svn commit: r214423 - projects/jailconf/usr.sbin/jail

Jamie Gritton jamie at FreeBSD.org
Wed Oct 27 16:22:55 UTC 2010


Author: jamie
Date: Wed Oct 27 16:22:54 2010
New Revision: 214423
URL: http://svn.freebsd.org/changeset/base/214423

Log:
  Keep all internal/known parameter names in one place, and use
  enum constants everywhere else.

Modified:
  projects/jailconf/usr.sbin/jail/config.c
  projects/jailconf/usr.sbin/jail/jail.c
  projects/jailconf/usr.sbin/jail/jailp.h

Modified: projects/jailconf/usr.sbin/jail/config.c
==============================================================================
--- projects/jailconf/usr.sbin/jail/config.c	Wed Oct 27 16:01:57 2010	(r214422)
+++ projects/jailconf/usr.sbin/jail/config.c	Wed Oct 27 16:22:54 2010	(r214423)
@@ -44,7 +44,6 @@ __FBSDID("$FreeBSD$");
 
 struct ipspec {
 	const char	*name;
-	enum intparam	ipnum;
 	unsigned	flags;
 };
 
@@ -53,52 +52,57 @@ extern int yynerrs;
 
 struct cfjails cfjails = TAILQ_HEAD_INITIALIZER(cfjails);
 
-static int cmp_intparam(const void *a, const void *b);
 static void free_param(struct cfparams *pp, struct cfparam *p);
 static void free_param_strings(struct cfparam *p);
 
-/* Note these must be in sort order */
 static const struct ipspec intparams[] = {
-    {"allow.dying",		IP_ALLOW_DYING,		PF_INTERNAL | PF_BOOL },
-    {"allow.nodying",		IP_ALLOW_DYING,		PF_INTERNAL | PF_BOOL },
-    {"command",			IP_COMMAND,		PF_INTERNAL },
-    {"depend",			IP_DEPEND,		PF_INTERNAL },
-    {"exec.clean",		IP_EXEC_CLEAN,		PF_INTERNAL | PF_BOOL },
-    {"exec.consolelog",		IP_EXEC_CONSOLELOG,	PF_INTERNAL },
-    {"exec.fib",		IP_EXEC_FIB,		PF_INTERNAL | PF_INT },
-    {"exec.jail_user",		IP_EXEC_JAIL_USER,	PF_INTERNAL },
-    {"exec.noclean",		IP_EXEC_CLEAN,		PF_INTERNAL | PF_BOOL },
-    {"exec.nosystem_jail_user",IP_EXEC_SYSTEM_JAIL_USER,PF_INTERNAL | PF_BOOL },
-    {"exec.poststart",		IP_EXEC_POSTSTART,	PF_INTERNAL },
-    {"exec.poststop",		IP_EXEC_POSTSTOP,	PF_INTERNAL },
-    {"exec.prestart",		IP_EXEC_PRESTART,	PF_INTERNAL },
-    {"exec.prestop",		IP_EXEC_PRESTOP,	PF_INTERNAL },
-    {"exec.start",		IP_EXEC_START,		PF_INTERNAL },
-    {"exec.stop",		IP_EXEC_STOP,		PF_INTERNAL },
-    {"exec.system_jail_user", IP_EXEC_SYSTEM_JAIL_USER,	PF_INTERNAL | PF_BOOL },
-    {"exec.system_user",	IP_EXEC_SYSTEM_USER,	PF_INTERNAL },
-    {"exec.timeout",		IP_EXEC_TIMEOUT,	PF_INTERNAL | PF_INT },
-    {"host.hostname",		KP_HOSTNAME,		0 },
-    {"interface",		IP_INTERFACE,		PF_INTERNAL },
-    {"ip4.addr",		KP_IP4_ADDR,		0 },
+    [IP_ALLOW_DYING] =		{"allow.dying",		PF_INTERNAL | PF_BOOL},
+    [IP_COMMAND] =		{"command",		PF_INTERNAL},
+    [IP_DEPEND] =		{"depend",		PF_INTERNAL},
+    [IP_EXEC_CLEAN] =		{"exec.clean",		PF_INTERNAL | PF_BOOL},
+    [IP_EXEC_CONSOLELOG] =	{"exec.consolelog",	PF_INTERNAL},
+    [IP_EXEC_FIB] =		{"exec.fib",		PF_INTERNAL | PF_INT},
+    [IP_EXEC_JAIL_USER] =	{"exec.jail_user",	PF_INTERNAL},
+    [IP_EXEC_POSTSTART] =	{"exec.poststart",	PF_INTERNAL},
+    [IP_EXEC_POSTSTOP] =	{"exec.poststop",	PF_INTERNAL},
+    [IP_EXEC_PRESTART] =	{"exec.prestart",	PF_INTERNAL},
+    [IP_EXEC_PRESTOP] =		{"exec.prestop",	PF_INTERNAL},
+    [IP_EXEC_START] =		{"exec.start",		PF_INTERNAL},
+    [IP_EXEC_STOP] =		{"exec.stop",		PF_INTERNAL},
+    [IP_EXEC_SYSTEM_JAIL_USER]=	{"exec.system_jail_user",
+							PF_INTERNAL | PF_BOOL},
+    [IP_EXEC_SYSTEM_USER] =	{"exec.system_user",	PF_INTERNAL},
+    [IP_EXEC_TIMEOUT] =		{"exec.timeout",	PF_INTERNAL | PF_INT},
+    [IP_INTERFACE] =		{"interface",		PF_INTERNAL},
+    [IP_IP_HOSTNAME] =		{"ip_hostname",		PF_INTERNAL | PF_BOOL},
+    [IP_MOUNT] =		{"mount",		PF_INTERNAL},
+    [IP_MOUNT_DEVFS] =		{"mount.devfs",		PF_INTERNAL | PF_BOOL},
+    [IP_MOUNT_DEVFS_RULESET]=	{"mount.devfs.ruleset",	PF_INTERNAL},
+    [IP_MOUNT_FSTAB] =		{"mount.fstab",		PF_INTERNAL},
+    [IP_STOP_TIMEOUT] =		{"stop.timeout",	PF_INTERNAL | PF_INT},
+    [IP_VNET_INTERFACE] =	{"vnet.interface",	PF_INTERNAL},
+    [IP__IP4_IFADDR] =		{"ip4.addr",		PF_INTERNAL | PF_CONV},
 #ifdef INET6
-    {"ip6.addr",		KP_IP6_ADDR,		0 },
+    [IP__IP6_IFADDR] =		{"ip6.addr",		PF_INTERNAL | PF_CONV},
 #endif
-    {"ip_hostname",		IP_IP_HOSTNAME,		PF_INTERNAL | PF_BOOL },
-    {"jid",			KP_JID,			PF_INT },
-    {"mount",			IP_MOUNT,		PF_INTERNAL },
-    {"mount.devfs",		IP_MOUNT_DEVFS,		PF_INTERNAL | PF_BOOL },
-    {"mount.devfs.ruleset",	IP_MOUNT_DEVFS_RULESET,	PF_INTERNAL },
-    {"mount.fstab",		IP_MOUNT_FSTAB,		PF_INTERNAL },
-    {"mount.nodevfs",		IP_MOUNT_DEVFS,		PF_INTERNAL | PF_BOOL },
-    {"name",			KP_NAME,		0 },
-    {"noip_hostname",		IP_IP_HOSTNAME,		PF_INTERNAL | PF_BOOL },
-    {"nopersist",		KP_PERSIST,		PF_BOOL },
-    {"path",			KP_PATH,		0 },
-    {"persist",			KP_PERSIST,		PF_BOOL },
-    {"stop.timeout",		IP_STOP_TIMEOUT,	PF_INTERNAL | PF_INT },
-    {"vnet",			KP_VNET,		0 },
-    {"vnet.interface",		IP_VNET_INTERFACE,	PF_INTERNAL },
+    [KP_ALLOW_CHFLAGS] =	{"allow.chflags",	0},
+    [KP_ALLOW_MOUNT] =		{"allow.mount",		0},
+    [KP_ALLOW_RAW_SOCKETS] =	{"allow.raw_sockets",	0},
+    [KP_ALLOW_SET_HOSTNAME]=	{"allow.set_hostname",	0},
+    [KP_ALLOW_SOCKET_AF] =	{"allow.socket_af",	0},
+    [KP_ALLOW_SYSVIPC] =	{"allow.sysvipc",	0},
+    [KP_ENFORCE_STATFS] =	{"enforce_statfs",	0},
+    [KP_HOST_HOSTNAME] =	{"host.hostname",	0},
+    [KP_IP4_ADDR] =		{"ip4.addr",		0},
+#ifdef INET6
+    [KP_IP6_ADDR] =		{"ip6.addr",		0},
+#endif
+    [KP_JID] =			{"jid",			0},
+    [KP_NAME] =			{"name",		0},
+    [KP_PATH] =			{"path",		0},
+    [KP_PERSIST] =		{"persist",		0},
+    [KP_SECURELEVEL] =		{"securelevel",		0},
+    [KP_VNET] =			{"vnet",		0},
 };
 
 /*
@@ -146,7 +150,7 @@ load_config(void)
 		 * though they may also be explicitly set later on.
 		 */
 		add_param(j, NULL,
-		    strtol(j->name, &ep, 10) && !*ep ? "jid" : "name",
+		    strtol(j->name, &ep, 10) && !*ep ? KP_JID : KP_NAME,
 		    j->name);
 		/*
 		 * Collect parameters for the jail, global parameters/variables,
@@ -156,16 +160,16 @@ load_config(void)
 		TAILQ_FOREACH(wj, &wild, tq) {
 			if (j->seq < wj->seq && !did_self) {
 				TAILQ_FOREACH(p, &opp, tq)
-					add_param(j, p, NULL, NULL);
+					add_param(j, p, 0, NULL);
 				did_self = 1;
 			}
 			if (wild_jail_match(j->name, wj->name))
 				TAILQ_FOREACH(p, &wj->params, tq)
-					add_param(j, p, NULL, NULL);
+					add_param(j, p, 0, NULL);
 		}
 		if (!did_self)
 			TAILQ_FOREACH(p, &opp, tq)
-				add_param(j, p, NULL, NULL);
+				add_param(j, p, 0, NULL);
 
 		/* Resolve any variable substitutions. */
 		pgen = 0;
@@ -274,13 +278,16 @@ add_jail(void)
  * Add a parameter to a jail.
  */
 void
-add_param(struct cfjail *j, const struct cfparam *p, const char *name,
+add_param(struct cfjail *j, const struct cfparam *p, enum intparam ipnum,
     const char *value)
 {
 	struct cfstrings nss;
 	struct cfparam *dp, *np;
 	struct cfstring *s, *ns;
 	struct cfvar *v, *nv;
+	struct ipspec *ips;
+	const char *name;
+	char *cs, *tname;
 	unsigned flags;
 
 	if (j == NULL) {
@@ -312,6 +319,18 @@ add_param(struct cfjail *j, const struct
 		}
 	} else {
 		flags = PF_APPEND;
+		if (ipnum != 0) {
+			name = intparams[ipnum].name;
+			flags |= intparams[ipnum].flags;
+		} else if ((cs = strchr(value, '='))) {
+			tname = alloca(cs - value + 1);
+			strlcpy(tname, value, cs - value + 1);
+			name = tname;
+			value = cs + 1;
+		} else {
+			name = value;
+			value = NULL;
+		}
 		if (value != NULL) {
 			ns = emalloc(sizeof(struct cfstring));
 			ns->s = estrdup(value);
@@ -322,21 +341,23 @@ add_param(struct cfjail *j, const struct
 	}
 
 	/* See if this parameter has already been added. */
-	TAILQ_FOREACH(dp, &j->params, tq) {
-		if (equalopts(dp->name, name)) {
-			/* Found it - append or replace. */
-			if (strcmp(dp->name, name)) {
-				free(dp->name);
-				dp->name = estrdup(name);
-			}
-			if (!(flags & PF_APPEND) || STAILQ_EMPTY(&nss))
-				free_param_strings(dp);
-			STAILQ_CONCAT(&dp->val, &nss);
-			dp->flags |= flags;
-			break;
-		}
-	}
-	if (dp == NULL) {
+	if (ipnum != 0)
+		dp = j->intparams[ipnum];
+	else
+		TAILQ_FOREACH(dp, &j->params, tq)
+			if (!(dp->flags & PF_CONV) && equalopts(dp->name, name))
+				break;
+	if (dp != NULL) {
+		/* Found it - append or replace. */
+		if (strcmp(dp->name, name)) {
+			free(dp->name);
+			dp->name = estrdup(name);
+		}
+		if (!(flags & PF_APPEND) || STAILQ_EMPTY(&nss))
+			free_param_strings(dp);
+		STAILQ_CONCAT(&dp->val, &nss);
+		dp->flags |= flags;
+	} else {
 		/* Not found - add it. */
 		np = emalloc(sizeof(struct cfparam));
 		np->name = estrdup(name);
@@ -345,29 +366,16 @@ add_param(struct cfjail *j, const struct
 		np->flags = flags;
 		np->gen = 0;
 		TAILQ_INSERT_TAIL(&j->params, np, tq);
-	}
-}
-
-/*
- * Find internal or known parameters.
- */
-void
-find_intparams(void)
-{
-	struct cfjail *j;
-	struct cfparam *p;
-	struct ipspec *ip;
-
-	TAILQ_FOREACH(j, &cfjails, tq) {
-		TAILQ_FOREACH(p, &j->params, tq) {
-			ip = bsearch(p->name, intparams,
-			    sizeof(intparams) / sizeof(intparams[0]),
-			    sizeof(struct ipspec), cmp_intparam);
-			if (ip != NULL) {
-				j->intparams[ip->ipnum] = p;
-				p->flags |= ip->flags;
-			}
-		}
+		if (ipnum != 0)
+			j->intparams[ipnum] = np;
+		else
+			for (ipnum = 1; ipnum < IP_NPARAM; ipnum++)
+				if (!(intparams[ipnum].flags & PF_CONV) &&
+				    equalopts(name, intparams[ipnum].name)) {
+					j->intparams[ipnum] = np;
+					np->flags |= intparams[ipnum].flags;
+					break;
+				}
 	}
 }
 
@@ -457,7 +465,6 @@ ip_params(struct cfjail *j)
 {
 	struct in_addr addr4;
 	struct addrinfo hints, *ai0, *ai;
-	struct cfparam *np;
 	struct cfstring *s, *ns;
 	char *cs, *ep;
 	const char *hostname;
@@ -477,7 +484,7 @@ ip_params(struct cfjail *j)
 	 * for any IP addresses it finds.
 	 */
 	if (bool_param(j->intparams[IP_IP_HOSTNAME]) &&
-	    (hostname = string_param(j->intparams[KP_HOSTNAME]))) {
+	    (hostname = string_param(j->intparams[KP_HOST_HOSTNAME]))) {
 		j->intparams[IP_IP_HOSTNAME] = NULL;
 		/*
 		 * Silently ignore unsupported address families from
@@ -526,7 +533,7 @@ ip_params(struct cfjail *j)
 						    &addr4, avalue4,
 						    INET_ADDRSTRLEN) == NULL)
 							err(1, "inet_ntop");
-						add_param(j, NULL, "ip4.addr",
+						add_param(j, NULL, KP_IP4_ADDR,
 						    avalue4);
 						break;
 #ifdef INET6
@@ -539,7 +546,7 @@ ip_params(struct cfjail *j)
 						    &addr6, avalue6,
 						    INET6_ADDRSTRLEN) == NULL)
 							err(1, "inet_ntop");
-						add_param(j, NULL, "ip6.addr",
+						add_param(j, NULL, KP_IP6_ADDR,
 						    avalue6);
 						break;
 #endif
@@ -562,28 +569,14 @@ ip_params(struct cfjail *j)
 	{
 		if (j->intparams[KP_IP4_ADDR + isip6] == NULL)
 			continue;
-		np = j->intparams[IP__IP4_IFADDR + isip6];
 		STAILQ_FOREACH(s, &j->intparams[KP_IP4_ADDR + isip6]->val, tq) {
 			cs = strchr(s->s, '|');
-			if (cs || defif) {
-				if (np == NULL) {
-					np = j->intparams[IP__IP4_IFADDR +
-					    isip6] =
-					    emalloc(sizeof(struct cfparam));
-					np->name = estrdup(j->intparams
-					    [KP_IP4_ADDR + isip6]->name);
-					STAILQ_INIT(&np->val);
-					np->flags = PF_INTERNAL;
-				}
-				ns = emalloc(sizeof(struct cfstring));
-				ns->s = estrdup(s->s);
-				ns->len = s->len;
-				STAILQ_INIT(&ns->vars);
-				STAILQ_INSERT_TAIL(&np->val, ns, tq);
-				if (cs != NULL) {
-					strcpy(s->s, cs + 1);
-					s->len -= cs - s->s + 1;
-				}
+			if (cs || defif)
+				add_param(j, NULL, IP__IP4_IFADDR + isip6,
+				    s->s);
+			if (cs) {
+				strcpy(s->s, cs + 1);
+				s->len -= cs + 1 - s->s;
 			}
 			if ((cs = strchr(s->s, '/'))) {
 				prefix = strtol(cs + 1, &ep, 10);
@@ -746,16 +739,6 @@ wild_jail_name(const char *wname)
 }
 
 /*
- * Compare strings and intparams for bsearch.
- */
-
-static int
-cmp_intparam(const void *a, const void *b)
-{
-	return strcmp((const char *)a, ((const struct ipspec *)b)->name);
-}
-
-/*
  * Free a parameter record and all its strings and variables.
  */
 static void

Modified: projects/jailconf/usr.sbin/jail/jail.c
==============================================================================
--- projects/jailconf/usr.sbin/jail/jail.c	Wed Oct 27 16:01:57 2010	(r214422)
+++ projects/jailconf/usr.sbin/jail/jail.c	Wed Oct 27 16:22:54 2010	(r214423)
@@ -48,6 +48,12 @@ __FBSDID("$FreeBSD$");
 
 #define JP_RDTUN(jp)	(((jp)->jp_ctltype & CTLFLAG_RDTUN) == CTLFLAG_RDTUN)
 
+struct permspec {
+	const char	*name;
+	enum intparam	ipnum;
+	int		rev;
+};
+
 const char *cfname;
 int verbose;
 
@@ -63,19 +69,13 @@ static void print_param(FILE *fp, const 
 static void quoted_print(FILE *fp, char *str);
 static void usage(void);
 
-static const char *perm_sysctl[][3] = {
-	{ "security.jail.set_hostname_allowed",
-	  "allow.noset_hostname", "allow.set_hostname" },
-	{ "security.jail.sysvipc_allowed",
-	  "allow.nosysvipc", "allow.sysvipc" },
-	{ "security.jail.allow_raw_sockets",
-	  "allow.noraw_sockets", "allow.raw_sockets" },
-	{ "security.jail.chflags_allowed",
-	  "allow.nochflags", "allow.chflags" },
-	{ "security.jail.mount_allowed",
-	  "allow.nomount", "allow.mount" },
-	{ "security.jail.socket_unixiproute_only",
-	  "allow.socket_af", "allow.nosocket_af" },
+static struct permspec perm_sysctl[] = {
+	{ "security.jail.set_hostname_allowed", KP_ALLOW_SET_HOSTNAME, 0 },
+	{ "security.jail.sysvipc_allowed", KP_ALLOW_SYSVIPC, 0 },
+	{ "security.jail.allow_raw_sockets", KP_ALLOW_RAW_SOCKETS, 0 },
+	{ "security.jail.chflags_allowed", KP_ALLOW_CHFLAGS, 0 },
+	{ "security.jail.mount_allowed", KP_ALLOW_MOUNT, 0 },
+	{ "security.jail.socket_unixiproute_only", KP_ALLOW_SOCKET_AF, 1 },
 };
 
 int
@@ -113,7 +113,7 @@ main(int argc, char **argv)
 			cfname = optarg;
 			break;
 		case 'h':
-			add_param(NULL, NULL, "ip_hostname", NULL);
+			add_param(NULL, NULL, IP_IP_HOSTNAME, NULL);
 			docf = 0;
 			break;
 		case 'i':
@@ -124,14 +124,14 @@ main(int argc, char **argv)
 			JidFile = optarg;
 			break;
 		case 'l':
-			add_param(NULL, NULL, "exec.clean", NULL);
+			add_param(NULL, NULL, IP_EXEC_CLEAN, NULL);
 			docf = 0;
 			break;
 		case 'm':
 			op |= JF_SET;
 			break;
 		case 'n':
-			add_param(NULL, NULL, "name", optarg);
+			add_param(NULL, NULL, KP_NAME, optarg);
 			docf = 0;
 			break;
 		case 'p':
@@ -150,17 +150,18 @@ main(int argc, char **argv)
 			Rflag = 1;
 			break;
 		case 's':
-			add_param(NULL, NULL, "securelevel", optarg);
+			add_param(NULL, NULL, KP_SECURELEVEL, optarg);
 			docf = 0;
 			break;
 		case 'u':
-			add_param(NULL, NULL, "exec.jail_user", optarg);
-			add_param(NULL, NULL, "exec.system_jail_user", NULL);
+			add_param(NULL, NULL, IP_EXEC_JAIL_USER, optarg);
+			add_param(NULL, NULL, IP_EXEC_SYSTEM_JAIL_USER, NULL);
 			docf = 0;
 			break;
 		case 'U':
-			add_param(NULL, NULL, "exec.jail_user", optarg);
-			add_param(NULL, NULL, "exec.nosystem_jail_user", NULL);
+			add_param(NULL, NULL, IP_EXEC_JAIL_USER, optarg);
+			add_param(NULL, NULL, IP_EXEC_SYSTEM_JAIL_USER,
+			    "false");
 			docf = 0;
 			break;
 		case 'v':
@@ -182,8 +183,8 @@ main(int argc, char **argv)
 		op = JF_START;
 		docf = 0;
 		oldcl = 1;
-		add_param(NULL, NULL, "path", argv[0]);
-		add_param(NULL, NULL, "host.hostname", argv[1]);
+		add_param(NULL, NULL, KP_PATH, argv[0]);
+		add_param(NULL, NULL, KP_HOST_HOSTNAME, argv[1]);
 		if (argv[2][0] != '\0') {
 			for (cs = argv[2];; cs = ncs + 1) {
 				ncs = strchr(cs, ',');
@@ -192,15 +193,15 @@ main(int argc, char **argv)
 				add_param(NULL, NULL,
 #ifdef INET6
 				    inet_pton(AF_INET6, cs, &addr6) == 1
-				    ? "ip6.addr" :
+				    ? KP_IP6_ADDR :
 #endif
-				    "ip4.addr", cs);
+				    KP_IP4_ADDR, cs);
 				if (!ncs)
 					break;
 			}
 		}
 		for (i = 3; i < argc; i++)
-			add_param(NULL, NULL, "command", argv[i]);
+			add_param(NULL, NULL, IP_COMMAND, argv[i]);
 		/* Emulate the defaults from security.jail.* sysctls. */
 		sysvallen = sizeof(sysval);
 		if (sysctlbyname("security.jail.jailed", &sysval, &sysvallen,
@@ -208,18 +209,20 @@ main(int argc, char **argv)
 			for (pi = 0; pi < sizeof(perm_sysctl) /
 			     sizeof(perm_sysctl[0]); pi++) {
 				sysvallen = sizeof(sysval);
-				if (sysctlbyname(perm_sysctl[pi][0],
+				if (sysctlbyname(perm_sysctl[pi].name,
 				    &sysval, &sysvallen, NULL, 0) == 0)
 					add_param(NULL, NULL,
-					    perm_sysctl[pi][sysval ? 2 : 1],
-					    NULL);
+					    perm_sysctl[pi].ipnum,
+					    (sysval ? 1 : 0) ^ 
+					    perm_sysctl[pi].rev
+					    ? NULL : "false");
 			}
 			sysvallen = sizeof(sysval);
 			if (sysctlbyname("security.jail.enforce_statfs",
 			    &sysval, &sysvallen, NULL, 0) == 0) {
 				snprintf(enforce_statfs,
 				    sizeof(enforce_statfs), "%d", sysval);
-				add_param(NULL, NULL, "enforce_statfs",
+				add_param(NULL, NULL, KP_ENFORCE_STATFS,
 				    enforce_statfs);
 			}
 		}
@@ -243,16 +246,14 @@ main(int argc, char **argv)
 			if (!strncmp(argv[i], "command", 7) &&
 			    (argv[i][7] == '\0' || argv[i][7] == '=')) {
 				if (argv[i][7]  == '=')
-					add_param(NULL, NULL, "command",
+					add_param(NULL, NULL, IP_COMMAND,
 					    argv[i] + 8);
 				for (i++; i < argc; i++)
-					add_param(NULL, NULL, "command",
+					add_param(NULL, NULL, IP_COMMAND,
 					    argv[i]);
 				break;
 			}
-			if ((cs = strchr(argv[i], '=')))
-				*cs++ = '\0';
-			add_param(NULL, NULL, argv[i], cs);
+			add_param(NULL, NULL, 0, argv[i]);
 		}
 	} else {
 		/* From the config file, perhaps with a specified jail */
@@ -262,7 +263,6 @@ main(int argc, char **argv)
 	}
 
 	/* Find out which jails will be run. */
-	find_intparams();
 	dep_setup(docf);
 	error = 0;
 	if (op == JF_STOP) {
@@ -315,7 +315,7 @@ main(int argc, char **argv)
 		{
 			j->flags |= JF_CHECKINT;
 			if (dflag)
-				add_param(j, NULL, "allow.dying", NULL);
+				add_param(j, NULL, IP_ALLOW_DYING, NULL);
 			if (check_intparams(j) < 0)
 				continue;
 		}
@@ -959,7 +959,7 @@ print_jail(FILE *fp, struct cfjail *j, i
 		fprintf(fp, "%d\t", j->jid);
 		print_param(fp, j->intparams[KP_PATH], ',', 0);
 		putc('\t', fp);
-		print_param(fp, j->intparams[KP_HOSTNAME], ',', 0);
+		print_param(fp, j->intparams[KP_HOST_HOSTNAME], ',', 0);
 		putc('\t', fp);
 		print_param(fp, j->intparams[KP_IP4_ADDR], ',', 0);
 #ifdef INET6

Modified: projects/jailconf/usr.sbin/jail/jailp.h
==============================================================================
--- projects/jailconf/usr.sbin/jail/jailp.h	Wed Oct 27 16:01:57 2010	(r214422)
+++ projects/jailconf/usr.sbin/jail/jailp.h	Wed Oct 27 16:22:54 2010	(r214423)
@@ -49,6 +49,7 @@
 #define PF_INTERNAL	0x08	/* Internal parameter, not passed to kernel */
 #define PF_BOOL		0x10	/* Boolean parameter */
 #define PF_INT		0x20	/* Integer parameter */
+#define PF_CONV		0x40	/* Parameter duplicated in converted form */
 
 #define JF_START	0x0001	/* -c */
 #define JF_SET		0x0002	/* -m */
@@ -93,16 +94,23 @@ enum intparam {
 	IP_INTERFACE,		/* Add IP addresses to this interface */
 	IP_IP_HOSTNAME,		/* Get jail IP address(es) from hostname */
 	IP_MOUNT,		/* Mount points in fstab(5) form */
-	IP_MOUNT_FSTAB,		/* A standard fstab(5) file */
 	IP_MOUNT_DEVFS,		/* Mount /dev under prison root */
 	IP_MOUNT_DEVFS_RULESET,	/* Ruleset for the devfs mount */
+	IP_MOUNT_FSTAB,		/* A standard fstab(5) file */
 	IP_STOP_TIMEOUT,	/* Time to wait after sending SIGTERM */
+	IP_VNET_INTERFACE,	/* Assign interface(s) to vnet jail */
 	IP__IP4_IFADDR,		/* Copy of ip4.addr with interface/netmask */
 #ifdef INET6
 	IP__IP6_IFADDR,		/* Copy of ip6.addr with interface/prefixlen */
 #endif
-	IP_VNET_INTERFACE,	/* Assign interface(s) to vnet jail */
-	KP_HOSTNAME,
+	KP_ALLOW_CHFLAGS,
+	KP_ALLOW_MOUNT,
+	KP_ALLOW_RAW_SOCKETS,
+	KP_ALLOW_SET_HOSTNAME,
+	KP_ALLOW_SOCKET_AF,
+	KP_ALLOW_SYSVIPC,
+	KP_ENFORCE_STATFS,
+	KP_HOST_HOSTNAME,
 	KP_IP4_ADDR,
 #ifdef INET6
 	KP_IP6_ADDR,
@@ -111,6 +119,7 @@ enum intparam {
 	KP_NAME,
 	KP_PATH,
 	KP_PERSIST,
+	KP_SECURELEVEL,
 	KP_VNET,
 	IP_NPARAM
 };
@@ -187,8 +196,7 @@ extern int term_procs(struct cfjail *j);
 extern void load_config(void);
 extern struct cfjail *add_jail(void);
 extern void add_param(struct cfjail *j, const struct cfparam *p,
-    const char *name, const char *value);
-extern void find_intparams(void);
+    enum intparam ipnum, const char *value);
 extern int check_intparams(struct cfjail *j);
 extern int bool_param(const struct cfparam *p);
 extern int int_param(const struct cfparam *p, int *ip);


More information about the svn-src-projects mailing list