misc/89989: Add option to /usr/sbin/jail: -I (ASCII 73) PID to specify tryprid within jail(2)

Lanny Jason Godsey lannygodsey at yahoo.com
Mon Dec 5 19:20:07 GMT 2005


>Number:         89989
>Category:       misc
>Synopsis:       Add option to /usr/sbin/jail: -I (ASCII 73) PID  to specify tryprid within jail(2)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Dec 05 19:20:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Lanny Jason Godsey
>Release:        6.0-RELEASE
>Organization:
>Environment:
FreeBSD ne1.yournix.com 6.0-RELEASE FreeBSD 6.0-RELEASE #6: Mon Dec  5 11:48:50 EST 2005     root at ne1.yournix.com:/usr/obj/usr/src/sys/YOURNIX  i386

>Description:
Add option to /usr/sbin/jail: -I (ASCII 73) PID  to specify tryprid within jail(2)

On my system, I have multiple jails, one for each service.  The bind jail has JID 53, apache JID 80, mysql 3306.

I submitted another patch to allow -J to the JID and other info to a file.  I use these together to help make my life a little easier.

Example: jexec 53 /etc/rc.d/named restart

Forgive me for including my last patch (-J) in here, I'm not sure how to seperate the changes within RELENG_6_0 which I use for /usr/src.  The second set is against HEAD and is UNTESTED.

jail(8) man entry:

-I JID       Request jail start with jail identifier (JID).  Normal
             behavior begins JID with 1.

>How-To-Repeat:
              
>Fix:


-- begin RELENG_6_0 cvs diff -u --
Index: sys/kern/kern_jail.c
===================================================================
RCS file: /usr/ncvs/src/sys/kern/kern_jail.c,v
retrieving revision 1.50
diff -u -r1.50 kern_jail.c
--- sys/kern/kern_jail.c        23 Jun 2005 22:13:28 -0000      1.50
+++ sys/kern/kern_jail.c        5 Dec 2005 17:18:53 -0000
@@ -140,7 +140,12 @@

        /* Determine next pr_id and add prison to allprison list. */
        mtx_lock(&allprison_mtx);
-       tryprid = lastprid + 1;
+       /* Use j.tryprid as starting point if requested. */
+       if (j.tryprid > 1 && j.tryprid < JAIL_MAX) {
+               tryprid = j.tryprid;
+       } else {
+               tryprid = lastprid + 1;
+       }
        if (tryprid == JAIL_MAX)
                tryprid = 1;
 next:
Index: sys/sys/jail.h
===================================================================
RCS file: /usr/ncvs/src/sys/sys/jail.h,v
retrieving revision 1.26
diff -u -r1.26 jail.h
--- sys/sys/jail.h      9 Jun 2005 18:49:19 -0000       1.26
+++ sys/sys/jail.h      5 Dec 2005 14:48:18 -0000
@@ -18,6 +18,7 @@
        char            *path;
        char            *hostname;
        u_int32_t       ip_number;
+       int             tryprid;
 };

 struct xprison {
Index: usr.sbin/jail/jail.8
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.8,v
retrieving revision 1.67.2.3
diff -u -r1.67.2.3 jail.8
--- usr.sbin/jail/jail.8        24 Sep 2005 01:59:39 -0000      1.67.2.3
+++ usr.sbin/jail/jail.8        5 Dec 2005 17:41:55 -0000
@@ -53,6 +53,11 @@
 .Bl -tag -width ".Fl u Ar username"
 .It Fl i
 Output the jail identifier of the newly created jail.
+.It Fl I Ar JID
+Request jail(2) start with jail identifier (JID).  Normal behavior begins JID with 1.
+.It Fl J Ar JidFile
+Write a JidFile, like a PidFile, containing JID, path, hostname, ip and
+command used to start the jail.
 .It Fl l
 Run program in the clean environment.
 The environment is discarded except for
Index: usr.sbin/jail/jail.c
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.c,v
retrieving revision 1.20
diff -u -r1.20 jail.c
--- usr.sbin/jail/jail.c        17 Nov 2004 10:01:48 -0000      1.20
+++ usr.sbin/jail/jail.c        5 Dec 2005 17:24:55 -0000
@@ -54,19 +54,29 @@
        struct passwd *pwd = NULL;
        struct in_addr in;
        gid_t groups[NGROUPS];
-       int ch, i, iflag, lflag, ngroups, uflag, Uflag;
-       char path[PATH_MAX], *username;
+       int ch, i, iflag, Iflag, tryprid, Jflag, lflag, ngroups, uflag, Uflag;
+       char path[PATH_MAX], *username, *JidFile;
        static char *cleanenv;
        const char *shell, *p = NULL;
+       FILE *fp;

-       iflag = lflag = uflag = Uflag = 0;
-       username = cleanenv = NULL;
+       iflag = Iflag = tryprid = Jflag = lflag = uflag = Uflag = 0;
+       username = JidFile = cleanenv = NULL;
+       fp = NULL;

-       while ((ch = getopt(argc, argv, "ilu:U:")) != -1) {
+       while ((ch = getopt(argc, argv, "ilu:U:J:I:")) != -1) {
                switch (ch) {
                case 'i':
                        iflag = 1;
                        break;
+               case 'I':
+                       tryprid = atoi(optarg);
+                       Iflag = 1;
+                       break;
+               case 'J':
+                       JidFile = optarg;
+                       Jflag = 1;
+                       break;
                case 'u':
                        username = optarg;
                        uflag = 1;
@@ -103,6 +113,18 @@
        if (inet_aton(argv[2], &in) == 0)
                errx(1, "Could not make sense of ip-number: %s", argv[2]);
        j.ip_number = ntohl(in.s_addr);
+       if (Iflag) {
+               if (tryprid > 1) {
+                       j.tryprid = tryprid;
+               } else {
+                       errx(1, "Requested JID out of range: %d", tryprid);
+               }
+       }
+       if (Jflag) {
+               fp = fopen(JidFile, "w");
+               if (fp == NULL)
+                       errx(1, "Could not create jid_file: %s", JidFile);
+       }
        i = jail(&j);
        if (i == -1)
                err(1, "jail");
@@ -110,6 +132,15 @@
                printf("%d\n", i);
                fflush(stdout);
        }
+       if (Jflag) {
+               if (fp != NULL) {
+                       fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
+                               i, j.path, j.hostname, argv[2], argv[3]);
+                       (void)fclose(fp);
+               } else {
+                       errx(1, "Could not write jid_file: %s", JidFile);
+               }
+       }
        if (username != NULL) {
                if (Uflag)
                        GET_USER_INFO;
@@ -149,7 +180,7 @@
 {

        (void)fprintf(stderr, "%s%s\n",
-            "usage: jail [-i] [-l -u username | -U username]",
+            "usage: jail [-i] [-I JID] [-J jid_file] [-l -u username | -U username]",
             " path hostname ip-number command ...");
        exit(1);
 }
-- end here --

-- Begin HEAD cvs diff -u here --
Index: sys/kern/kern_jail.c
===================================================================
RCS file: /usr/ncvs/src/sys/kern/kern_jail.c,v
retrieving revision 1.51
diff -u -r1.51 kern_jail.c
--- sys/kern/kern_jail.c        28 Sep 2005 00:30:56 -0000      1.51
+++ sys/kern/kern_jail.c        5 Dec 2005 17:46:19 -0000
@@ -139,7 +139,12 @@

        /* Determine next pr_id and add prison to allprison list. */
        mtx_lock(&allprison_mtx);
-       tryprid = lastprid + 1;
+       /* Use j.tryprid as starting point if requested. */
+       if (j.tryprid > 1 && j.tryprid < JAIL_MAX) {
+               tryprid = j.tryprid;
+       } else {
+               tryprid = lastprid + 1;
+       }
        if (tryprid == JAIL_MAX)
                tryprid = 1;
 next:
Index: sys/sys/jail.h
===================================================================
RCS file: /usr/ncvs/src/sys/sys/jail.h,v
retrieving revision 1.26
diff -u -r1.26 jail.h
--- sys/sys/jail.h      9 Jun 2005 18:49:19 -0000       1.26
+++ sys/sys/jail.h      5 Dec 2005 17:46:27 -0000
@@ -18,6 +18,7 @@
        char            *path;
        char            *hostname;
        u_int32_t       ip_number;
+       int             tryprid;
 };

 struct xprison {
Index: usr.sbin/jail/jail.8
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.8,v
retrieving revision 1.72
diff -u -r1.72 jail.8
--- usr.sbin/jail/jail.8        3 Dec 2005 17:32:39 -0000       1.72
+++ usr.sbin/jail/jail.8        5 Dec 2005 17:46:45 -0000
@@ -54,6 +54,8 @@
 .Bl -tag -width ".Fl u Ar username"
 .It Fl i
 Output the jail identifier of the newly created jail.
+.It Fl I Ar JID
+Request jail(2) start with jail identifier (JID).  Normal behavior begins JID with 1.
 .It Fl J Ar jid_file
 Write a JidFile, like a PidFile, containing jailid, path, hostname, ip and
 command used to start the jail.
Index: usr.sbin/jail/jail.c
===================================================================
RCS file: /usr/ncvs/src/usr.sbin/jail/jail.c,v
retrieving revision 1.21
diff -u -r1.21 jail.c
--- usr.sbin/jail/jail.c        3 Dec 2005 17:32:39 -0000       1.21
+++ usr.sbin/jail/jail.c        5 Dec 2005 17:46:45 -0000
@@ -54,21 +54,25 @@
        struct passwd *pwd = NULL;
        struct in_addr in;
        gid_t groups[NGROUPS];
-       int ch, i, iflag, Jflag, lflag, ngroups, uflag, Uflag;
+       int ch, i, iflag, Iflag, tryprid, Jflag, lflag, ngroups, uflag, Uflag;
        char path[PATH_MAX], *username, *JidFile;
        static char *cleanenv;
        const char *shell, *p = NULL;
        FILE *fp;

-       iflag = Jflag = lflag = uflag = Uflag = 0;
+       iflag = Iflag = tryprid = Jflag = lflag = uflag = Uflag = 0;
        username = JidFile = cleanenv = NULL;
        fp = NULL;

-       while ((ch = getopt(argc, argv, "ilu:U:J:")) != -1) {
+       while ((ch = getopt(argc, argv, "ilu:U:J:I:")) != -1) {
                switch (ch) {
                case 'i':
                        iflag = 1;
                        break;
+               case 'I':
+                       tryprid = atoi(optarg);
+                       Iflag = 1;
+                       break;
                case 'J':
                        JidFile = optarg;
                        Jflag = 1;
@@ -109,6 +113,13 @@
        if (inet_aton(argv[2], &in) == 0)
                errx(1, "Could not make sense of ip-number: %s", argv[2]);
        j.ip_number = ntohl(in.s_addr);
+       if (Iflag) {
+               if (tryprid > 1) {
+                       j.tryprid = tryprid;
+               } else {
+                       errx(1, "Requested JID out of range: %d", tryprid);
+               }
+       }
        if (Jflag) {
                fp = fopen(JidFile, "w");
                if (fp == NULL)
@@ -169,7 +180,7 @@
 {

        (void)fprintf(stderr, "%s%s\n",
-            "usage: jail [-i] [-J jid_file] [-l -u username | -U username]",
+            "usage: jail [-i] [-I JID] [-J jid_file] [-l -u username | -U username]",
             " path hostname ip-number command ...");
        exit(1);
 }
-- end here --


>Release-Note:
>Audit-Trail:
>Unformatted:


More information about the freebsd-bugs mailing list