misc/89989: Add option to /usr/sbin/jail: -I (ASCII 73) PID to
specify tryprid within jail(2)
Lanny Jason Godsey
lannygodsey at yahoo.com
Mon Dec 5 19:20:07 GMT 2005
>Number: 89989
>Category: misc
>Synopsis: Add option to /usr/sbin/jail: -I (ASCII 73) PID to specify tryprid within jail(2)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 05 19:20:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Lanny Jason Godsey
>Release: 6.0-RELEASE
>Organization:
>Environment:
FreeBSD ne1.yournix.com 6.0-RELEASE FreeBSD 6.0-RELEASE #6: Mon Dec 5 11:48:50 EST 2005 root at ne1.yournix.com:/usr/obj/usr/src/sys/YOURNIX i386
>Description:
Add option to /usr/sbin/jail: -I (ASCII 73) PID to specify tryprid within jail(2)
On my system, I have multiple jails, one for each service. The bind jail has JID 53, apache JID 80, mysql 3306.
I submitted another patch to allow -J to the JID and other info to a file. I use these together to help make my life a little easier.
Example: jexec 53 /etc/rc.d/named restart
Forgive me for including my last patch (-J) in here, I'm not sure how to seperate the changes within RELENG_6_0 which I use for /usr/src. The second set is against HEAD and is UNTESTED.
jail(8) man entry:
-I JID Request jail start with jail identifier (JID). Normal
behavior begins JID with 1.
>How-To-Repeat:
>Fix:
-- begin RELENG_6_0 cvs diff -u --
Index: sys/kern/kern_jail.c
===================================================================
RCS file: /usr/ncvs/src/sys/kern/kern_jail.c,v
retrieving revision 1.50
diff -u -r1.50 kern_jail.c
--- sys/kern/kern_jail.c 23 Jun 2005 22:13:28 -0000 1.50
+++ sys/kern/kern_jail.c 5 Dec 2005 17:18:53 -0000
@@ -140,7 +140,12 @@
/* Determine next pr_id and add prison to allprison list. */
mtx_lock(&allprison_mtx);
- tryprid = lastprid + 1;
+ /* Use j.tryprid as starting point if requested. */
+ if (j.tryprid > 1 && j.tryprid < JAIL_MAX) {
+ tryprid = j.tryprid;
+ } else {
+ tryprid = lastprid + 1;
+ }
if (tryprid == JAIL_MAX)
tryprid = 1;
next:
Index: sys/sys/jail.h
===================================================================
RCS file: /usr/ncvs/src/sys/sys/jail.h,v
retrieving revision 1.26
diff -u -r1.26 jail.h
--- sys/sys/jail.h 9 Jun 2005 18:49:19 -0000 1.26
+++ sys/sys/jail.h 5 Dec 2005 14:48:18 -0000
@@ -18,6 +18,7 @@
char *path;
char *hostname;
u_int32_t ip_number;
+ int tryprid;
};
struct xprison {
Index: usr.sbin/jail/jail.8
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.8,v
retrieving revision 1.67.2.3
diff -u -r1.67.2.3 jail.8
--- usr.sbin/jail/jail.8 24 Sep 2005 01:59:39 -0000 1.67.2.3
+++ usr.sbin/jail/jail.8 5 Dec 2005 17:41:55 -0000
@@ -53,6 +53,11 @@
.Bl -tag -width ".Fl u Ar username"
.It Fl i
Output the jail identifier of the newly created jail.
+.It Fl I Ar JID
+Request jail(2) start with jail identifier (JID). Normal behavior begins JID with 1.
+.It Fl J Ar JidFile
+Write a JidFile, like a PidFile, containing JID, path, hostname, ip and
+command used to start the jail.
.It Fl l
Run program in the clean environment.
The environment is discarded except for
Index: usr.sbin/jail/jail.c
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.c,v
retrieving revision 1.20
diff -u -r1.20 jail.c
--- usr.sbin/jail/jail.c 17 Nov 2004 10:01:48 -0000 1.20
+++ usr.sbin/jail/jail.c 5 Dec 2005 17:24:55 -0000
@@ -54,19 +54,29 @@
struct passwd *pwd = NULL;
struct in_addr in;
gid_t groups[NGROUPS];
- int ch, i, iflag, lflag, ngroups, uflag, Uflag;
- char path[PATH_MAX], *username;
+ int ch, i, iflag, Iflag, tryprid, Jflag, lflag, ngroups, uflag, Uflag;
+ char path[PATH_MAX], *username, *JidFile;
static char *cleanenv;
const char *shell, *p = NULL;
+ FILE *fp;
- iflag = lflag = uflag = Uflag = 0;
- username = cleanenv = NULL;
+ iflag = Iflag = tryprid = Jflag = lflag = uflag = Uflag = 0;
+ username = JidFile = cleanenv = NULL;
+ fp = NULL;
- while ((ch = getopt(argc, argv, "ilu:U:")) != -1) {
+ while ((ch = getopt(argc, argv, "ilu:U:J:I:")) != -1) {
switch (ch) {
case 'i':
iflag = 1;
break;
+ case 'I':
+ tryprid = atoi(optarg);
+ Iflag = 1;
+ break;
+ case 'J':
+ JidFile = optarg;
+ Jflag = 1;
+ break;
case 'u':
username = optarg;
uflag = 1;
@@ -103,6 +113,18 @@
if (inet_aton(argv[2], &in) == 0)
errx(1, "Could not make sense of ip-number: %s", argv[2]);
j.ip_number = ntohl(in.s_addr);
+ if (Iflag) {
+ if (tryprid > 1) {
+ j.tryprid = tryprid;
+ } else {
+ errx(1, "Requested JID out of range: %d", tryprid);
+ }
+ }
+ if (Jflag) {
+ fp = fopen(JidFile, "w");
+ if (fp == NULL)
+ errx(1, "Could not create jid_file: %s", JidFile);
+ }
i = jail(&j);
if (i == -1)
err(1, "jail");
@@ -110,6 +132,15 @@
printf("%d\n", i);
fflush(stdout);
}
+ if (Jflag) {
+ if (fp != NULL) {
+ fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
+ i, j.path, j.hostname, argv[2], argv[3]);
+ (void)fclose(fp);
+ } else {
+ errx(1, "Could not write jid_file: %s", JidFile);
+ }
+ }
if (username != NULL) {
if (Uflag)
GET_USER_INFO;
@@ -149,7 +180,7 @@
{
(void)fprintf(stderr, "%s%s\n",
- "usage: jail [-i] [-l -u username | -U username]",
+ "usage: jail [-i] [-I JID] [-J jid_file] [-l -u username | -U username]",
" path hostname ip-number command ...");
exit(1);
}
-- end here --
-- Begin HEAD cvs diff -u here --
Index: sys/kern/kern_jail.c
===================================================================
RCS file: /usr/ncvs/src/sys/kern/kern_jail.c,v
retrieving revision 1.51
diff -u -r1.51 kern_jail.c
--- sys/kern/kern_jail.c 28 Sep 2005 00:30:56 -0000 1.51
+++ sys/kern/kern_jail.c 5 Dec 2005 17:46:19 -0000
@@ -139,7 +139,12 @@
/* Determine next pr_id and add prison to allprison list. */
mtx_lock(&allprison_mtx);
- tryprid = lastprid + 1;
+ /* Use j.tryprid as starting point if requested. */
+ if (j.tryprid > 1 && j.tryprid < JAIL_MAX) {
+ tryprid = j.tryprid;
+ } else {
+ tryprid = lastprid + 1;
+ }
if (tryprid == JAIL_MAX)
tryprid = 1;
next:
Index: sys/sys/jail.h
===================================================================
RCS file: /usr/ncvs/src/sys/sys/jail.h,v
retrieving revision 1.26
diff -u -r1.26 jail.h
--- sys/sys/jail.h 9 Jun 2005 18:49:19 -0000 1.26
+++ sys/sys/jail.h 5 Dec 2005 17:46:27 -0000
@@ -18,6 +18,7 @@
char *path;
char *hostname;
u_int32_t ip_number;
+ int tryprid;
};
struct xprison {
Index: usr.sbin/jail/jail.8
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.8,v
retrieving revision 1.72
diff -u -r1.72 jail.8
--- usr.sbin/jail/jail.8 3 Dec 2005 17:32:39 -0000 1.72
+++ usr.sbin/jail/jail.8 5 Dec 2005 17:46:45 -0000
@@ -54,6 +54,8 @@
.Bl -tag -width ".Fl u Ar username"
.It Fl i
Output the jail identifier of the newly created jail.
+.It Fl I Ar JID
+Request jail(2) start with jail identifier (JID). Normal behavior begins JID with 1.
.It Fl J Ar jid_file
Write a JidFile, like a PidFile, containing jailid, path, hostname, ip and
command used to start the jail.
Index: usr.sbin/jail/jail.c
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.c,v
retrieving revision 1.21
diff -u -r1.21 jail.c
--- usr.sbin/jail/jail.c 3 Dec 2005 17:32:39 -0000 1.21
+++ usr.sbin/jail/jail.c 5 Dec 2005 17:46:45 -0000
@@ -54,21 +54,25 @@
struct passwd *pwd = NULL;
struct in_addr in;
gid_t groups[NGROUPS];
- int ch, i, iflag, Jflag, lflag, ngroups, uflag, Uflag;
+ int ch, i, iflag, Iflag, tryprid, Jflag, lflag, ngroups, uflag, Uflag;
char path[PATH_MAX], *username, *JidFile;
static char *cleanenv;
const char *shell, *p = NULL;
FILE *fp;
- iflag = Jflag = lflag = uflag = Uflag = 0;
+ iflag = Iflag = tryprid = Jflag = lflag = uflag = Uflag = 0;
username = JidFile = cleanenv = NULL;
fp = NULL;
- while ((ch = getopt(argc, argv, "ilu:U:J:")) != -1) {
+ while ((ch = getopt(argc, argv, "ilu:U:J:I:")) != -1) {
switch (ch) {
case 'i':
iflag = 1;
break;
+ case 'I':
+ tryprid = atoi(optarg);
+ Iflag = 1;
+ break;
case 'J':
JidFile = optarg;
Jflag = 1;
@@ -109,6 +113,13 @@
if (inet_aton(argv[2], &in) == 0)
errx(1, "Could not make sense of ip-number: %s", argv[2]);
j.ip_number = ntohl(in.s_addr);
+ if (Iflag) {
+ if (tryprid > 1) {
+ j.tryprid = tryprid;
+ } else {
+ errx(1, "Requested JID out of range: %d", tryprid);
+ }
+ }
if (Jflag) {
fp = fopen(JidFile, "w");
if (fp == NULL)
@@ -169,7 +180,7 @@
{
(void)fprintf(stderr, "%s%s\n",
- "usage: jail [-i] [-J jid_file] [-l -u username | -U username]",
+ "usage: jail [-i] [-I JID] [-J jid_file] [-l -u username | -U username]",
" path hostname ip-number command ...");
exit(1);
}
-- end here --
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list