svn commit: r337863 - in head: sys/sys usr.sbin/jail

Alexander Leidinger netchild at FreeBSD.org
Wed Aug 15 18:35:44 UTC 2018 

Author: netchild
Date: Wed Aug 15 18:35:42 2018
New Revision: 337863
URL: https://svnweb.freebsd.org/changeset/base/337863

Log:
  - Add exec hook "exec.created". This is called when the jail is
    created and before exec.start is called.			[1]
  - Bump __FreeBSD_version.
  
  This allows to attach ZFS datasets and various other things to be
  done before any command/service/rc-script is started in the new
  jail.
  
  PR:			228066					[1]
  Reviewed by:		jamie					[1]
  Submitted by:		Stefan Grönke <stefan at gronke.net>	[1]
  Differential Revision:	https://reviews.freebsd.org/D15330	[1]

Modified:
  head/sys/sys/param.h
  head/usr.sbin/jail/command.c
  head/usr.sbin/jail/config.c
  head/usr.sbin/jail/jail.8
  head/usr.sbin/jail/jail.c
  head/usr.sbin/jail/jailp.h

Modified: head/sys/sys/param.h
==============================================================================
--- head/sys/sys/param.h	Wed Aug 15 18:19:45 2018	(r337862)
+++ head/sys/sys/param.h	Wed Aug 15 18:35:42 2018	(r337863)
@@ -60,7 +60,7 @@
  *		in the range 5 to 9.
  */
 #undef __FreeBSD_version
-#define __FreeBSD_version 1200077	/* Master, propagated to newvers */
+#define __FreeBSD_version 1200078	/* Master, propagated to newvers */
 
 /*
  * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,

Modified: head/usr.sbin/jail/command.c
==============================================================================
--- head/usr.sbin/jail/command.c	Wed Aug 15 18:19:45 2018	(r337862)
+++ head/usr.sbin/jail/command.c	Wed Aug 15 18:35:42 2018	(r337863)
@@ -147,8 +147,8 @@ next_command(struct cfjail *j)
 		}
 		if (j->comstring == NULL || j->comstring->len == 0 ||
 		    (create_failed && (comparam == IP_EXEC_PRESTART ||
-		    comparam == IP_EXEC_START || comparam == IP_COMMAND ||
-		    comparam == IP_EXEC_POSTSTART)))
+		    comparam == IP_EXEC_CREATED || comparam == IP_EXEC_START ||
+		    comparam == IP_COMMAND || comparam == IP_EXEC_POSTSTART)))
 			continue;
 		switch (run_command(j)) {
 		case -1:

Modified: head/usr.sbin/jail/config.c
==============================================================================
--- head/usr.sbin/jail/config.c	Wed Aug 15 18:19:45 2018	(r337862)
+++ head/usr.sbin/jail/config.c	Wed Aug 15 18:35:42 2018	(r337863)
@@ -73,6 +73,7 @@ static const struct ipspec intparams[] = {
     [IP_EXEC_POSTSTOP] =	{"exec.poststop",	PF_INTERNAL},
     [IP_EXEC_PRESTART] =	{"exec.prestart",	PF_INTERNAL},
     [IP_EXEC_PRESTOP] =		{"exec.prestop",	PF_INTERNAL},
+    [IP_EXEC_CREATED] =		{"exec.created",	PF_INTERNAL},
     [IP_EXEC_START] =		{"exec.start",		PF_INTERNAL},
     [IP_EXEC_STOP] =		{"exec.stop",		PF_INTERNAL},
     [IP_EXEC_SYSTEM_JAIL_USER]=	{"exec.system_jail_user",

Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8	Wed Aug 15 18:19:45 2018	(r337862)
+++ head/usr.sbin/jail/jail.8	Wed Aug 15 18:35:42 2018	(r337863)
@@ -706,6 +706,9 @@ The pseudo-parameters are:
 .Bl -tag -width indent
 .It Va exec.prestart
 Command(s) to run in the system environment before a jail is created.
+.It Va exec.created
+Command(s) to run in the system environment right after a jail has been
+created, but before commands (or services) get executed in the jail.
 .It Va exec.start
 Command(s) to run in the jail environment when a jail is created.
 A typical command to run is

Modified: head/usr.sbin/jail/jail.c
==============================================================================
--- head/usr.sbin/jail/jail.c	Wed Aug 15 18:19:45 2018	(r337862)
+++ head/usr.sbin/jail/jail.c	Wed Aug 15 18:35:42 2018	(r337863)
@@ -98,6 +98,7 @@ static const enum intparam startcommands[] = {
     IP_MOUNT_PROCFS,
     IP_EXEC_PRESTART,
     IP__OP,
+    IP_EXEC_CREATED,
     IP_VNET_INTERFACE,
     IP_EXEC_START,
     IP_COMMAND,

Modified: head/usr.sbin/jail/jailp.h
==============================================================================
--- head/usr.sbin/jail/jailp.h	Wed Aug 15 18:19:45 2018	(r337862)
+++ head/usr.sbin/jail/jailp.h	Wed Aug 15 18:35:42 2018	(r337863)
@@ -88,6 +88,7 @@ enum intparam {
 	IP_EXEC_POSTSTOP,	/* Commands run outside jail after removing */
 	IP_EXEC_PRESTART,	/* Commands run outside jail before creating */
 	IP_EXEC_PRESTOP,	/* Commands run outside jail before removing */
+	IP_EXEC_CREATED,	/* Commands run outside jail right after it was started */
 	IP_EXEC_START,		/* Commands run inside jail on creation */
 	IP_EXEC_STOP,		/* Commands run inside jail on removal */
 	IP_EXEC_SYSTEM_JAIL_USER,/* Get jail_user from system passwd file */

More information about the svn-src-head mailing list