svn commit: r278484 - in stable/10: etc/rc.d usr.sbin/jail
Jamie Gritton
jamie at FreeBSD.org
Tue Feb 10 01:05:54 UTC 2015
Author: jamie
Date: Tue Feb 10 01:05:51 2015
New Revision: 278484
URL: https://svnweb.freebsd.org/changeset/base/278484
Log:
MFC r278323:
Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.
Also fix a typo while I'm at it.
PR: 197237 197066
Modified:
stable/10/etc/rc.d/jail
stable/10/usr.sbin/jail/command.c
stable/10/usr.sbin/jail/config.c
stable/10/usr.sbin/jail/jail.8
stable/10/usr.sbin/jail/jail.c
stable/10/usr.sbin/jail/jailp.h
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/etc/rc.d/jail
==============================================================================
--- stable/10/etc/rc.d/jail Tue Feb 10 01:02:02 2015 (r278483)
+++ stable/10/etc/rc.d/jail Tue Feb 10 01:05:51 2015 (r278484)
@@ -28,7 +28,7 @@ extra_commands="config console status"
need_dad_wait=
-# extact_var jail name param num defval
+# extract_var jail name param num defval
# Extract value from ${jail_$jail_$name} or ${jail_$name} and
# set it to $param. If not defined, $defval is used.
# When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and
@@ -233,8 +233,7 @@ parse_options()
fi
eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}}
if checkyesno jail_${_j}_procfs_enable; then
- echo " mount += " \
- "\"procfs ${_rootdir%/}/proc procfs rw 0 0\";"
+ echo " mount.procfs;"
fi
eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}}
Modified: stable/10/usr.sbin/jail/command.c
==============================================================================
--- stable/10/usr.sbin/jail/command.c Tue Feb 10 01:02:02 2015 (r278483)
+++ stable/10/usr.sbin/jail/command.c Tue Feb 10 01:05:51 2015 (r278484)
@@ -112,6 +112,12 @@ next_command(struct cfjail *j)
if (!bool_param(j->intparams[IP_MOUNT_FDESCFS]))
continue;
j->comstring = &dummystring;
+ break;
+ case IP_MOUNT_PROCFS:
+ if (!bool_param(j->intparams[IP_MOUNT_PROCFS]))
+ continue;
+ j->comstring = &dummystring;
+ break;
case IP__OP:
case IP_STOP_TIMEOUT:
j->comstring = &dummystring;
@@ -529,6 +535,32 @@ run_command(struct cfjail *j)
}
break;
+ case IP_MOUNT_PROCFS:
+ argv = alloca(7 * sizeof(char *));
+ path = string_param(j->intparams[KP_PATH]);
+ if (path == NULL) {
+ jail_warnx(j, "mount.procfs: no path");
+ return -1;
+ }
+ devpath = alloca(strlen(path) + 6);
+ sprintf(devpath, "%s/proc", path);
+ if (check_path(j, "mount.procfs", devpath, 0,
+ down ? "procfs" : NULL) < 0)
+ return -1;
+ if (down) {
+ *(const char **)&argv[0] = "/sbin/umount";
+ argv[1] = devpath;
+ argv[2] = NULL;
+ } else {
+ *(const char **)&argv[0] = _PATH_MOUNT;
+ *(const char **)&argv[1] = "-t";
+ *(const char **)&argv[2] = "procfs";
+ *(const char **)&argv[3] = ".";
+ argv[4] = devpath;
+ argv[5] = NULL;
+ }
+ break;
+
case IP_COMMAND:
if (j->name != NULL)
goto default_command;
Modified: stable/10/usr.sbin/jail/config.c
==============================================================================
--- stable/10/usr.sbin/jail/config.c Tue Feb 10 01:02:02 2015 (r278483)
+++ stable/10/usr.sbin/jail/config.c Tue Feb 10 01:05:51 2015 (r278484)
@@ -84,6 +84,7 @@ static const struct ipspec intparams[] =
[IP_MOUNT] = {"mount", PF_INTERNAL | PF_REV},
[IP_MOUNT_DEVFS] = {"mount.devfs", PF_INTERNAL | PF_BOOL},
[IP_MOUNT_FDESCFS] = {"mount.fdescfs", PF_INTERNAL | PF_BOOL},
+ [IP_MOUNT_PROCFS] = {"mount.procfs", PF_INTERNAL | PF_BOOL},
[IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL},
[IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT},
[IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL},
Modified: stable/10/usr.sbin/jail/jail.8
==============================================================================
--- stable/10/usr.sbin/jail/jail.8 Tue Feb 10 01:02:02 2015 (r278483)
+++ stable/10/usr.sbin/jail/jail.8 Tue Feb 10 01:05:51 2015 (r278484)
@@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd January 28, 2015
+.Dd February 6, 2015
.Dt JAIL 8
.Os
.Sh NAME
@@ -753,6 +753,12 @@ Mount a
filesystem on the chrooted
.Pa /dev/fd
directory.
+.It Va mount.procfs
+Mount a
+.Xr procfs 5
+filesystem on the chrooted
+.Pa /proc
+directory.
.It Va allow.dying
Allow making changes to a
.Va dying
@@ -1206,6 +1212,7 @@ environment of the first jail.
.Xr jls 8 ,
.Xr mount 8 ,
.Xr named 8 ,
+.Xr procfs 5 ,
.Xr reboot 8 ,
.Xr rpcbind 8 ,
.Xr sendmail 8 ,
Modified: stable/10/usr.sbin/jail/jail.c
==============================================================================
--- stable/10/usr.sbin/jail/jail.c Tue Feb 10 01:02:02 2015 (r278483)
+++ stable/10/usr.sbin/jail/jail.c Tue Feb 10 01:05:51 2015 (r278484)
@@ -93,6 +93,7 @@ static const enum intparam startcommands
IP__MOUNT_FROM_FSTAB,
IP_MOUNT_DEVFS,
IP_MOUNT_FDESCFS,
+ IP_MOUNT_PROCFS,
IP_EXEC_PRESTART,
IP__OP,
IP_VNET_INTERFACE,
@@ -109,6 +110,7 @@ static const enum intparam stopcommands[
IP_STOP_TIMEOUT,
IP__OP,
IP_EXEC_POSTSTOP,
+ IP_MOUNT_PROCFS,
IP_MOUNT_FDESCFS,
IP_MOUNT_DEVFS,
IP__MOUNT_FROM_FSTAB,
Modified: stable/10/usr.sbin/jail/jailp.h
==============================================================================
--- stable/10/usr.sbin/jail/jailp.h Tue Feb 10 01:02:02 2015 (r278483)
+++ stable/10/usr.sbin/jail/jailp.h Tue Feb 10 01:05:51 2015 (r278484)
@@ -96,6 +96,7 @@ enum intparam {
IP_MOUNT, /* Mount points in fstab(5) form */
IP_MOUNT_DEVFS, /* Mount /dev under prison root */
IP_MOUNT_FDESCFS, /* Mount /dev/fd under prison root */
+ IP_MOUNT_PROCFS, /* Mount /proc under prison root */
IP_MOUNT_FSTAB, /* A standard fstab(5) file */
IP_STOP_TIMEOUT, /* Time to wait after sending SIGTERM */
IP_VNET_INTERFACE, /* Assign interface(s) to vnet jail */
More information about the svn-src-all
mailing list