
===================================================================
RCS file: /usr/freebsd.cvs/src/usr.sbin/jail/jail.c,v
retrieving revision 1.16
diff -u -r1.16 jail.c
--- usr.sbin/jail/jail.c 27 Jun 2004 10:10:16 -0000 1.16
+++ usr.sbin/jail/jail.c 14 Jul 2004 17:49:51 -0000
@@ -13,9 +13,12 @@
#include <sys/param.h>
#include <sys/jail.h>
+#include <sys/types.h>
+#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+
#include <err.h>
#include <errno.h>
#include <grp.h>
@@ -50,14 +53,18 @@
login_cap_t *lcap;
struct jail j;
struct passwd *pwd;
- struct in_addr in;
+ int jid = 0;
int ch, groups[NGROUPS], i, iflag, ngroups, uflag, Uflag;
char path[PATH_MAX], *username;
+ char *address;
+ int add = 0;
+ int del = 0;
+
iflag = uflag = Uflag = 0;
username = NULL;
- while ((ch = getopt(argc, argv, "iu:U:")) != -1) {
+ while ((ch = getopt(argc, argv, "iu:U:j:a:d:")) != -1) {
switch (ch) {
case 'i':
iflag = 1;
@@ -70,14 +77,49 @@
username = optarg;
Uflag = 1;
break;
+ case 'j':
+ jid = atol(optarg);
+ break;
+ case 'a':
+ add = 1;
+ address = optarg;
+ break;
+ case 'd':
+ del = 1;
+ address = optarg;
+ break;
+
default:
usage();
}
}
argc -= optind;
argv += optind;
- if (argc < 4)
+ if ((jid == 0 && argc < 4) ||
+ (jid < 1 && (add || del)) ||
+ (add && del) ||
+ (jid > 0 && !(add || del)))
usage();
+ if (jid > 0) {
+ int function;
+ if (inet_pton(AF_INET, address, &j.u.v2.u.add_del.v4_6.ip4_num) > 0) {
+ function = add ? ADDIP4 : DELIP4;
+ }
+ else if (inet_pton(AF_INET6, address, &j.u.v2.u.add_del.v4_6.ip6_num) > 0) {
+ function = add ? ADDIP6 : DELIP6;
+ }
+ else {
+ err(1, "inet_pton: %s", address);
+ }
+ j.version = XPRISON_VERSION;
+ j.u.v2.function = function;
+ j.u.v2.u.add_del.id = jid;
+ i = jail(&j);
+ if (i == -1)
+ err(1, "jail(%d)", function);
+ exit (0);
+ }
+
if (uflag && Uflag)
usage();
if (uflag)
@@ -87,17 +129,29 @@
if (chdir(path) != 0)
err(1, "chdir: %s", path);
memset(&j, 0, sizeof(j));
- j.version = 0;
- j.path = path;
- j.hostname = argv[1];
- if (inet_aton(argv[2], &in) == 0)
- errx(1, "Could not make sense of ip-number: %s", argv[2]);
- j.ip_number = ntohl(in.s_addr);
+ j.version = XPRISON_VERSION;
+ j.u.v2.function = CREATEJAIL;
+ j.u.v2.u.createjail.path = path;
+ j.u.v2.u.createjail.hostname = argv[1];
+ jid = i = jail(&j);
+ if (i == -1)
+ err(1, "jail(CREATEJAIL)");
+
+ j.version = XPRISON_VERSION;
+ j.u.v2.u.add_del.id = i;
+ j.u.v2.function = ADDIP4;
+ if (inet_pton(AF_INET, address, &j.u.v2.u.add_del.v4_6.ip4_num) <= 0) {
+ j.u.v2.function = ADDIP6;
+ if (inet_pton(AF_INET6, address, &j.u.v2.u.add_del.v4_6.ip6_num) <= 0) {
+ errx(1, "Could not make sense of ip-number: %s", argv[2]);
+ }
+ }
i = jail(&j);
if (i == -1)
- err(1, "jail");
+ err(1, "jail(%d)", j.u.v2.function);
+
if (iflag) {
- printf("%d\n", i);
+ printf("%d\n", jid);
fflush(stdout);
}
if (username != NULL) {
@@ -121,8 +175,7 @@
usage(void)
{
- (void)fprintf(stderr, "%s%s\n",
- "usage: jail [-i] [-u username | -U username]",
- " path hostname ip-number command ...");
- exit(1);
+ (void)fprintf(stderr,
+ "usage: jail [-i] [-u username] [-j id] [[-a [ip4|ip6]|[-d [ip4|ip6]] [path hostname [ip4|ip6] command ...]\n");
+ exit(1);
}
Index: usr.sbin/jls/jls.8
===================================================================
RCS file: /usr/freebsd.cvs/src/usr.sbin/jls/jls.8,v
retrieving revision 1.1
diff -u -r1.1 jls.8
--- usr.sbin/jls/jls.8 9 Apr 2003 03:04:12 -0000 1.1
+++ usr.sbin/jls/jls.8 14 Jul 2004 19:00:53 -0000
@@ -33,10 +33,23 @@
.Nd "list active jails"
.Sh SYNOPSIS
.Nm
+.Op Fl a
+.Op Fl 6
.Sh DESCRIPTION
The
.Nm
utility lists all active jails.
+.Pp
+The options are as follows:
+.Bl -tag -width ".Fl a "
+.It Fl a
+output all ip4 assigments to the jail identifier(JID). Each ip4 gets
+one line in output. If no ip4 address is assigned 0.0.0.0 is the output.
+.It Fl 6
+output ip6 address also a new column is generated between IP Address
+and Hostname. If no ip6 address is assigned :: is the output.
+.El
+.Pp
Each jail is represented by one row which contains the following columns:
jail identifier (JID), IP address, hostname, and path.
.Sh SEE ALSO
Index: usr.sbin/jls/jls.c
===================================================================
RCS file: /usr/freebsd.cvs/src/usr.sbin/jls/jls.c,v
retrieving revision 1.3
diff -u -r1.3 jls.c
--- usr.sbin/jls/jls.c 22 Apr 2003 13:24:56 -0000 1.3
+++ usr.sbin/jls/jls.c 14 Jul 2004 08:37:32 -0000
@@ -30,20 +30,52 @@
#include <sys/jail.h>
#include <sys/sysctl.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <arpa/inet.h>
+
#include <err.h>
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
+#include <unistd.h>
+
+static int
+usage(void)
+{
+ fprintf(stderr, "%s\n%s\n%s\n",
+ "usage: jls [-a] [-6]",
+ " -a output all jail assigned ip addresses",
+ " -6 output includes ipv6 addresses");
+ exit(1);
+}
int
-main(void)
+main(int argc, char **argv)
{
struct xprison *sxp, *xp;
- struct in_addr in;
size_t i, len;
+ int allflag = 0;
+ int ip6flag = 0;
+ int ch;
+
+ while ((ch = getopt(argc, argv, "a6")) != -1) {
+ switch (ch) {
+ case 'a':
+ allflag = 1;
+ break;
+ case '6':
+ ip6flag = 1;
+ break;
+ default:
+ usage();
+ }
+ }
+ argc -= optind;
+ argv += optind;
if (sysctlbyname("security.jail.list", NULL, &len, NULL, 0) == -1)
err(1, "sysctlbyname(): security.jail.list");
@@ -65,11 +97,26 @@
xp->pr_version != XPRISON_VERSION)
errx(1, "Kernel and userland out of sync");
- printf(" JID IP Address Hostname Path\n");
+ if (ip6flag)
+ printf(" JID IP4 Address IP6 Address Hostname Path\n");
+ else
+ printf(" JID IP Address Hostname Path\n");
for (i = 0; i < len / sizeof(*xp); i++) {
- in.s_addr = ntohl(xp->pr_ip);
- printf("%6d %-15.15s %-29.29s %.74s\n",
- xp->pr_id, inet_ntoa(in), xp->pr_host, xp->pr_path);
+ if (allflag || xp->pr4_id == 0) {
+ if (ip6flag) {
+ char buffer[128];
+ printf("%6d %-15.15s %-22.22s %-29.29s %.74s\n",
+ xp->pr_id,
+ inet_ntoa(xp->pr4_num),
+ inet_ntop(AF_INET6, xp->pr6_num.s6_addr, buffer, sizeof(buffer)),
+ xp->pr_host,
+ xp->pr_path);
+ }
+ else {
+ printf("%6d %-15.15s %-29.29s %.74s\n",
+ xp->pr_id, inet_ntoa(xp->pr4_num), xp->pr_host, xp->pr_path);
+ }
+ }
xp++;
}
free(sxp);
More information about the freebsd-bugs
mailing list