Hierarchical jails (user side)

Jamie Gritton jamie at FreeBSD.org
Sat May 9 06:53:31 UTC 2009


These are the extended versions of jail and jls to handle the
arbitrary name-value pairs, as well as small changes to jexec and
killall.  There's actually nothing hierarchical about these programs,
they just allow setting the parameters necessary to allow hierarchical
prisons.  They also include a bit of text in jail(8) about hierarchical
jails and what's necessary to set them up.

This might look familiar - it's excactly the same patches I posted
a few days back, with the except of the jail(8) man page.

I'd appreciate if anyone who's interested in hierarchical jails, or
in the new jail subsystem, or in vimage (which will soon merge with
this) could try out these patches and give a bit of feedback.

- Jamie
-------------- next part --------------
Index: usr.bin/killall/killall.1
===================================================================
--- usr.bin/killall/killall.1	(revision 191896)
+++ usr.bin/killall/killall.1	(working copy)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 9, 2007
+.Dd April 30, 2009
 .Os
 .Dt KILLALL 1
 .Sh NAME
@@ -34,7 +34,7 @@
 .Nm
 .Op Fl delmsvz
 .Op Fl help
-.Op Fl j Ar jid
+.Op Fl j Ar jail
 .Op Fl u Ar user
 .Op Fl t Ar tty
 .Op Fl c Ar procname
@@ -91,9 +91,9 @@
 (with or without a leading
 .Dq Li SIG ) ,
 or numerically.
-.It Fl j Ar jid
-Kill processes in the jail specified by
-.Ar jid .
+.It Fl j Ar jail
+Kill processes in the specified
+.Ar jail .
 .It Fl u Ar user
 Limit potentially matching processes to those belonging to
 the specified
Index: usr.bin/killall/killall.c
===================================================================
--- usr.bin/killall/killall.c	(revision 191896)
+++ usr.bin/killall/killall.c	(working copy)
@@ -31,6 +31,7 @@
 #include <sys/param.h>
 #include <sys/jail.h>
 #include <sys/stat.h>
+#include <sys/uio.h>
 #include <sys/user.h>
 #include <sys/sysctl.h>
 #include <fcntl.h>
@@ -51,7 +52,7 @@
 usage(void)
 {
 
-	fprintf(stderr, "usage: killall [-delmsvz] [-help] [-j jid]\n");
+	fprintf(stderr, "usage: killall [-delmsvz] [-help] [-j jail]\n");
 	fprintf(stderr,
 	    "               [-u user] [-t tty] [-c cmd] [-SIGNAL] [cmd]...\n");
 	fprintf(stderr, "At least one option or argument to specify processes must be given.\n");
@@ -100,6 +101,7 @@
 int
 main(int ac, char **av)
 {
+	struct iovec	jparams[2];
 	struct kinfo_proc *procs = NULL, *newprocs;
 	struct stat	sb;
 	struct passwd	*pw;
@@ -159,12 +161,21 @@
 				}
 				jflag++;
 				if (*av == NULL)
-				    	errx(1, "must specify jid");
-				jid = strtol(*av, &ep, 10);
-				if (!*av || *ep)
-					errx(1, "illegal jid: %s", *av);
+				    	errx(1, "must specify jail");
+				jid = strtoul(*av, &ep, 10);
+				if (!**av || *ep) {
+					*(const void **)&jparams[0].iov_base =
+					    "name";
+					jparams[0].iov_len = sizeof("name");
+					jparams[1].iov_base = *av;
+					jparams[1].iov_len = strlen(*av) + 1;
+					jid = jail_get(jparams, 2, 0);
+					if (jid < 0)
+						errx(1, "unknown jail: %s",
+						    *av);
+				}
 				if (jail_attach(jid) == -1)
-					err(1, "jail_attach(): %d", jid);
+					err(1, "jail_attach(%d)", jid);
 				break;
 			case 'u':
 				++*av;
Index: usr.sbin/jls/jls.c
===================================================================
--- usr.sbin/jls/jls.c	(revision 191896)
+++ usr.sbin/jls/jls.c	(working copy)
@@ -1,6 +1,7 @@
 /*-
  * Copyright (c) 2003 Mike Barcroft <mike at FreeBSD.org>
  * Copyright (c) 2008 Bjoern A. Zeeb <bz at FreeBSD.org>
+ * Copyright (c) 2009 James Gritton <jamie at FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -23,18 +24,20 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- *
- * $FreeBSD$
  */
 
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
 #include <sys/param.h>
-#include <sys/types.h>
 #include <sys/jail.h>
+#include <sys/socket.h>
 #include <sys/sysctl.h>
+#include <sys/uio.h>
 
-#include <sys/socket.h>
+#include <arpa/inet.h>
 #include <netinet/in.h>
-#include <arpa/inet.h>
+
 #include <err.h>
 #include <errno.h>
 #include <limits.h>
@@ -43,215 +46,672 @@
 #include <string.h>
 #include <unistd.h>
 
-#define	FLAG_A		0x00001
-#define	FLAG_V		0x00002
+#define	SJPARAM		"security.jail.param"
+#define	ARRAY_SLOP	5
 
-#ifdef SUPPORT_OLD_XPRISON
-static
-char *print_xprison_v1(void *p, char *end, unsigned flags)
+#define	CTLTYPE_BOOL	(CTLTYPE + 1)
+#define	CTLTYPE_NOBOOL	(CTLTYPE + 2)
+#define	CTLTYPE_IPADDR	(CTLTYPE + 3)
+#define	CTLTYPE_IP6ADDR	(CTLTYPE + 4)
+
+#define	PARAM_KEY	0x1
+#define	PARAM_USER	0x2
+#define	PARAM_ARRAY	0x4
+#define	PARAM_OPT	0x8
+
+#define	PRINT_DEFAULT	0x01
+#define	PRINT_VDEFAULT	0x02
+#define	PRINT_HEADER	0x04
+#define	PRINT_NAMEVAL	0x08
+#define	PRINT_QUOTED	0x10
+
+struct param {
+	char	*name;
+	void	*value;
+	size_t	 size;
+	int	 type;
+	unsigned flags;
+};
+
+struct iovec2 {
+	struct iovec	name;
+	struct iovec	value;
+};
+
+static struct param *params;
+static int nparams;
+static char errmsg[256];
+
+static void add_param(const char *name, void *value, unsigned flags);
+static int get_param(const char *name, struct param *param);
+static int sort_param(const void *a, const void *b);
+static char *noname(const char *name);
+static char *nononame(const char *name);
+static int print_jail(int pflags, int jflags);
+static void quoted_print(char *str, int len);
+
+int
+main(int argc, char **argv)
 {
-	struct xprison_v1 *xp;
-	struct in_addr in;
+	char *ep, *jname;
+	int c, i, jflags, jid, lastjid, pflags;
 
-	if ((char *)p + sizeof(struct xprison_v1) > end)
-		errx(1, "Invalid length for jail");
+	jname = NULL;
+	pflags = jflags = jid = 0;
+	while ((c = getopt(argc, argv, "dj:hnqv")) >= 0)
+		switch (c) {
+		case 'd':
+			jflags |= JAIL_DYING;
+			break;
+		case 'j':
+			jid = strtoul(optarg, &ep, 10);
+			if (!*optarg || *ep)
+				jname = optarg;
+			break;
+		case 'h':
+			pflags |= PRINT_HEADER;
+			break;
+		case 'n':
+			pflags |= PRINT_NAMEVAL;
+			break;
+		case 'q':
+			pflags |= PRINT_QUOTED;
+			break;
+		case 'v':
+			pflags |= PRINT_VDEFAULT;
+			break;
+		default:
+			errx(1, "usage: jls [-dhnqv] [-j jail] [param ...]");
+		}
 
-	xp = (struct xprison_v1 *)p;
-	if (flags & FLAG_V) {
-		printf("%6d  %-29.29s %.74s\n",
-			xp->pr_id, xp->pr_host, xp->pr_path);
-		/* We are not printing an empty line here for state and name. */
-		/* We are not printing an empty line here for cpusetid. */
-		/* IPv4 address. */
-		in.s_addr = htonl(xp->pr_ip);
-		printf("%6s  %-15.15s\n", "", inet_ntoa(in));
+	/* Add the parameters to print. */
+	if (optind == argc) {
+		if (pflags & PRINT_VDEFAULT) {
+			add_param("jid", NULL, PARAM_USER);
+			add_param("host.hostname", NULL, PARAM_USER);
+			add_param("path", NULL, PARAM_USER);
+			add_param("name", NULL, PARAM_USER);
+			add_param("dying", NULL, PARAM_USER);
+			add_param("cpuset", NULL, PARAM_USER);
+			add_param("ip4.addr", NULL, PARAM_USER);
+			add_param("ip6.addr", NULL, PARAM_USER | PARAM_OPT);
+		} else {
+			pflags |= PRINT_DEFAULT;
+			add_param("jid", NULL, PARAM_USER);
+			add_param("ip4.addr", NULL, PARAM_USER);
+			add_param("host.hostname", NULL, PARAM_USER);
+			add_param("path", NULL, PARAM_USER);
+		}
+	} else
+		while (optind < argc)
+			add_param(argv[optind++], NULL, PARAM_USER);
+
+	/* Add the index key and errmsg parameters. */
+	if (jid != 0)
+		add_param("jid", &jid, PARAM_KEY);
+	else if (jname != NULL)
+		add_param("name", jname, PARAM_KEY);
+	else
+		add_param("lastjid", &lastjid, PARAM_KEY);
+	add_param("errmsg", errmsg, PARAM_KEY);
+
+	/* Print a header line if requested. */
+	if (pflags & PRINT_VDEFAULT)
+		printf("   JID  Hostname                      Path\n"
+		       "        Name                          State\n"
+		       "        CPUSetID\n"
+		       "        IP Address(es)\n");
+	else if (pflags & PRINT_DEFAULT)
+		printf("   JID  IP Address      "
+		       "Hostname                      Path\n");
+	else if (pflags & PRINT_HEADER) {
+		for (i = 0; i < nparams; i++)
+			if (params[i].flags & PARAM_USER) {
+				if (i > 0)
+					putchar(' ');
+				fputs(params[i].name, stdout);
+			}
+		putchar('\n');
+	}
+
+	/* Fetch the jail(s) and print the paramters. */
+	if (jid != 0 || jname != NULL) {
+		if (print_jail(pflags, jflags) < 0) {
+			if (errmsg[0])
+				errx(1, "%s", errmsg);
+			err(1, "jail_get");
+		}
 	} else {
-		printf("%6d  %-15.15s %-29.29s %.74s\n",
-		    xp->pr_id, inet_ntoa(in), xp->pr_host, xp->pr_path);
+		for (lastjid = 0;
+		     (lastjid = print_jail(pflags, jflags)) >= 0; )
+			;
+		if (errno != 0 && errno != ENOENT) {
+			if (errmsg[0])
+				errx(1, "%s", errmsg);
+			err(1, "jail_get");
+		}
 	}
 
-	return ((char *)(xp + 1));
+	return (0);
 }
-#endif
 
-static
-char *print_xprison_v3(void *p, char *end, unsigned flags)
+static void
+add_param(const char *name, void *value, unsigned flags)
 {
-	struct xprison *xp;
-	struct in_addr *iap, in;
-	struct in6_addr *ia6p;
-	char buf[INET6_ADDRSTRLEN];
-	const char *state;
-	char *q;
-	uint32_t i;
+	struct param *param;
+	char *nname;
+	size_t mlen1, mlen2, buflen;
+	int mib1[CTL_MAXNAME], mib2[CTL_MAXNAME - 2];
+	int i, tnparams;
+	char buf[MAXPATHLEN];
 
-	if ((char *)p + sizeof(struct xprison) > end)
-		errx(1, "Invalid length for jail");
-	xp = (struct xprison *)p;
+	static int paramlistsize;
 
-	if (xp->pr_state < 0 || xp->pr_state >= (int)
-	    ((sizeof(prison_states) / sizeof(struct prison_state))))
-		state = "(bogus)";
-	else
-		state = prison_states[xp->pr_state].state_name;
+	/* The pseudo-parameter "all" scans the list of available parameters. */
+	if (!strcmp(name, "all")) {
+		tnparams = nparams;
+		mib1[0] = 0;
+		mib1[1] = 2;
+		mlen1 = CTL_MAXNAME - 2;
+		if (sysctlnametomib(SJPARAM, mib1 + 2, &mlen1) < 0)
+			err(1, "sysctlnametomib(" SJPARAM ")");
+		for (;;) {
+			/* Get the next parameter. */
+			mlen2 = sizeof(mib2);
+			if (sysctl(mib1, mlen1 + 2, mib2, &mlen2, NULL, 0) < 0)
+				err(1, "sysctl(0.2)");
+			if (mib2[0] != mib1[2] || mib2[1] != mib1[3] ||
+			    mib2[2] != mib1[4])
+				break;
+			/* Convert it to an ascii name. */
+			memcpy(mib1 + 2, mib2, mlen2);
+			mlen1 = mlen2 / sizeof(int);
+			mib1[1] = 1;
+			buflen = sizeof(buf);
+			if (sysctl(mib1, mlen1 + 2, buf, &buflen, NULL, 0) < 0)
+				err(1, "sysctl(0.1)");
+			add_param(buf + sizeof(SJPARAM), NULL, flags);
+			/*
+			 * Convert nobool parameters to bool if their
+			 * counterpart is a node, ortherwise discard them.
+			 */
+			param = &params[nparams - 1];
+			if (param->type == CTLTYPE_NOBOOL) {
+				nname = nononame(param->name);
+				if (get_param(nname, param) >= 0 &&
+				    param->type != CTLTYPE_NODE) {
+					free(nname);
+					nparams--;
+				} else {
+					free(param->name);
+					param->name = nname;
+					param->type = CTLTYPE_BOOL;
+					param->size = sizeof(int);
+					param->value = NULL;
+				}
+			}
+			mib1[1] = 2;
+		}
 
-	/* See if we should print non-ACTIVE jails. No? */
-	if ((flags & FLAG_A) == 0 && strcmp(state, "ALIVE")) {
-		q = (char *)(xp + 1);
-		q += (xp->pr_ip4s * sizeof(struct in_addr));
-		if (q > end)
-			errx(1, "Invalid length for jail");
-		q += (xp->pr_ip6s * sizeof(struct in6_addr));
-		if (q > end)
-			errx(1, "Invalid length for jail");
-		return (q);
+		qsort(params + tnparams, (size_t)(nparams - tnparams),
+		    sizeof(struct param), sort_param);
+		return;
 	}
 
-	if (flags & FLAG_V)
-		printf("%6d  %-29.29s %.74s\n",
-			xp->pr_id, xp->pr_host, xp->pr_path);
+	/* Check for repeat parameters. */
+	for (i = 0; i < nparams; i++)
+		if (!strcmp(name, params[i].name)) {
+			params[i].value = value;
+			params[i].flags |= flags;
+			return;
+		}
 
-	/* Jail state and name. */
-	if (flags & FLAG_V)
-		printf("%6s  %-29.29s %.74s\n",
-		    "", (xp->pr_name[0] != '\0') ? xp->pr_name : "", state);
+	/* Make sure there is room for the new param record. */
+	if (!nparams) {
+		paramlistsize = 32;
+		params = malloc(paramlistsize * sizeof(*params));
+		if (params == NULL)
+			err(1, "malloc");
+	} else if (nparams >= paramlistsize) {
+		paramlistsize *= 2;
+		params = realloc(params, paramlistsize * sizeof(*params));
+		if (params == NULL)
+			err(1, "realloc");
+	}
 
-	/* cpusetid. */
-	if (flags & FLAG_V)
-		printf("%6s  %-6d\n",
-		    "", xp->pr_cpusetid);
+	/* Look up the parameter. */
+	param = params + nparams++;
+	memset(param, 0, sizeof *param);
+	param->name = strdup(name);
+	if (param->name == NULL)
+		err(1, "strdup");
+	param->flags = flags;
+	/* We have to know about pseudo-parameters without asking. */
+	if (!strcmp(param->name, "lastjid")) {
+		param->type = CTLTYPE_INT;
+		param->size = sizeof(int);
+		goto got_type;
+	}
+	if (!strcmp(param->name, "errmsg")) {
+		param->type = CTLTYPE_STRING;
+		param->size = sizeof(errmsg);
+		goto got_type;
+	}
+	if (get_param(name, param) < 0) {
+		if (errno != ENOENT)
+			err(1, "sysctl(0.3.%s)", name);
+		/* See if this the "no" part of an existing boolean. */
+		if ((nname = nononame(name))) {
+			i = get_param(nname, param);
+			free(nname);
+			if (i >= 0 && param->type == CTLTYPE_BOOL) {
+				param->type = CTLTYPE_NOBOOL;
+				goto got_type;
+			}
+		}
+		if (flags & PARAM_OPT) {
+			nparams--;
+			return;
+		}
+		errx(1, "unknown parameter: %s", name);
+	}
+	if (param->type == CTLTYPE_NODE) {
+		/*
+		 * A node isn't normally a parameter, but may be a boolean
+		 * if its "no" counterpart exists.
+		 */
+		nname = noname(name);
+		i = get_param(nname, param);
+		free(nname);
+		if (i >= 0 && param->type == CTLTYPE_NOBOOL) {
+			param->type = CTLTYPE_BOOL;
+			goto got_type;
+		}
+		errx(1, "unknown parameter: %s", name);
+	}
 
-	q = (char *)(xp + 1);
-	/* IPv4 addresses. */
-	iap = (struct in_addr *)(void *)q;
-	q += (xp->pr_ip4s * sizeof(struct in_addr));
-	if (q > end)
-		errx(1, "Invalid length for jail");
-	in.s_addr = 0;
-	for (i = 0; i < xp->pr_ip4s; i++) {
-		if (i == 0 || flags & FLAG_V)
-			in.s_addr = iap[i].s_addr;
-		if (flags & FLAG_V)
-			printf("%6s  %-15.15s\n", "", inet_ntoa(in));
+ got_type:
+	param->value = value;
+}
+
+static int
+get_param(const char *name, struct param *param)
+{
+	char *bufi, *p;
+	size_t buflen, mlen;
+	int mib[CTL_MAXNAME];
+	char buf[MAXPATHLEN];
+
+	/* Look up the MIB. */
+	mib[0] = 0;
+	mib[1] = 3;
+	snprintf(buf, sizeof(buf), SJPARAM ".%s", name);
+	mlen = sizeof(mib) - 2 * sizeof(int);
+	if (sysctl(mib, 2, mib + 2, &mlen, buf, strlen(buf)) < 0)
+		return (-1);
+	/* Get the type and size. */
+	mib[1] = 4;
+	buflen = sizeof(buf);
+	if (sysctl(mib, (mlen / sizeof(int)) + 2, buf, &buflen, NULL, 0) < 0)
+		err(1, "sysctl(0.4.%s)", name);
+	param->type = *(int *)buf & CTLTYPE;
+	bufi = buf + sizeof(int);
+	p = strchr(bufi, '\0');
+	if (p - 2 >= bufi && !strcmp(p - 2, ",a")) {
+		p[-2] = 0;
+		param->flags |= PARAM_ARRAY;
 	}
-	/* IPv6 addresses. */
-	ia6p = (struct in6_addr *)(void *)q;
-	q += (xp->pr_ip6s * sizeof(struct in6_addr));
-	if (q > end)
-		errx(1, "Invalid length for jail");
-	for (i = 0; i < xp->pr_ip6s; i++) {
-		if (flags & FLAG_V) {
-			inet_ntop(AF_INET6, &ia6p[i], buf, sizeof(buf));
-			printf("%6s  %s\n", "", buf);
+	switch (param->type) {
+	case CTLTYPE_INT:
+		/* An integer parameter might be a boolean. */
+		if (bufi[0] == 'B')
+			param->type = bufi[1] == 'N'
+			    ? CTLTYPE_NOBOOL : CTLTYPE_BOOL;
+	case CTLTYPE_UINT:
+		param->size = sizeof(int);
+		break;
+	case CTLTYPE_LONG:
+	case CTLTYPE_ULONG:
+		param->size = sizeof(long);
+		break;
+	case CTLTYPE_STRUCT:
+		if (!strcmp(bufi, "S,in_addr")) {
+			param->type = CTLTYPE_IPADDR;
+			param->size = sizeof(struct in_addr);
+		} else if (!strcmp(bufi, "S,in6_addr")) {
+			param->type = CTLTYPE_IP6ADDR;
+			param->size = sizeof(struct in6_addr);
 		}
+		break;
+	case CTLTYPE_STRING:
+		buf[0] = 0;
+		sysctl(mib + 2, mlen / sizeof(int), buf, &buflen, NULL, 0);
+		param->size = strtoul(buf, NULL, 10);
+		if (param->size == 0)
+			param->size = BUFSIZ;
 	}
+	return (0);
+}
 
-	/* If requested print the old style single line version. */
-	if (!(flags & FLAG_V))
-		printf("%6d  %-15.15s %-29.29s %.74s\n",
-		    xp->pr_id, (in.s_addr) ? inet_ntoa(in) : "",
-		    xp->pr_host, xp->pr_path);
+static int
+sort_param(const void *a, const void *b)
+{
+	const struct param *parama, *paramb;
+	char *ap, *bp;
 
-	return (q);
+	/* Put top-level parameters first. */
+	parama = a;
+	paramb = b;
+	ap = strchr(parama->name, '.');
+	bp = strchr(paramb->name, '.');
+	if (ap && !bp)
+		return (1);
+	if (bp && !ap)
+		return (-1);
+	return (strcmp(parama->name, paramb->name));
 }
 
-static void
-usage(void)
+static char *
+noname(const char *name)
 {
+	char *nname, *p;
 
-	(void)fprintf(stderr, "usage: jls [-av]\n");
-	exit(1);
+	nname = malloc(strlen(name) + 3);
+	if (nname == NULL)
+		err(1, "malloc");
+	p = strrchr(name, '.');
+	if (p != NULL)
+		sprintf(nname, "%.*s.no%s", p - name, name, p + 1);
+	else
+		sprintf(nname, "no%s", name);
+	return nname;
 }
 
-int
-main(int argc, char *argv[])
-{ 
-	int ch, version;
-	unsigned flags;
-	size_t i, j, len;
-	void *p, *q;
+static char *
+nononame(const char *name)
+{
+	char *nname, *p;
 
-	flags = 0;
-	while ((ch = getopt(argc, argv, "av")) != -1) {
-		switch (ch) {
-		case 'a':
-			flags |= FLAG_A;
-			break;
-		case 'v':
-			flags |= FLAG_V;
-			break;
-		default:
-			usage();
-		}
-	}
-	argc -= optind;
-	argv += optind;
+	p = strrchr(name, '.');
+	if (strncmp(p ? p + 1 : name, "no", 2))
+		return NULL;
+	nname = malloc(strlen(name) - 1);
+	if (nname == NULL)
+		err(1, "malloc");
+	if (p != NULL)
+		sprintf(nname, "%.*s.%s", p - name, name, p + 3);
+	else
+		strcpy(nname, name + 2);
+	return nname;
+}
 
-	if (sysctlbyname("security.jail.list", NULL, &len, NULL, 0) == -1)
-		err(1, "sysctlbyname(): security.jail.list");
+static int
+print_jail(int pflags, int jflags)
+{
+	char *nname;
+	int i, ai, jid, count, sanity;
+	char ipbuf[INET6_ADDRSTRLEN];
 
-	j = len;
-	for (i = 0; i < 4; i++) {
-		if (len <= 0)
-			exit(0);	
-		p = q = malloc(len);
-		if (p == NULL)
-			err(1, "malloc()");
+	static struct iovec2 *iov, *aiov;
+	static int narray, nkey;
 
-		if (sysctlbyname("security.jail.list", q, &len, NULL, 0) == -1) {
-			if (errno == ENOMEM) {
-				free(p);
-				p = NULL;
-				len += j;
+	/* Set up the parameter list(s) the first time around. */
+	if (iov == NULL) {
+		iov = malloc(nparams * sizeof(struct iovec2));
+		if (iov == NULL)
+			err(1, "malloc");
+		for (i = narray = 0; i < nparams; i++) {
+			iov[i].name.iov_base = params[i].name;
+			iov[i].name.iov_len = strlen(params[i].name) + 1;
+			iov[i].value.iov_base = params[i].value;
+			iov[i].value.iov_len =
+			    params[i].type == CTLTYPE_STRING &&
+			    params[i].value != NULL &&
+			    ((char *)params[i].value)[0] != '\0'
+			    ? strlen(params[i].value) + 1 : params[i].size;
+			if (params[i].flags & (PARAM_KEY | PARAM_ARRAY)) {
+				narray++;
+				if (params[i].flags & PARAM_KEY)
+					nkey++;
+			}
+		}
+		if (narray > nkey) {
+			aiov = malloc(narray * sizeof(struct iovec2));
+			if (aiov == NULL)
+				err(1, "malloc");
+			for (i = ai = 0; i < nparams; i++)
+				if (params[i].flags &
+				    (PARAM_KEY | PARAM_ARRAY))
+					aiov[ai++] = iov[i];
+		}
+	}
+	/* If there are array parameters, find their sizes. */
+	if (aiov != NULL) {
+		for (ai = 0; ai < narray; ai++)
+			if (aiov[ai].value.iov_base == NULL)
+				aiov[ai].value.iov_len = 0;
+		if (jail_get((struct iovec *)aiov, 2 * narray, jflags) < 0)
+			return (-1);
+	}
+	/* Allocate storage for all parameters. */
+	for (i = ai = 0; i < nparams; i++) {
+		if (params[i].flags & (PARAM_KEY | PARAM_ARRAY)) {
+			if (params[i].flags & PARAM_ARRAY) {
+				iov[i].value.iov_len = aiov[ai].value.iov_len +
+				    ARRAY_SLOP * params[i].size;
+				iov[i].value.iov_base =
+				    malloc(iov[i].value.iov_len);
+			}
+			ai++;
+		} else
+			iov[i].value.iov_base = malloc(params[i].size);
+		if (iov[i].value.iov_base == NULL)
+			err(1, "malloc");
+		if (params[i].value == NULL)
+			memset(iov[i].value.iov_base, 0, iov[i].value.iov_len);
+	}
+	/*
+	 * Get the actual prison.  If there are array elements, retry a few
+	 * times in case the size changed from under us.
+	 */
+	if ((jid = jail_get((struct iovec *)iov, 2 * nparams, jflags)) < 0) {
+		if (errno != EINVAL || aiov == NULL || errmsg[0])
+			return (-1);
+		for (sanity = 0;; sanity++) {
+			if (sanity == 10)
+				return (-1);
+			for (ai = 0; ai < narray; ai++)
+				if (params[i].flags & PARAM_ARRAY)
+					aiov[ai].value.iov_len = 0;
+			if (jail_get((struct iovec *)iov, 2 * narray, jflags) <
+			    0)
+				return (-1);
+			for (i = ai = 0; i < nparams; i++) {
+				if (!(params[i].flags &
+				    (PARAM_KEY | PARAM_ARRAY)))
+					continue;
+				if (params[i].flags & PARAM_ARRAY) {
+					iov[i].value.iov_len =
+					    aiov[ai].value.iov_len +
+					    ARRAY_SLOP * params[i].size;
+					iov[i].value.iov_base =
+					    realloc(iov[i].value.iov_base,
+					    iov[i].value.iov_len);
+					if (iov[i].value.iov_base == NULL)
+						err(1, "malloc");
+				}
+				ai++;
+			}
+		}
+	}
+	if (pflags & PRINT_VDEFAULT) {
+		printf("%6d  %-29.29s %.74s\n"
+		       "%6s  %-29.29s %.74s\n"
+		       "%6s  %-6d\n",
+		    *(int *)iov[0].value.iov_base,
+		    (char *)iov[1].value.iov_base,
+		    (char *)iov[2].value.iov_base,
+		    "",
+		    (char *)iov[3].value.iov_base,
+		    *(int *)iov[4].value.iov_base ? "DYING" : "ACTIVE",
+		    "",
+		    *(int *)iov[5].value.iov_base);
+		count = iov[6].value.iov_len / sizeof(struct in_addr);
+		for (ai = 0; ai < count; ai++)
+			if (inet_ntop(AF_INET,
+			    &((struct in_addr *)iov[6].value.iov_base)[ai],
+			    ipbuf, sizeof(ipbuf)) == NULL)
+				err(1, "inet_ntop");
+			else
+				printf("%6s  %-15.15s\n", "", ipbuf);
+		if (!strcmp(params[7].name, "ip6.addr")) {
+			count = iov[7].value.iov_len / sizeof(struct in6_addr);
+			for (ai = 0; ai < count; ai++)
+				if (inet_ntop(AF_INET6, &((struct in_addr *)
+				    iov[7].value.iov_base)[ai],
+				    ipbuf, sizeof(ipbuf)) == NULL)
+					err(1, "inet_ntop");
+				else
+					printf("%6s  %-15.15s\n", "", ipbuf);
+		}
+	} else if (pflags & PRINT_DEFAULT)
+		printf("%6d  %-15.15s %-29.29s %.74s\n",
+		    *(int *)iov[0].value.iov_base,
+		    iov[1].value.iov_len == 0 ? "-"
+		    : inet_ntoa(*(struct in_addr *)iov[1].value.iov_base),
+		    (char *)iov[2].value.iov_base,
+		    (char *)iov[3].value.iov_base);
+	else {
+		for (i = 0; i < nparams; i++) {
+			if (!(params[i].flags & PARAM_USER))
 				continue;
+			if (i > 0)
+				putchar(' ');
+			if (pflags & PRINT_NAMEVAL) {
+				/*
+				 * Generally "name=value", but for booleans
+				 * either "name" or "noname".
+				 */
+				switch (params[i].type) {
+				case CTLTYPE_BOOL:
+					if (*(int *)iov[i].value.iov_base)
+						printf("%s", params[i].name);
+					else {
+						nname = noname(params[i].name);
+						printf("%s", nname);
+						free(nname);
+					}
+					break;
+				case CTLTYPE_NOBOOL:
+					if (*(int *)iov[i].value.iov_base)
+						printf("%s", params[i].name);
+					else {
+						nname =
+						    nononame(params[i].name);
+						printf("%s", nname);
+						free(nname);
+					}
+					break;
+				default:
+					printf("%s=", params[i].name);
+				}
 			}
-			err(1, "sysctlbyname(): security.jail.list");
+			count = params[i].flags & PARAM_ARRAY
+			    ? iov[i].value.iov_len / params[i].size : 1;
+			if (count == 0)
+				putchar('-');
+			for (ai = 0; ai < count; ai++) {
+				if (ai > 0)
+					putchar(',');
+				switch (params[i].type) {
+				case CTLTYPE_INT:
+					printf("%d", ((int *)
+					    iov[i].value.iov_base)[ai]);
+					break;
+				case CTLTYPE_UINT:
+					printf("%u", ((int *)
+					    iov[i].value.iov_base)[ai]);
+					break;
+				case CTLTYPE_IPADDR:
+					if (inet_ntop(AF_INET,
+					    &((struct in_addr *)
+					    iov[i].value.iov_base)[ai],
+					    ipbuf, sizeof(ipbuf)) == NULL)
+						err(1, "inet_ntop");
+					else
+						printf("%s", ipbuf);
+					break;
+				case CTLTYPE_IP6ADDR:
+					if (inet_ntop(AF_INET6,
+					    &((struct in6_addr *)
+					    iov[i].value.iov_base)[ai],
+					    ipbuf, sizeof(ipbuf)) == NULL)
+						err(1, "inet_ntop");
+					else
+						printf("%s", ipbuf);
+					break;
+				case CTLTYPE_LONG:
+					printf("%ld", ((long *)
+					    iov[i].value.iov_base)[ai]);
+				case CTLTYPE_ULONG:
+					printf("%lu", ((long *)
+					    iov[i].value.iov_base)[ai]);
+					break;
+				case CTLTYPE_STRING:
+					if (pflags & PRINT_QUOTED)
+						quoted_print((char *)
+						    iov[i].value.iov_base,
+						    params[i].size);
+					else
+						printf("%.*s",
+						    params[i].size, (char *)
+						    iov[i].value.iov_base);
+					break;
+				case CTLTYPE_BOOL:
+				case CTLTYPE_NOBOOL:
+					if (!(pflags & PRINT_NAMEVAL))
+						printf(((int *)
+						    iov[i].value.iov_base)[ai]
+						    ? "true" : "false");
+				}
+			}
 		}
-		break;
+		putchar('\n');
 	}
-	if (p == NULL)
-		err(1, "sysctlbyname(): security.jail.list");
-	if (len < sizeof(int))
-		errx(1, "This is no prison. Kernel and userland out of sync?");
-	version = *(int *)p;
-	if (version > XPRISON_VERSION)
-		errx(1, "Sci-Fi prison. Kernel/userland out of sync?");
+	for (i = 0; i < nparams; i++)
+		if (params[i].value == NULL)
+			free(iov[i].value.iov_base);
+	return (jid);
+}
 
-	if (flags & FLAG_V) {
-		printf("   JID  Hostname                      Path\n");
-		printf("        Name                          State\n");
-		printf("        CPUSetID\n");
-		printf("        IP Address(es)\n");
-	} else {
-		printf("   JID  IP Address      Hostname"
-		    "                      Path\n");
+static void
+quoted_print(char *str, int len)
+{
+	int c, qc;
+	char *p = str;
+	char *ep = str + len;
+
+	/* An empty string needs quoting. */
+	if (!*p) {
+		fputs("\"\"", stdout);
+		return;
 	}
-	for (; q != NULL && (char *)q + sizeof(int) < (char *)p + len;) {
-		version = *(int *)q;
-		if (version > XPRISON_VERSION)
-			errx(1, "Sci-Fi prison. Kernel/userland out of sync?");
-		switch (version) {
-#ifdef SUPPORT_OLD_XPRISON
-		case 1:
-			q = print_xprison_v1(q, (char *)p + len, flags);
-			break;
-		case 2:
-			errx(1, "Version 2 was used by multi-IPv4 jail "
-			    "implementations that never made it into the "
-			    "official kernel.");
-			/* NOTREACHED */
-			break;
-#endif
-		case 3:
-			q = print_xprison_v3(q, (char *)p + len, flags);
-			break;
-		default:
-			errx(1, "Prison unknown. Kernel/userland out of sync?");
-			/* NOTREACHED */
-			break;
-		}
+
+	/*
+	 * The value will be surrounded by quotes if it contains spaces
+	 * or quotes.
+	 */
+	qc = strchr(p, '\'') ? '"'
+	    : strchr(p, '"') ? '\''
+	    : strchr(p, ' ') || strchr(p, '\t') ? '"'
+	    : 0;
+	if (qc)
+		putchar(qc);
+	while (p < ep && (c = *p++)) {
+		if (c == '\\' || c == qc)
+			putchar('\\');
+		putchar(c);
 	}
-
-	free(p);
-	exit(0);
+	if (qc)
+		putchar(qc);
 }
Index: usr.sbin/jls/Makefile
===================================================================
--- usr.sbin/jls/Makefile	(revision 191896)
+++ usr.sbin/jls/Makefile	(working copy)
@@ -4,6 +4,4 @@
 MAN=	jls.8
 WARNS?=	6
 
-CFLAGS+= -DSUPPORT_OLD_XPRISON
-
 .include <bsd.prog.mk>
Index: usr.sbin/jls/jls.8
===================================================================
--- usr.sbin/jls/jls.8	(revision 191896)
+++ usr.sbin/jls/jls.8	(working copy)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 29, 2008
+.Dd April 30, 2009
 .Dt JLS 8
 .Os
 .Sh NAME
@@ -33,38 +33,59 @@
 .Nd "list jails"
 .Sh SYNOPSIS
 .Nm
-.Op Fl av
+.Op Fl dhnqv
+.Op Fl j Ar jail
+.Op Ar parameter ...
 .Sh DESCRIPTION
 The
 .Nm
-utility lists all jails.
-By default only active jails are listed.
+utility lists all active jails, or the specified jail.
+Each jail is represented by one row which contains space-separated values of
+the listed
+.Ar parameters ,
+including the pseudo-parameter
+.Va all
+which will show all available jail parameters.
+A list of available parameters can be retrieved via
+.Dq Nm sysctl Fl d Va security.jail.param .
 .Pp
-The options are as follows:
-.Bl -tag -width ".Fl a"
-.It Fl a
-Show jails in all states, not only active ones.
+If no
+.Ar parameters
+are given, the following four columns will be printed:
+jail identifier (jid), IP address (ip4.addr), hostname (host.hostname),
+and path (path).
+.Pp
+The following options are available:
+.Bl -tag -width indent
+.It Fl d
+List
+.Va dying
+as well as active jails.
+.It Fl h
+Print a header line containing the parameters listed.
+If no parameters are given on the command line, the default four-column
+output always contains a header.
+.It Fl n
+Print parameters in
+.Dq name=value
+format, where each parameter is preceded by its name.
+This option is ignored for the default four-column output.
+.It Fl q
+Put quotes around string parameters if they contain spaces or quotes, or are
+the empty string.
 .It Fl v
-Show more verbose information.
-This also lists cpusets, jail state, multi-IP, etc. instead of the
-classic single-IP jail output.
+Print a multiple-line summary per jail, with the following parameters:
+jail identifier (jid), hostname (host.hostname), path (path),
+jail name (name), jail state (dying), cpuset ID (cpuset),
+IP address(es) (ip4.addr and ip6.addr).
+.It Fl j Ar jail
+The jid or name of the
+.Ar jail
+to list.
+Without this option, all active jails will be listed.
 .El
-.Pp
-Each jail is represented by rows which, depending on
-.Fl v ,
-contain the following columns:
-.Bl -item -offset indent -compact
-.It
-jail identifier (JID), hostname and path
-.It
-jail state and name
-.It
-jail cpuset
-.It
-followed by one IP adddress per line.
-.El
 .Sh SEE ALSO
-.Xr jail 2 ,
+.Xr jail_get 2 ,
 .Xr jail 8 ,
 .Xr jexec 8
 .Sh HISTORY
@@ -72,3 +93,5 @@
 .Nm
 utility was added in
 .Fx 5.1 .
+Extensible jail parameters were introduced in
+.Fx 8.0 .
Index: usr.sbin/jexec/jexec.c
===================================================================
--- usr.sbin/jexec/jexec.c	(revision 191896)
+++ usr.sbin/jexec/jexec.c	(working copy)
@@ -29,12 +29,16 @@
 
 #include <sys/param.h>
 #include <sys/jail.h>
+#include <sys/socket.h>
 #include <sys/sysctl.h>
+#include <sys/uio.h>
 
+#include <arpa/inet.h>
 #include <netinet/in.h>
 
 #include <err.h>
 #include <errno.h>
+#include <limits.h>
 #include <login_cap.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -43,154 +47,8 @@
 #include <unistd.h>
 
 static void	usage(void);
+static int	addr2jid(const char *addr);
 
-#ifdef SUPPORT_OLD_XPRISON
-static
-char *lookup_xprison_v1(void *p, char *end, int *id)
-{
-	struct xprison_v1 *xp;
-
-	if (id == NULL)
-		errx(1, "Internal error. Invalid ID pointer.");
-
-	if ((char *)p + sizeof(struct xprison_v1) > end)
-		errx(1, "Invalid length for jail");
-
-	xp = (struct xprison_v1 *)p;
-
-	*id = xp->pr_id;
-	return ((char *)(xp + 1));
-}
-#endif
-
-static
-char *lookup_xprison_v3(void *p, char *end, int *id, char *jailname)
-{
-	struct xprison *xp;
-	char *q;
-	int ok;
-
-	if (id == NULL)
-		errx(1, "Internal error. Invalid ID pointer.");
-
-	if ((char *)p + sizeof(struct xprison) > end)
-		errx(1, "Invalid length for jail");
-
-	xp = (struct xprison *)p;
-	ok = 1;
-
-	/* Jail state and name. */
-	if (xp->pr_state < 0 || xp->pr_state >=
-	    (int)((sizeof(prison_states) / sizeof(struct prison_state))))
-		errx(1, "Invalid jail state.");
-	else if (xp->pr_state != PRISON_STATE_ALIVE)
-		ok = 0;
-	if (jailname != NULL) {
-		if (xp->pr_name[0] == '\0')
-			ok = 0;
-		else if (strcmp(jailname, xp->pr_name) != 0)
-			ok = 0;
-	}
-
-	q = (char *)(xp + 1);
-	/* IPv4 addresses. */
-	q += (xp->pr_ip4s * sizeof(struct in_addr));
-	if ((char *)q > end)
-		errx(1, "Invalid length for jail");
-	/* IPv6 addresses. */
-	q += (xp->pr_ip6s * sizeof(struct in6_addr));
-	if ((char *)q > end)
-		errx(1, "Invalid length for jail");
-
-	if (ok)
-		*id = xp->pr_id;
-	return (q);
-}
-
-static int
-lookup_jail(int jid, char *jailname)
-{
-	size_t i, j, len;
-	void *p, *q;
-	int version, id, xid, count;
-
-	if (sysctlbyname("security.jail.list", NULL, &len, NULL, 0) == -1)
-		err(1, "sysctlbyname(): security.jail.list");
-
-	j = len;
-	for (i = 0; i < 4; i++) {
-		if (len == 0)
-			return (-1);
-		p = q = malloc(len);
-		if (p == NULL)
-			err(1, "malloc()");
-
-		if (sysctlbyname("security.jail.list", q, &len, NULL, 0) == -1) {
-			if (errno == ENOMEM) {
-				free(p);
-				p = NULL;
-				len += j;
-				continue;
-			}
-			err(1, "sysctlbyname(): security.jail.list");
-		}
-		break;
-	}
-	if (p == NULL)
-		err(1, "sysctlbyname(): security.jail.list");
-	if (len < sizeof(int))
-		errx(1, "This is no prison. Kernel and userland out of sync?");
-	version = *(int *)p;
-	if (version > XPRISON_VERSION)
-		errx(1, "Sci-Fi prison. Kernel/userland out of sync?");
-
-	count = 0;
-	xid = -1;
-	for (; q != NULL && (char *)q + sizeof(int) < (char *)p + len;) {
-		version = *(int *)q;
-		if (version > XPRISON_VERSION)
-			errx(1, "Sci-Fi prison. Kernel/userland out of sync?");
-		id = -1;
-		switch (version) {
-#ifdef SUPPORT_OLD_XPRISON
-		case 1:
-			if (jailname != NULL)
-				errx(1, "Version 1 prisons did not "
-				    "support jail names.");
-			q = lookup_xprison_v1(q, (char *)p + len, &id);
-			break;
-		case 2:
-			errx(1, "Version 2 was used by multi-IPv4 jail "
-			    "implementations that never made it into the "
-			    "official kernel.");
-			/* NOTREACHED */
-			break;
-#endif
-		case 3:
-			q = lookup_xprison_v3(q, (char *)p + len, &id, jailname);
-			break;
-		default:
-			errx(1, "Prison unknown. Kernel/userland out of sync?");
-			/* NOTREACHED */
-			break;
-		}
-		/* Possible match; see if we have a jail ID to match as well.  */
-		if (id > 0 && (jid <= 0 || id == jid)) {
-			xid = id;
-			count++;
-		}
-	}
-
-	free(p);
-
-	if (count == 1)
-		return (xid);
-	else if (count > 1)
-		errx(1, "Could not uniquely identify the jail.");
-	else
-		return (-1);
-}
-
 #define GET_USER_INFO do {						\
 	pwd = getpwnam(username);					\
 	if (pwd == NULL) {						\
@@ -210,22 +68,18 @@
 int
 main(int argc, char *argv[])
 {
+	struct iovec params[2];
 	int jid;
 	login_cap_t *lcap = NULL;
 	struct passwd *pwd = NULL;
 	gid_t groups[NGROUPS];
-	int ch, ngroups, uflag, Uflag;
-	char *jailname, *username;
+	int ch, ngroups, uflag, Uflag, hflag;
+	char *ep, *username;
+	ch = uflag = Uflag = hflag = 0;
+	username = NULL;
 
-	ch = uflag = Uflag = 0;
-	jailname = username = NULL;
-	jid = -1;
-
-	while ((ch = getopt(argc, argv, "i:n:u:U:")) != -1) {
+	while ((ch = getopt(argc, argv, "u:U:h")) != -1) {
 		switch (ch) {
-		case 'n':
-			jailname = optarg;
-			break;
 		case 'u':
 			username = optarg;
 			uflag = 1;
@@ -234,6 +88,9 @@
 			username = optarg;
 			Uflag = 1;
 			break;
+		case 'h':
+			hflag = 1;
+			break;
 		default:
 			usage();
 		}
@@ -242,22 +99,24 @@
 	argv += optind;
 	if (argc < 2)
 		usage();
-	if (strlen(argv[0]) > 0) {
-		jid = (int)strtol(argv[0], NULL, 10);
-		if (errno)
-			err(1, "Unable to parse jail ID.");
-	}
-	if (jid <= 0 && jailname == NULL) {
-		fprintf(stderr, "Neither jail ID nor jail name given.\n");
-		usage();
-	}
 	if (uflag && Uflag)
 		usage();
 	if (uflag)
 		GET_USER_INFO;
-	jid = lookup_jail(jid, jailname);
-	if (jid <= 0)
-		errx(1, "Cannot identify jail.");
+	if (hflag)
+		jid = addr2jid(argv[0]);
+	else {
+		jid = strtoul(argv[0], &ep, 10);
+		if (!*argv[0] || *ep) {
+			*(const void **)&params[0].iov_base = "name";
+			params[0].iov_len = sizeof("name");
+			params[1].iov_base = argv[0];
+			params[1].iov_len = strlen(argv[0]) + 1;
+			jid = jail_get(params, 2, 0);
+			if (jid < 0)
+				errx(1, "Unknown jail: %s", argv[0]);
+		}
+	}
 	if (jail_attach(jid) == -1)
 		err(1, "jail_attach(): %d", jid);
 	if (chdir("/") == -1)
@@ -285,6 +144,108 @@
 
 	fprintf(stderr, "%s%s\n",
 		"usage: jexec [-u username | -U username]",
-		" [-n jailname] jid command ...");
+		" [-h hostname | -h ip-number | jail] command ...");
 	exit(1); 
 }
+
+static int 
+addr2jid(const char *addr)
+{
+	struct iovec params[6];
+	struct in_addr ia;
+	struct in6_addr ia6;
+	int cnt, doip, foundjid, ii, jid, lastjid, sanity;
+	char hostbuf[MAXHOSTNAMELEN];
+
+	if (inet_pton(AF_INET, addr, &ia) > 0)
+		doip = 4;
+	else if (inet_pton(AF_INET6, addr, &ia6) > 0)
+		doip = 6;
+	else
+		doip = 0;
+
+	*(const void **)&params[0].iov_base = "lastjid";
+	params[0].iov_len = sizeof("lastjid");
+	params[1].iov_base = &lastjid;
+	params[1].iov_len = sizeof(lastjid);
+	switch (doip) {
+	case 4:
+		*(const void **)&params[2].iov_base = "ip4.addr";
+		params[2].iov_len = sizeof("ip4.addr");
+		*(const void **)&params[4].iov_base = "host.hostname";
+		params[4].iov_len = sizeof("host.hostname");
+		params[5].iov_base = hostbuf;
+		params[5].iov_len = MAXHOSTNAMELEN;
+		break;
+	case 6:
+		*(const void **)&params[2].iov_base = "ip6.addr";
+		params[2].iov_len = sizeof("ip6.addr");
+		*(const void **)&params[4].iov_base = "host.hostname";
+		params[4].iov_len = sizeof("host.hostname");
+		params[5].iov_base = hostbuf;
+		params[5].iov_len = MAXHOSTNAMELEN;
+		break;
+	default:
+		*(const void **)&params[2].iov_base = "host.hostname";
+		params[2].iov_len = sizeof("host.hostname");
+		params[3].iov_base = hostbuf;
+		params[3].iov_len = MAXHOSTNAMELEN;
+	}
+
+	cnt = foundjid = sanity = 0;
+	for (jid = 0;; jid = lastjid) {
+		if (doip != 0) {
+			params[3].iov_base = NULL;
+			params[3].iov_len = 0;
+			if (jail_get(params, 4, 0) < 0)
+				break;
+			params[3].iov_len += 5 * sizeof(struct in6_addr);
+			params[3].iov_base = malloc(params[3].iov_len);
+			jid = jail_get(params, 6, 0);
+		} else
+			jid = jail_get(params, 4, 0);
+		if (jid > 0) {
+			sanity = 0;
+			if (!strcmp(hostbuf, addr)) {
+				cnt++;
+				foundjid = jid;
+			} else switch (doip) {
+			case 4:
+				for (ii = (params[3].iov_len /
+				    sizeof(struct in_addr)) - 1; ii >= 0; ii--)
+					if (((struct in_addr *)params[3].
+					    iov_base)[ii].s_addr == ia.s_addr) {
+						cnt++;
+						foundjid = jid;
+						break;
+					}
+				break;
+			case 6:
+				for (ii = (params[3].iov_len /
+				    sizeof(struct in6_addr)) - 1; ii >= 0;
+				    ii--)
+					if (IN6_ARE_ADDR_EQUAL(&ia6,
+					    &((struct in6_addr *)
+					    params[3].iov_base)[ii])) {
+						cnt++;
+						foundjid = jid;
+						break;
+					}
+			}
+		} else if (errno == ENOENT || ++sanity > 10)
+			break;
+		else
+			jid = lastjid;
+		if (doip != 0)
+			free(params[3].iov_base);
+	}
+	switch (cnt)
+	{
+	case 0:
+		errx(1, "Unknown jail: %s", addr);
+	case 1:
+		return foundjid;
+	default:
+		errx(1, "Could not uniquely identify the jail: %s", addr);
+	}
+}
Index: usr.sbin/jexec/jexec.8
===================================================================
--- usr.sbin/jexec/jexec.8	(revision 191896)
+++ usr.sbin/jexec/jexec.8	(working copy)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd November 29, 2008
+.Dd April 30, 2009
 .Dt JEXEC 8
 .Os
 .Sh NAME
@@ -34,36 +34,22 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl u Ar username | Fl U Ar username
-.Op Fl n Ar jailname
-.Ar jid command ...
+.Op Fl h Ar hostname | Fl h Ar ip | Ar jid | Ar name
+.Ar command ...
 .Sh DESCRIPTION
 The
 .Nm
 utility executes
 .Ar command
-inside the jail identified by either
-.Ar jailname
+inside the jail identified by
+.Ar hostname ,
+.Ar ip ,
+.Ar jid ,
 or
-.Ar jid
-or both.
+.Ar name .
 .Pp
-If the jail cannot be identified uniquely by the given parameters,
-an error message is printed.
-.Nm
-will also check the state of the jail (once supported) to be
-.Dv ALIVE
-and ignore jails in other states.
-The mandatory argument
-.Ar jid
-is the unique jail identifier as given by
-.Xr jls 8 .
-In case you only want to match on other criteria, give an empty string.
-.Pp
 The following options are available:
 .Bl -tag -width indent
-.It Fl n Ar jailname
-The name of the jail, if given upon creation of the jail.
-This is not the hostname of the jail.
 .It Fl u Ar username
 The user name from host environment as whom the
 .Ar command
@@ -73,6 +59,9 @@
 .Ar command
 should run.
 .El
+.Sh "CAUTIONS"
+Only a jail's jid or name is guaranteed to uniquely identify the jail.
+Hostname or ip only work here if matched to one unique jail.
 .Sh SEE ALSO
 .Xr jail_attach 2 ,
 .Xr jail 8 ,
Index: usr.sbin/jexec/Makefile
===================================================================
--- usr.sbin/jexec/Makefile	(revision 191896)
+++ usr.sbin/jexec/Makefile	(working copy)
@@ -6,6 +6,4 @@
 LDADD=	-lutil
 WARNS?=	6
 
-CFLAGS+= -DSUPPORT_OLD_XPRISON
-
 .include <bsd.prog.mk>
Index: usr.sbin/jail/jail.c
===================================================================
--- usr.sbin/jail/jail.c	(revision 191896)
+++ usr.sbin/jail/jail.c	(working copy)
@@ -1,5 +1,6 @@
 /*-
  * Copyright (c) 1999 Poul-Henning Kamp.
+ * Copyright (c) 2009 James Gritton
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -29,51 +30,43 @@
 
 #include <sys/param.h>
 #include <sys/jail.h>
-#include <sys/queue.h>
 #include <sys/socket.h>
 #include <sys/sysctl.h>
-#include <sys/types.h>
+#include <sys/uio.h>
 
+#include <arpa/inet.h>
 #include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
 
+#include <ctype.h>
 #include <err.h>
 #include <errno.h>
 #include <grp.h>
 #include <login_cap.h>
+#include <netdb.h>
 #include <paths.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <strings.h>
 #include <string.h>
 #include <unistd.h>
 
-static void		usage(void);
-static int		add_addresses(struct addrinfo *);
-static struct in_addr	*copy_addr4(void);
-#ifdef INET6
-static struct in6_addr	*copy_addr6(void);
-#endif
+#define	SJPARAM		"security.jail.param"
+#define	ERRMSG_SIZE	256
 
-extern char	**environ;
-
-struct addr4entry {
-	STAILQ_ENTRY(addr4entry)	addr4entries;
-	struct in_addr			ip4;
-	int				count;
+struct param {
+	struct iovec name;
+	struct iovec value;
 };
-struct addr6entry {
-	STAILQ_ENTRY(addr6entry)	addr6entries;
-#ifdef INET6
-	struct in6_addr			ip6;
-#endif
-	int				count;
-};
-STAILQ_HEAD(addr4head, addr4entry) addr4 = STAILQ_HEAD_INITIALIZER(addr4);
-STAILQ_HEAD(addr6head, addr6entry) addr6 = STAILQ_HEAD_INITIALIZER(addr6);
 
+static struct param *params;
+static int nparams;
+
+static void set_param(const char *name, char *value);
+static void set_param_ip_hostname(char *value, int family);
+static void usage(void);
+
+extern char **environ;
+
 #define GET_USER_INFO do {						\
 	pwd = getpwnam(username);					\
 	if (pwd == NULL) {						\
@@ -94,27 +87,28 @@
 main(int argc, char **argv)
 {
 	login_cap_t *lcap = NULL;
-	struct jail j;
+	struct iovec rparams[2];
 	struct passwd *pwd = NULL;
 	gid_t groups[NGROUPS];
-	int ch, error, i, ngroups, securelevel;
-	int hflag, iflag, Jflag, lflag, uflag, Uflag;
-	char path[PATH_MAX], *jailname, *ep, *username, *JidFile, *ip;
+	int ch, cmdarg, i, jail_set_flags, jid, ngroups, oldargs, securelevel;
+	int iflag, Jflag, lflag, rflag, uflag, Uflag;
+	char *ep, *username, *JidFile;
+	char errmsg[ERRMSG_SIZE];
 	static char *cleanenv;
 	const char *shell, *p = NULL;
 	long ltmp;
 	FILE *fp;
-	struct addrinfo hints, *res0;
 
-	hflag = iflag = Jflag = lflag = uflag = Uflag = 0;
-	securelevel = -1;
-	jailname = username = JidFile = cleanenv = NULL;
+	iflag = Jflag = lflag = rflag = uflag = Uflag = 0;
+	jail_set_flags = JAIL_CREATE | JAIL_UPDATE;
+	cmdarg = jid = securelevel = -1;
+	username = JidFile = cleanenv = NULL;
 	fp = NULL;
 
-	while ((ch = getopt(argc, argv, "hiln:s:u:U:J:")) != -1) {
+	while ((ch = getopt(argc, argv, "cdilor:s:u:U:J:")) != -1) {
 		switch (ch) {
-		case 'h':
-			hflag = 1;
+		case 'd':
+			jail_set_flags |= JAIL_DYING;
 			break;
 		case 'i':
 			iflag = 1;
@@ -123,9 +117,6 @@
 			JidFile = optarg;
 			Jflag = 1;
 			break;
-		case 'n':
-			jailname = optarg;
-			break;
 		case 's':
 			ltmp = strtol(optarg, &ep, 0);
 			if (*ep || ep == optarg || ltmp > INT_MAX || !ltmp)
@@ -143,13 +134,41 @@
 		case 'l':
 			lflag = 1;
 			break;
+		case 'c':
+			jail_set_flags =
+			    (jail_set_flags & ~JAIL_UPDATE) | JAIL_CREATE;
+			break;
+		case 'o':
+			jail_set_flags =
+			    (jail_set_flags & ~JAIL_CREATE) | JAIL_UPDATE;
+			break;
+		case 'r':
+			jid = strtoul(optarg, &ep, 10);
+			if (!*optarg || *ep) {
+				*(const void **)&rparams[0].iov_base = "name";
+				rparams[0].iov_len = sizeof("name");
+				rparams[1].iov_base = optarg;
+				rparams[1].iov_len = strlen(optarg) + 1;
+				jid = jail_get(rparams, 2, 0);
+				if (jid < 0)
+					errx(1, "unknown jail: %s", optarg);
+			}
+			rflag = 1;
+			break;
 		default:
 			usage();
 		}
 	}
 	argc -= optind;
 	argv += optind;
-	if (argc < 4)
+	if (rflag) {
+		if (argc > 0 || iflag || Jflag || lflag || uflag || Uflag)
+			usage();
+		if (jail_remove(jid) < 0)
+			err(1, "jail_remove");
+		exit (0);
+	}
+	if (argc == 0)
 		usage();
 	if (uflag && Uflag)
 		usage();
@@ -157,92 +176,70 @@
 		usage();
 	if (uflag)
 		GET_USER_INFO;
-	if (realpath(argv[0], path) == NULL)
-		err(1, "realpath: %s", argv[0]);
-	if (chdir(path) != 0)
-		err(1, "chdir: %s", path);
-	/* Initialize struct jail. */
-	memset(&j, 0, sizeof(j));
-	j.version = JAIL_API_VERSION;
-	j.path = path;
-	j.hostname = argv[1];
-	if (jailname != NULL)
-		j.jailname = jailname;
 
-	/* Handle IP addresses. If requested resolve hostname too. */
-	bzero(&hints, sizeof(struct addrinfo));
-	hints.ai_protocol = IPPROTO_TCP;
-	hints.ai_socktype = SOCK_STREAM;
-	if (JAIL_API_VERSION < 2)
-		hints.ai_family = PF_INET;
-	else
-		hints.ai_family = PF_UNSPEC;
-	/* Handle hostname. */
-	if (hflag != 0) {
-		error = getaddrinfo(j.hostname, NULL, &hints, &res0);
-		if (error != 0)
-			errx(1, "failed to handle hostname: %s",
-			    gai_strerror(error));
-		error = add_addresses(res0);
-		freeaddrinfo(res0);
-		if (error != 0)
-			errx(1, "failed to add addresses.");
+	/*
+	 * If the first argument (path) starts with a slash, and the third
+	 * argument (IP address) starts with a digit, it is likely to be
+	 * an old-style fixed-parameter command line.
+	 */
+	oldargs = argc >= 4 && argv[0][0] == '/' && isdigit(argv[2][0]);
+	if (oldargs) {
+		if ((jail_set_flags & (JAIL_CREATE | JAIL_UPDATE)) !=
+		    (JAIL_CREATE | JAIL_UPDATE))
+			usage();
+		jail_set_flags = JAIL_CREATE | JAIL_ATTACH;
+		set_param("path", argv[0]);
+		set_param("host.hostname", argv[1]);
+		set_param("ip4.addr", argv[2]);
+		cmdarg = 3;
+	} else {
+		for (i = 0; i < argc; i++)
+			if (!strncmp(argv[i], "command=", 8)) {
+				cmdarg = i;
+				argv[cmdarg] += 8;
+				jail_set_flags |= JAIL_ATTACH;
+				break;
+			} else
+				set_param(NULL, argv[i]);
 	}
-	/* Handle IP addresses. */
-	hints.ai_flags = AI_NUMERICHOST;
-	ip = strtok(argv[2], ",");
-	while (ip != NULL) {
-		error = getaddrinfo(ip, NULL, &hints, &res0);
-		if (error != 0)
-			errx(1, "failed to handle ip: %s", gai_strerror(error));
-		error = add_addresses(res0);
-		freeaddrinfo(res0);
-		if (error != 0)
-			errx(1, "failed to add addresses.");
-		ip = strtok(NULL, ",");
-	}
-	/* Count IP addresses and add them to struct jail. */
-	if (!STAILQ_EMPTY(&addr4)) {
-		j.ip4s = STAILQ_FIRST(&addr4)->count;
-		j.ip4 = copy_addr4();
-		if (j.ip4s > 0 && j.ip4 == NULL)
-			errx(1, "copy_addr4()");
-	}
-#ifdef INET6
-	if (!STAILQ_EMPTY(&addr6)) {
-		j.ip6s = STAILQ_FIRST(&addr6)->count;
-		j.ip6 = copy_addr6();
-		if (j.ip6s > 0 && j.ip6 == NULL)
-			errx(1, "copy_addr6()");
-	}
-#endif 
+	errmsg[0] = 0;
+	set_param("errmsg", errmsg);
 
 	if (Jflag) {
 		fp = fopen(JidFile, "w");
 		if (fp == NULL)
 			errx(1, "Could not create JidFile: %s", JidFile);
 	}
-	i = jail(&j);
-	if (i == -1)
-		err(1, "syscall failed with");
+	jid = jail_set(&params->name, 2 * nparams, jail_set_flags);
+	if (jid < 0) {
+		if (errmsg[0] != '\0')
+			errx(1, "%s", errmsg);
+		err(1, "jail_set");
+	}
 	if (iflag) {
-		printf("%d\n", i);
+		printf("%d\n", jid);
 		fflush(stdout);
 	}
 	if (Jflag) {
-		if (fp != NULL) {
+		if (oldargs)
 			fprintf(fp, "%d\t%s\t%s\t%s\t%s\n",
-			    i, j.path, j.hostname, argv[2], argv[3]);
-			(void)fclose(fp);
-		} else {
-			errx(1, "Could not write JidFile: %s", JidFile);
+			    jid, (char *)params[0].value.iov_base,
+			    argv[1], argv[2], argv[3]);
+		else {
+			fprintf(fp, "%d", jid);
+			for (i = 0; i < argc; i++)
+				fprintf(fp, "\t%s", argv[i]);
+			fprintf(fp, "\n");
 		}
+		(void)fclose(fp);
 	}
 	if (securelevel > 0) {
 		if (sysctlbyname("kern.securelevel", NULL, 0, &securelevel,
 		    sizeof(securelevel)))
 			err(1, "Can not set securelevel to %d", securelevel);
 	}
+	if (cmdarg < 0)
+		exit(0);
 	if (username != NULL) {
 		if (Uflag)
 			GET_USER_INFO;
@@ -272,158 +269,256 @@
 		if (p)
 			setenv("TERM", p, 1);
 	}
-	if (execv(argv[3], argv + 3) != 0)
-		err(1, "execv: %s", argv[3]);
-	exit(0);
+	execvp(argv[cmdarg], argv + cmdarg);
+	err(1, "execvp: %s", argv[cmdarg]);
 }
 
 static void
-usage(void)
+set_param(const char *name, char *value)
 {
+	struct param *param;
+	char *ep, *p;
+	size_t buflen, mlen;
+	int i, nval, mib[CTL_MAXNAME];
+	char buf[MAXPATHLEN];
 
-	(void)fprintf(stderr, "%s%s%s\n",
-	     "usage: jail [-hi] [-n jailname] [-J jid_file] ",
-	     "[-s securelevel] [-l -u username | -U username] ",
-	     "path hostname [ip[,..]] command ...");
-	exit(1);
-}
+	static int paramlistsize;
 
-static int
-add_addresses(struct addrinfo *res0)
-{
-	int error;
-	struct addrinfo *res;
-	struct addr4entry *a4p;
-	struct sockaddr_in *sai;
+	/* Separate the name from the value, if not done already. */
+	if (name == NULL) {
+		name = value;
+		if ((value = strchr(value, '=')))
+			*value++ = '\0';
+	}
+
+	/* Handle pseudo-parameters separately. */
+	if (!strcmp(name, "ip4_hostname")) {
+		set_param_ip_hostname(value, AF_INET);
+		return;
+	}
 #ifdef INET6
-	struct addr6entry *a6p;
-	struct sockaddr_in6 *sai6;
+	if (!strcmp(name, "ip6_hostname")) {
+		set_param_ip_hostname(value, AF_INET6);
+		return;
+	}
 #endif
-	int count;
 
-	error = 0;
-	for (res = res0; res && error == 0; res = res->ai_next) {
-		switch (res->ai_family) {
-		case AF_INET:
-			sai = (struct sockaddr_in *)(void *)res->ai_addr;
-			STAILQ_FOREACH(a4p, &addr4, addr4entries) {
-			    if (bcmp(&sai->sin_addr, &a4p->ip4,
-				sizeof(struct in_addr)) == 0) {
-				    err(1, "Ignoring duplicate IPv4 address.");
-				    break;
-			    }
-			}
-			a4p = (struct addr4entry *) malloc(
-			    sizeof(struct addr4entry));
-			if (a4p == NULL) {
-				error = 1;
-				break;
-			}
-			bzero(a4p, sizeof(struct addr4entry));
-			bcopy(&sai->sin_addr, &a4p->ip4,
-			    sizeof(struct in_addr));
-			if (!STAILQ_EMPTY(&addr4))
-				count = STAILQ_FIRST(&addr4)->count;
-			else
-				count = 0;
-			STAILQ_INSERT_TAIL(&addr4, a4p, addr4entries);
-			STAILQ_FIRST(&addr4)->count = count + 1;
+	/* Check for repeat parameters */
+	for (i = 0; i < nparams; i++)
+		if (!strcmp(name, params[i].name.iov_base)) {
+			memcpy(params + i, params + i + 1,
+			    (--nparams - i) * sizeof(struct param));
 			break;
+		}
+
+	/* Make sure there is room for the new param record. */
+	if (!nparams) {
+		paramlistsize = 32;
+		params = malloc(paramlistsize * sizeof(*params));
+		if (params == NULL)
+			err(1, "malloc");
+	} else if (nparams >= paramlistsize) {
+		paramlistsize *= 2;
+		params = realloc(params, paramlistsize * sizeof(*params));
+		if (params == NULL)
+			err(1, "realloc");
+	}
+
+	/* Look up the paramter. */
+	param = params + nparams++;
+	*(const void **)&param->name.iov_base = name;
+	param->name.iov_len = strlen(name) + 1;
+	/* Trivial values - no value or errmsg. */
+	if (value == NULL) {
+		param->value.iov_base = value;
+		param->value.iov_len = 0;
+		return;
+	}
+	if (!strcmp(name, "errmsg")) {
+		param->value.iov_base = value;
+		param->value.iov_len = ERRMSG_SIZE;
+		return;
+	}
+	mib[0] = 0;
+	mib[1] = 3;
+	snprintf(buf, sizeof(buf), SJPARAM ".%s", name);
+	mlen = sizeof(mib) - 2 * sizeof(int);
+	if (sysctl(mib, 2, mib + 2, &mlen, buf, strlen(buf)) < 0)
+		errx(1, "unknown parameter: %s", name);
+	mib[1] = 4;
+	buflen = sizeof(buf);
+	if (sysctl(mib, (mlen / sizeof(int)) + 2, buf, &buflen, NULL, 0) < 0)
+		err(1, "sysctl(0.4.%s)", name);
+	/*
+	 * See if this is an array type.
+	 * Treat non-arrays as an array of one.
+	 */
+	p = strchr(buf + sizeof(int), '\0');
+	nval = 1;
+	if (p - 2 >= buf && !strcmp(p - 2, ",a")) {
+		if (value[0] == '\0' ||
+		    (value[0] == '-' && value[1] == '\0')) {
+			param->value.iov_base = value;
+			param->value.iov_len = 0;
+			return;
+		}
+		p[-2] = 0;
+		for (p = strchr(value, ','); p; p = strchr(p + 1, ',')) {
+			*p = 0;
+			nval++;
+		}
+	}
+	
+	/* Set the values according to the parameter type. */
+	switch (*(int *)buf & CTLTYPE) {
+	case CTLTYPE_INT:
+	case CTLTYPE_UINT:
+		param->value.iov_len = nval * sizeof(int);
+		break;
+	case CTLTYPE_LONG:
+	case CTLTYPE_ULONG:
+		param->value.iov_len = nval * sizeof(long);
+		break;
+	case CTLTYPE_STRUCT:
+		if (!strcmp(buf + sizeof(int), "S,in_addr"))
+			param->value.iov_len = nval * sizeof(struct in_addr);
 #ifdef INET6
-		case AF_INET6:
-			sai6 = (struct sockaddr_in6 *)(void *)res->ai_addr;
-			STAILQ_FOREACH(a6p, &addr6, addr6entries) {
-			    if (bcmp(&sai6->sin6_addr, &a6p->ip6,
-				sizeof(struct in6_addr)) == 0) {
-				    err(1, "Ignoring duplicate IPv6 address.");
-				    break;
-			    }
+		else if (!strcmp(buf + sizeof(int), "S,in6_addr"))
+			param->value.iov_len = nval * sizeof(struct in6_addr);
+#endif
+		else
+			errx(1, "%s: unknown parameter structure (%s)",
+			    name, buf + sizeof(int));
+		break;
+	case CTLTYPE_STRING:
+		if (!strcmp(name, "path")) {
+			param->value.iov_base = malloc(MAXPATHLEN);
+			if (param->value.iov_base == NULL)
+				err(1, "malloc");
+			if (realpath(value, param->value.iov_base) == NULL)
+				err(1, "%s: realpath(%s)", name, value);
+			if (chdir(param->value.iov_base) != 0)
+				err(1, "chdir: %s",
+				    (char *)param->value.iov_base);
+		} else
+			param->value.iov_base = value;
+		param->value.iov_len = strlen(param->value.iov_base) + 1;
+		return;
+	default:
+		errx(1, "%s: unknown parameter type %d (%s)",
+		    name, *(int *)buf, buf + sizeof(int));
+	}
+	param->value.iov_base = malloc(param->value.iov_len);
+	for (i = 0; i < nval; i++) {
+		switch (*(int *)buf & CTLTYPE) {
+		case CTLTYPE_INT:
+			((int *)param->value.iov_base)[i] =
+			    strtol(value, &ep, 10);
+			if (ep[0] != '\0')
+				errx(1, "%s: non-integer value \"%s\"",
+				    name, value);
+			break;
+		case CTLTYPE_UINT:
+			((unsigned *)param->value.iov_base)[i] =
+			    strtoul(value, &ep, 10);
+			if (ep[0] != '\0')
+				errx(1, "%s: non-integer value \"%s\"",
+				    name, value);
+			break;
+		case CTLTYPE_LONG:
+			((long *)param->value.iov_base)[i] =
+			    strtol(value, &ep, 10);
+			if (ep[0] != '\0')
+			    errx(1, "%s: non-integer value \"%s\"",
+				name, value);
+			break;
+		case CTLTYPE_ULONG:
+			((unsigned long *)param->value.iov_base)[i] =
+			    strtoul(value, &ep, 10);
+			if (ep[0] != '\0')
+			    errx(1, "%s: non-integer value \"%s\"",
+				name, value);
+			break;
+		case CTLTYPE_STRUCT:
+			if (!strcmp(buf + sizeof(int), "S,in_addr")) {
+				if (inet_pton(AF_INET, value,
+				    &((struct in_addr *)
+				    param->value.iov_base)[i]) != 1)
+					errx(1, "%s: not an IPv4 address: %s",
+					    name, value);
 			}
-			a6p = (struct addr6entry *) malloc(
-			    sizeof(struct addr6entry));
-			if (a6p == NULL) {
-				error = 1;
-				break;
+#ifdef INET6
+			else if (!strcmp(buf + sizeof(int), "S,in6_addr")) {
+				if (inet_pton(AF_INET6, value,
+				    &((struct in6_addr *)
+				    param->value.iov_base)[i]) != 1)
+					errx(1, "%s: not an IPv6 address: %s",
+					    name, value);
 			}
-			bzero(a6p, sizeof(struct addr6entry));
-			bcopy(&sai6->sin6_addr, &a6p->ip6,
-			    sizeof(struct in6_addr));
-			if (!STAILQ_EMPTY(&addr6))
-				count = STAILQ_FIRST(&addr6)->count;
-			else
-				count = 0;
-			STAILQ_INSERT_TAIL(&addr6, a6p, addr6entries);
-			STAILQ_FIRST(&addr6)->count = count + 1;
-			break;
 #endif
-		default:
-			err(1, "Address family %d not supported. Ignoring.\n",
-			    res->ai_family);
-			break;
 		}
+		value = strchr(value, '\0') + 1;
 	}
-
-	return (error);
 }
 
-static struct in_addr *
-copy_addr4(void)
+static void
+set_param_ip_hostname(char *value, int family)
 {
-	size_t len;
-	struct in_addr *ip4s, *p, ia;
-	struct addr4entry *a4p;
+	struct addrinfo hints, *ai0, *ai;
+	char *avalue, *nextav;
+	socklen_t avlen;
+	int error;
 
-	if (STAILQ_EMPTY(&addr4))
-		return NULL;
+	/* Look up the hostname in the specified address family. */
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = family;
+	error = getaddrinfo(value, NULL, &hints, &ai0);
+	if (error != 0)
+		errx(1, "hostname %s: %s", value, gai_strerror(error));
 
-	len = STAILQ_FIRST(&addr4)->count * sizeof(struct in_addr);
-
-	ip4s = p = (struct in_addr *)malloc(len);
-	if (ip4s == NULL)
-	return (NULL);
-
-	bzero(p, len);
-
-	while (!STAILQ_EMPTY(&addr4)) {
-		a4p = STAILQ_FIRST(&addr4);
-		STAILQ_REMOVE_HEAD(&addr4, addr4entries);
-		ia.s_addr = a4p->ip4.s_addr;
-		bcopy(&ia, p, sizeof(struct in_addr));
-		p++;
-		free(a4p);
+	/* Convert the addresses to ASCII so set_param can convert them back. */
+	avlen = 0;
+	for (ai = ai0; ai; ai = ai->ai_next)
+		avlen++;
+	avlen *=
+#ifdef INET6
+	    family == AF_INET6 ? INET6_ADDRSTRLEN :
+#endif
+	    INET_ADDRSTRLEN;
+	avalue = malloc(avlen);
+	if (avalue == NULL)
+		err(1, "malloc");
+	avalue[0] = 0;
+	for (nextav = avalue, ai = ai0; ai; ai = ai->ai_next) {
+		if (inet_ntop(family,
+#ifdef INET6
+		    family == AF_INET6 ?
+		    (void *)&((struct sockaddr_in6 *)&ai->ai_addr)->sin6_addr :
+#endif
+		    (void *)&((struct sockaddr_in *)&ai->ai_addr)->sin_addr,
+		    nextav, avlen - (nextav - avalue)) == NULL)
+			err(1, "inet_ntop");
+		if (ai->ai_next) {
+			nextav = strchr(nextav, '\0');
+			*nextav++ = ',';
+		}
 	}
-
-	return (ip4s);
+	set_param(
+#ifdef INET6
+	    family == AF_INET6 ? "ip6.addr" :
+#endif
+	    "ip4.addr", avalue);
 }
 
-#ifdef INET6
-static struct in6_addr *
-copy_addr6(void)
+static void
+usage(void)
 {
-	size_t len;
-	struct in6_addr *ip6s, *p;
-	struct addr6entry *a6p;
 
-	if (STAILQ_EMPTY(&addr6))
-		return NULL;
-
-	len = STAILQ_FIRST(&addr6)->count * sizeof(struct in6_addr);
-
-	ip6s = p = (struct in6_addr *)malloc(len);
-	if (ip6s == NULL)
-		return (NULL);
-
-	bzero(p, len);
-
-	while (!STAILQ_EMPTY(&addr6)) {
-		a6p = STAILQ_FIRST(&addr6);
-		STAILQ_REMOVE_HEAD(&addr6, addr6entries);
-		bcopy(&a6p->ip6, p, sizeof(struct in6_addr));
-		p++;
-		free(a6p);
-	}
-
-	return (ip6s);
+	(void)fprintf(stderr,
+	    "usage: jail [-d] [-i] [-J jid_file] [-s securelevel]\n"
+	    "            [-l -u username | -U username]\n"
+	    "            [[-c | -o] param=value ... [command=command ...] |\n"
+	    "             path hostname ip command ...]\n"
+	    "       jail [-r jail]\n");
+	exit(1);
 }
-#endif
-
Index: usr.sbin/jail/jail.8
===================================================================
--- usr.sbin/jail/jail.8	(revision 191896)
+++ usr.sbin/jail/jail.8	(working copy)
@@ -1,5 +1,6 @@
 .\"
 .\" Copyright (c) 2000, 2003 Robert N. M. Watson
+.\" Copyright (c) 2008 James Gritton
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -33,49 +34,37 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 24, 2009
+.Dd May 9, 2009
 .Dt JAIL 8
 .Os
 .Sh NAME
 .Nm jail
-.Nd "imprison process and its descendants"
+.Nd "create or modify a system jail"
 .Sh SYNOPSIS
 .Nm
-.Op Fl hi
-.Op Fl n Ar jailname
+.Op Fl di
 .Op Fl J Ar jid_file
 .Op Fl s Ar securelevel
 .Op Fl l u Ar username | Fl U Ar username
-.Ar path hostname [ip[,..]] command ...
+.Op Fl c | o
+.Op Ar parameter=value ... | path hostname ip command ...
+.Br
+.Nm
+.Op Fl r Ar jail
 .Sh DESCRIPTION
 The
 .Nm
-utility imprisons a process and all future descendants.
+utility creates a new jail or modifies an existing jail, optionally
+imprisoning the current process (and future descendants) inside it.
 .Pp
 The options are as follows:
-.Bl -tag -width ".Fl u Ar username"
-.It Fl h
-Resolve
-.Va hostname
-and add all IP addresses returned by the resolver
-to the list of
-.Va ip-addresses
-for this prison.
-This may affect default address selection for outgoing IPv4 connections
-of prisons.
-The address first returned by the resolver for each address family
-will be used as primary address.
-See
-.Va ip-addresses
-further down for details.
+.Bl -tag -width indent
+.It Fl d
+Allow making changes to a
+.Va
+dying jail.
 .It Fl i
 Output the jail identifier of the newly created jail.
-.It Fl n Ar jailname
-Assign and administrative name to the jail that can be used for management
-or auditing purposes.
-The system will
-.Sy not enforce
-the name to be unique.
 .It Fl J Ar jid_file
 Write a
 .Ar jid_file
@@ -100,7 +89,10 @@
 .It Fl s Ar securelevel
 Sets the
 .Va kern.securelevel
-sysctl variable to the specified value inside the newly created jail.
+MIB entry to the specified value inside the newly created jail.
+This is equivalent to setting the jail's
+.Va securelevel
+parameter.
 .It Fl u Ar username
 The user name from host environment as whom the
 .Ar command
@@ -109,20 +101,159 @@
 The user name from jailed environment as whom the
 .Ar command
 should run.
-.It Ar path
+.It Fl c
+Create a new jail, but do not modify an existing one.
+Default behavior is to allow modification if a
+.Va jid
+or
+.Va name
+parameter refers to an existing jail.
+.It Fl o
+Only modify an existing jail, but do not create one.
+One of the
+.Va jid
+or
+.Va name
+parameters must exist and refer to an existing jail.
+.It Fl r
+Remove the
+.Ar jail
+specified by jid or name.
+All jailed processes are killed, and all children of this jail are also
+removed.
+.El
+.Pp
+.Ar Parameters
+are listed in
+.Dq name=value
+form, following the options.
+Some parameters are boolean, and do not have a value but are set by the
+name alone with or without a
+.Dq no
+prefix, e.g.
+.Va persist
+or
+.Va nopersist .
+Any parameters not set will be given default values, generally based on the
+current environment.
+.Pp
+The pseudo-parameter
+.Va command
+specifies that the current process should enter the new (or modified) jail,
+and run the specified command.
+It must be the last parameter specified, because it includes not only
+the value following the
+.Sq =
+sign, but also passes the rest of the arguments to the command.
+.Pp
+Instead of supplying named
+.Ar parameters ,
+four fixed parameters may be supplied in order on the command line:
+.Ar path ,
+.Ar hostname ,
+.Ar ip ,
+and
+.Ar command .
+As the
+.Va jid
+and
+.Va name
+parameters aren't in this list, this mode will always create a new jail, and
+the
+.Fl c
+and
+.Fl o
+options don't apply.
+.Pp
+Jails have a set a core parameters, and modules can add their own jail
+parameters.
+The current set of available parameters can be retrieved via
+.Dq Nm sysctl Fl d Va security.jail.param .
+Some of the notable core parameters include:
+.Bl -tag -width indent
+.It Va jid
+The jail identifier.
+This will be assigned automatically to a new jail (or can be explicitly
+set), and can be used to identify the jail for later modification, or
+for such commands as
+.Xr jls 8
+or
+.Xr jexec 8 .
+.It Va name
+The jail name.
+This is an arbitrary string that identifies a jail (except it may not
+contain a
+.Sq \&. ) .
+Like the
+.Va jid ,
+it can be passed to later
+.Nm
+commands, or to
+.Xr jls 8
+or
+.Xr jexec 8 .
+If no
+.Va name
+is supplied, a default is assumed that is the same as the
+.Va jid .
+.It Va path
 Directory which is to be the root of the prison.
-.It Ar hostname
-Hostname of the prison.
-.It Ar ip-addresses
-None, one or more IPv4 and IPv6 addresses assigned to the prison.
-The first address of each address family that was assigned to the jail will
-be used as the source address in case source address selection on unbound
-sockets cannot find a better match.
+The
+.Va command
+(if any) is run from this directory, as are commands from
+.Xr jexec 8 .
+.It Va ip4.addr
+A comma-separated list of IPv4 addresses assigned to the prison.
+If this is set, the jail is restricted to using only these address.
+Any attempts to use other addresses fail, and attempts to use wildcard
+addresses silently use the jailed address instead.
+For IPv4 the first address given will be kept used as the source address
+in case source address selection on unbound sockets cannot find a better
+match.
 It is only possible to start multiple jails with the same IP address,
 if none of the jails has more than this single overlapping IP address
-assigned to itself for the address family in question.
-.It Ar command
-Pathname of the program which is to be executed.
+assigned to itself.
+.Pp
+A list of zero elements (an empty string) will stop the jail from using IPv4
+entirely; setting the boolean parameter
+.Ar noip4
+will not restrict the jail at all.
+.It Va ip6.addr
+A list of IPv6 addresses assigned to the prison, the counterpart to
+.Ar ip4.addr
+above.
+.It Va host.hostname
+Hostname of the prison.
+If not specified, a jail will use the system hostname.
+.It Va ip4_hostname
+.It Va ip6_hostname
+These psuedo-parameters actually set the jail's
+.Va ip4
+and
+.Va ip6
+parameters, but will get those addresses by resolving the supplied hostname.
+.It Va securelevel
+The value of the jail's
+.Va kern.securelevel
+sysctl.
+A jail never has a lower securelevel than the default system, but by
+setting this parameter it may have a higher one.
+If the system securelevel is changed, any jail securelevels will be at
+least as secure.
+.It Va persist
+Setting this boolean parameter allows a jail to exist without any
+processes.
+Normally, a jail is destroyed as its last process exits.
+.It Va command
+The command to run after creating or modifying the jail.
+This command is run inside the jail, under the
+.Va path
+directory.
+A new jail must have either the
+.Va persist
+or
+.Va command
+parameter set.
 .El
 .Pp
 Jails are typically set up using one of two philosophies: either to
@@ -142,10 +273,6 @@
 This manual page documents the configuration steps necessary to support
 either of these steps, although the configuration steps may be
 refined based on local requirements.
-.Pp
-Please see the
-.Xr jail 2
-man page for further details.
 .Sh EXAMPLES
 .Ss "Setting up a Jail Directory Tree"
 To set up a jail directory tree containing an entire
@@ -359,15 +486,6 @@
 virtual host interface, and then start the jail's
 .Pa /etc/rc
 script from within the jail.
-.Pp
-NOTE: If you plan to allow untrusted users to have root access inside the
-jail, you may wish to consider setting the
-.Va security.jail.set_hostname_allowed
-sysctl variable to 0.
-Please see the management discussion later in this document as to why this
-may be a good idea.
-If you do decide to set this variable,
-it must be set before starting any jails, and once each boot.
 .Bd -literal -offset indent
 ifconfig ed0 inet alias 192.0.2.100/32
 mount -t procfs proc /data/jail/192.0.2.100/proc
@@ -445,7 +563,7 @@
 .Pp
 The
 .Pa /proc/ Ns Ar pid Ns Pa /status
-file contains, as its last field, the hostname of the jail in which the
+file contains, as its last field, the name of the jail in which the
 process runs, or
 .Dq Li -
 to indicate that the process is not running within a jail.
@@ -454,21 +572,7 @@
 command also shows a
 .Ql J
 flag for processes in a jail.
-However, the hostname for a jail may be, by
-default, modified from within the jail, so the
-.Pa /proc
-status entry is unreliable by default.
-To disable the setting of the hostname
-from within a jail, set the
-.Va security.jail.set_hostname_allowed
-sysctl variable in the host environment to 0, which will affect all jails.
-You can have this sysctl set on each boot using
-.Xr sysctl.conf 5 .
-Just add the following line to
-.Pa /etc/sysctl.conf :
 .Pp
-.Dl security.jail.set_hostname_allowed=0
-.Pp
 You can also list/kill processes based on their jail ID.
 To show processes and their jail ID, use the following command:
 .Pp
@@ -510,8 +614,6 @@
 the host environment using
 .Xr sysctl 8
 MIB variables.
-Currently, these variables affect all jails on the system, although in
-the future this functionality may be finer grained.
 .Bl -tag -width XXX
 .It Va security.jail.allow_raw_sockets
 This MIB entry determines whether or not prison root is allowed to
@@ -555,12 +657,6 @@
 .Xr hostname 1
 or
 .Xr sethostname 3 .
-In the current jail implementation, the ability to set the hostname from
-within the jail can impact management tools relying on the accuracy of jail
-information in
-.Pa /proc .
-As such, this should be disabled in environments where privileged access to
-jails is given out to untrusted parties.
 .It Va security.jail.socket_unixiproute_only
 The jail functionality binds an IPv4 address to each jail, and limits
 access to other network addresses in the IPv4 space that may be available
@@ -605,12 +701,30 @@
 a jail.
 This functionality is disabled by default, but can be enabled by setting this
 MIB entry to 1.
-.It Va security.jail.jail_max_af_ips
+.It Va security.jail.allow_jails
+This MIB entry determines if a privileged user inside a jail can create
+sub-jails under that jail.  It is disabled by default, but can be enabled by
+setting this MIB entry to 1.  See the section below for more information on
+hierarchical jails.
+.It Va security.jail.max_af_ips
 This MIB entry determines how may address per address family a prison
 may have. The default is 255.
 .El
 .Pp
-The read-only sysctl variable
+These variables affect all jails on the system.  Finer grained control is
+available via per-jail boolean parameters in the
+.Va perm
+group.  For example, to globally allow raw socket creation, you can set the
+.Va security.jail.allow_raw_sockets
+MIB entry; to allow a single jail to create raw sockets, set its
+.Va perm.allow_raw_sockets
+parameter.  Or to disallow a single jail from setting its hostname, set
+.Va perm.noset_hostname_allowed .
+These per-jail permission parameters default to the current value of the
+associated sysctls at the time of jail creation, but changing the sysctls
+won't change the behavior of existing jails.
+.Pp
+The read-only MIB entry
 .Va security.jail.jailed
 can be used to determine if a process is running inside a jail (value
 is one) or not (value is zero).
@@ -632,6 +746,68 @@
 .Va kern.securelevel
 and
 .Va kern.hostname .
+.Ss "Hierarchical Jails"
+By setting the
+.Va security.jail.allow_jails
+MIB entry or a jail's
+.Va perm.allow_jails
+parameter, processes within a jail may be able to create jails of their own.
+These child jails are kept in a hierarchy, with jails only able to see and/or
+modify their own jails (or those jails' children).
+Each jail has a read-only
+.Va parent
+parameter, containing the
+.Va jid
+of the jail that created it; a
+.Va jid
+of 0 indicated the jail is a child of the current jail (or is a top-level
+jail if the current process isn't jailed).
+Jail parameters that are normally inherited from the base system, are in
+the hierarchical case inherited from the jail that created them.
+.Pp
+The global sysctl MIB entries listed above (with the exception of
+.Va security.jail.jailed_sockets_first )
+are per-jail, and can be used to define the default permissions of child
+jails.
+Jailed processes are not allowed to confer greater permissions than they
+themselves are given, e.g. if a jail is created with
+.Va perm.noset_hostname_allowed ,
+it is not able to set its
+.Va security.jail.set_hostname_allowed
+sysctl.
+Similarly, such restrictions as
+.Va ip4
+and
+.Va securelevel
+may not be bypassed in child jails.
+.Pp
+A child jail may in turn create its own child jails, unless its own
+.Va perm.noallow_jails
+parameter is set (remember, it defaults to the parent jail's value).
+These jails are visible to and can be modified by their parent and all
+ancestors.
+.Pp
+Jail names reflect this hierarchy, with a full name being an MIB-type string
+separated by dots.
+For example, if a base system process creates a jail
+.Dq foo ,
+and a process under that jail creates another jail
+.Dq bar ,
+then the second jail will be seen as
+.Dq foo.bar
+in the base system (though it is only seen as
+.Dq bar
+to any processes inside jail
+.Dq foo ) .
+Jids on the other hand exist in a single space, and each jail must have a
+unique jid.
+.Pp
+Like the names, a child jail's
+.Va path
+is relative to its creator's own
+.Va path .
+This is by virtue of the child jail being created in the chrooted
+environment of the first jail.
 .Sh SEE ALSO
 .Xr killall 1 ,
 .Xr lsvfs 1 ,
@@ -641,7 +817,7 @@
 .Xr ps 1 ,
 .Xr quota 1 ,
 .Xr chroot 2 ,
-.Xr jail 2 ,
+.Xr jail_set 2 ,
 .Xr jail_attach 2 ,
 .Xr procfs 5 ,
 .Xr rc.conf 5 ,
@@ -665,6 +841,8 @@
 .Nm
 utility appeared in
 .Fx 4.0 .
+Extensible jail parameters were introduced in
+.Fx 8.0 .
 .Sh AUTHORS
 .An -nosplit
 The jail feature was written by
@@ -683,6 +861,9 @@
 originally done by
 .An Pawel Jakub Dawidek
 for IPv4.
+.Pp
+.An James Gritton
+added the extensible jail parameters and hierchical jails.
 .Sh BUGS
 Jail currently lacks the ability to allow access to
 specific jail information via


More information about the freebsd-virtualization mailing list