git: 7e49aa86a282 - main - ifconfig(8): Teach ifconfig to attach and run itself in a jail

Reply: Steffen Nurpmeso : "Re: git: 7e49aa86a282 - main - ifconfig(8): Teach ifconfig to attach and run itself in a jail"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Li-Wen Hsu <lwhsu_at_FreeBSD.org>
Date: Tue, 23 May 2023 20:56:21 UTC
The branch main has been updated by lwhsu:

URL: https://cgit.FreeBSD.org/src/commit/?id=7e49aa86a2824e76e9d9becf61db12066bc0d79d

commit 7e49aa86a2824e76e9d9becf61db12066bc0d79d
Author:     Yan Ka Chiu <nyan@myuji.xyz>
AuthorDate: 2023-05-23 20:39:22 +0000
Commit:     Li-Wen Hsu <lwhsu@FreeBSD.org>
CommitDate: 2023-05-23 20:39:22 +0000

    ifconfig(8): Teach ifconfig to attach and run itself in a jail
    
    Add -j <jail> flag to ifconfig to allow ifconfig to attach and run inside a
    jail. This allow parent to configure network interfaces of its children
    even if ifconfig is not available in child's tree (e.g. Linux Jails)
    
    Reviewed by:    emaste, khng, melifaro
    Event:          Kitchener-Waterloo Hackathon 202305
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D40213
---
 sbin/ifconfig/ifconfig.8 | 24 +++++++++++++++++++++++-
 sbin/ifconfig/ifconfig.c | 38 +++++++++++++++++++++++++++++++-------
 sbin/ifconfig/ifconfig.h |  1 +
 3 files changed, 55 insertions(+), 8 deletions(-)

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index 4669e96e28e6..a7e1bb26d81a 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -28,7 +28,7 @@
 .\"     From: @(#)ifconfig.8	8.3 (Berkeley) 1/5/94
 .\" $FreeBSD$
 .\"
-.Dd March 6, 2023
+.Dd May 22, 2023
 .Dt IFCONFIG 8
 .Os
 .Sh NAME
@@ -36,6 +36,7 @@
 .Nd configure network interface parameters
 .Sh SYNOPSIS
 .Nm
+.Op Fl j Ar jail
 .Op Fl kLmn
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Ar interface
@@ -49,9 +50,11 @@
 .Oc
 .Op Ar parameters
 .Nm
+.Op Fl j Ar jail
 .Ar interface
 .Cm destroy
 .Nm
+.Op Fl j Ar jail
 .Fl a
 .Op Fl dkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
@@ -61,13 +64,16 @@
 .Nm
 .Fl C
 .Nm
+.Op Fl j Ar jail
 .Fl g Ar groupname
 .Nm
+.Op Fl j Ar jail
 .Fl l
 .Op Fl du
 .Op Fl g Ar groupname
 .Op Ar address_family
 .Nm
+.Op Fl j Ar jail
 .Op Fl dkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Sh DESCRIPTION
@@ -233,6 +239,22 @@ Setting
 to
 .Cm all
 selects all interfaces.
+.It Fl j Ar jail
+Perform the actions inside the
+.Ar jail .
+.Pp
+The
+.Cm ifconfig
+will first attach to the
+.Ar jail
+(by jail id or jail name) before performing the effects.
+.Pp
+This allow network interfaces of
+.Ar jail
+to be configured even if the
+.Cm ifconfig
+binary is not available in
+.Ar jail .
 .It Fl k
 Print keying information for the
 .Ar interface ,
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index c5e7b7befc72..e1467e661657 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -42,6 +42,9 @@ static const char rcsid[] =
 
 #include <sys/param.h>
 #include <sys/ioctl.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
 #include <sys/module.h>
 #include <sys/linker.h>
 #include <sys/nv.h>
@@ -184,12 +187,12 @@ usage(void)
 	}
 
 	fprintf(stderr,
-	"usage: ifconfig [-f type:format] %sinterface address_family\n"
+	"usage: ifconfig [-j jail] [-f type:format] %sinterface address_family\n"
 	"                [address [dest_address]] [parameters]\n"
-	"       ifconfig interface create\n"
-	"       ifconfig -a %s[-d] [-m] [-u] [-v] [address_family]\n"
-	"       ifconfig -l [-d] [-u] [address_family]\n"
-	"       ifconfig %s[-d] [-m] [-u] [-v]\n",
+	"       ifconfig [-j jail] interface create\n"
+	"       ifconfig [-j jail] -a %s[-d] [-m] [-u] [-v] [address_family]\n"
+	"       ifconfig [-j jail] -l [-d] [-u] [address_family]\n"
+	"       ifconfig [-j jail] %s[-d] [-m] [-u] [-v]\n",
 		options, options, options);
 	exit(1);
 }
@@ -437,7 +440,7 @@ args_parse(struct ifconfig_args *args, int argc, char *argv[])
 	int c;
 
 	/* Parse leading line options */
-	strlcpy(options, "G:adf:klmnuv", sizeof(options));
+	strlcpy(options, "G:adf:j:klmnuv", sizeof(options));
 	for (p = opts; p != NULL; p = p->next)
 		strlcat(options, p->opt, sizeof(options));
 	while ((c = getopt(argc, argv, options)) != -1) {
@@ -458,6 +461,15 @@ args_parse(struct ifconfig_args *args, int argc, char *argv[])
 				usage();
 			args->nogroup = optarg;
 			break;
+		case 'j':
+#ifdef JAIL
+			if (optarg == NULL)
+				usage();
+			args->jail_name = optarg;
+#else
+			Perror("not built with jail support");
+#endif
+			break;
 		case 'k':
 			args->printkeys = true;
 			break;
@@ -547,7 +559,9 @@ main(int ac, char *av[])
 	char *envformat;
 	size_t iflen;
 	int flags;
-
+#ifdef JAIL
+	int jid;
+#endif
 	f_inet = f_inet6 = f_ether = f_addr = NULL;
 
 	lifh = ifconfig_open();
@@ -566,6 +580,16 @@ main(int ac, char *av[])
 
 	args_parse(&args, ac, av);
 
+#ifdef JAIL
+	if (args.jail_name) {
+		jid = jail_getid(args.jail_name);
+		if (jid == -1)
+			Perror("jail not found");
+		if (jail_attach(jid) != 0)
+			Perror("cannot attach to jail");
+	}
+#endif
+
 	if (!args.all && !args.namesonly) {
 		/* not listing, need an argument */
 		args.ifname = args_pop(&args);
diff --git a/sbin/ifconfig/ifconfig.h b/sbin/ifconfig/ifconfig.h
index 7b2b88a4dfac..1df94f357c43 100644
--- a/sbin/ifconfig/ifconfig.h
+++ b/sbin/ifconfig/ifconfig.h
@@ -219,6 +219,7 @@ struct ifconfig_args {
 	const char *matchgroup;		/* Group name to match */
 	const char *nogroup;		/* Group name to exclude */
 	const struct afswtch *afp;	/* AF we're operating on */
+	const char *jail_name;	/* Jail name or jail id specified */
 };
 
 struct option {