Date: Fri, 6 Feb 2015 17:54:54 +0000 (UTC) From: Jamie Gritton <jamie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r278323 - in head: etc/rc.d usr.sbin/jail Message-ID: <201502061754.t16HssXU042750@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jamie Date: Fri Feb 6 17:54:53 2015 New Revision: 278323 URL: https://svnweb.freebsd.org/changeset/base/278323 Log: Add mount.procfs jail parameter, so procfs can be mounted when a prison's root is in its fstab. Also fix a typo while I'm at it. PR: 197237 197066 MFC after: 3 days Modified: head/etc/rc.d/jail head/usr.sbin/jail/command.c head/usr.sbin/jail/config.c head/usr.sbin/jail/jail.8 head/usr.sbin/jail/jail.c head/usr.sbin/jail/jailp.h Modified: head/etc/rc.d/jail ============================================================================== --- head/etc/rc.d/jail Fri Feb 6 17:43:13 2015 (r278322) +++ head/etc/rc.d/jail Fri Feb 6 17:54:53 2015 (r278323) @@ -28,7 +28,7 @@ extra_commands="config console status" need_dad_wait= -# extact_var jail name param num defval +# extract_var jail name param num defval # Extract value from ${jail_$jail_$name} or ${jail_$name} and # set it to $param. If not defined, $defval is used. # When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and @@ -233,8 +233,7 @@ parse_options() fi eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}} if checkyesno jail_${_j}_procfs_enable; then - echo " mount += " \ - "\"procfs ${_rootdir%/}/proc procfs rw 0 0\";" + echo " mount.procfs;" fi eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}} Modified: head/usr.sbin/jail/command.c ============================================================================== --- head/usr.sbin/jail/command.c Fri Feb 6 17:43:13 2015 (r278322) +++ head/usr.sbin/jail/command.c Fri Feb 6 17:54:53 2015 (r278323) @@ -112,6 +112,12 @@ next_command(struct cfjail *j) if (!bool_param(j->intparams[IP_MOUNT_FDESCFS])) continue; j->comstring = &dummystring; + break; + case IP_MOUNT_PROCFS: + if (!bool_param(j->intparams[IP_MOUNT_PROCFS])) + continue; + j->comstring = &dummystring; + break; case IP__OP: case IP_STOP_TIMEOUT: j->comstring = &dummystring; @@ -528,6 +534,32 @@ run_command(struct cfjail *j) } break; + case IP_MOUNT_PROCFS: + argv = alloca(7 * sizeof(char *)); + path = string_param(j->intparams[KP_PATH]); + if (path == NULL) { + jail_warnx(j, "mount.procfs: no path"); + return -1; + } + devpath = alloca(strlen(path) + 6); + sprintf(devpath, "%s/proc", path); + if (check_path(j, "mount.procfs", devpath, 0, + down ? "procfs" : NULL) < 0) + return -1; + if (down) { + argv[0] = "/sbin/umount"; + argv[1] = devpath; + argv[2] = NULL; + } else { + argv[0] = _PATH_MOUNT; + argv[1] = "-t"; + argv[2] = "procfs"; + argv[3] = "."; + argv[4] = devpath; + argv[5] = NULL; + } + break; + case IP_COMMAND: if (j->name != NULL) goto default_command; Modified: head/usr.sbin/jail/config.c ============================================================================== --- head/usr.sbin/jail/config.c Fri Feb 6 17:43:13 2015 (r278322) +++ head/usr.sbin/jail/config.c Fri Feb 6 17:54:53 2015 (r278323) @@ -84,6 +84,7 @@ static const struct ipspec intparams[] = [IP_MOUNT] = {"mount", PF_INTERNAL | PF_REV}, [IP_MOUNT_DEVFS] = {"mount.devfs", PF_INTERNAL | PF_BOOL}, [IP_MOUNT_FDESCFS] = {"mount.fdescfs", PF_INTERNAL | PF_BOOL}, + [IP_MOUNT_PROCFS] = {"mount.procfs", PF_INTERNAL | PF_BOOL}, [IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL}, [IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT}, [IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL}, Modified: head/usr.sbin/jail/jail.8 ============================================================================== --- head/usr.sbin/jail/jail.8 Fri Feb 6 17:43:13 2015 (r278322) +++ head/usr.sbin/jail/jail.8 Fri Feb 6 17:54:53 2015 (r278323) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 28, 2015 +.Dd February 6, 2015 .Dt JAIL 8 .Os .Sh NAME @@ -753,6 +753,12 @@ Mount a filesystem on the chrooted .Pa /dev/fd directory. +.It Va mount.procfs +Mount a +.Xr procfs 5 +filesystem on the chrooted +.Pa /proc +directory. .It Va allow.dying Allow making changes to a .Va dying @@ -1207,6 +1213,7 @@ environment of the first jail. .Xr jls 8 , .Xr mount 8 , .Xr named 8 , +.Xr procfs 5 , .Xr reboot 8 , .Xr rpcbind 8 , .Xr sendmail 8 , Modified: head/usr.sbin/jail/jail.c ============================================================================== --- head/usr.sbin/jail/jail.c Fri Feb 6 17:43:13 2015 (r278322) +++ head/usr.sbin/jail/jail.c Fri Feb 6 17:54:53 2015 (r278323) @@ -93,6 +93,7 @@ static const enum intparam startcommands IP__MOUNT_FROM_FSTAB, IP_MOUNT_DEVFS, IP_MOUNT_FDESCFS, + IP_MOUNT_PROCFS, IP_EXEC_PRESTART, IP__OP, IP_VNET_INTERFACE, @@ -109,6 +110,7 @@ static const enum intparam stopcommands[ IP_STOP_TIMEOUT, IP__OP, IP_EXEC_POSTSTOP, + IP_MOUNT_PROCFS, IP_MOUNT_FDESCFS, IP_MOUNT_DEVFS, IP__MOUNT_FROM_FSTAB, Modified: head/usr.sbin/jail/jailp.h ============================================================================== --- head/usr.sbin/jail/jailp.h Fri Feb 6 17:43:13 2015 (r278322) +++ head/usr.sbin/jail/jailp.h Fri Feb 6 17:54:53 2015 (r278323) @@ -96,6 +96,7 @@ enum intparam { IP_MOUNT, /* Mount points in fstab(5) form */ IP_MOUNT_DEVFS, /* Mount /dev under prison root */ IP_MOUNT_FDESCFS, /* Mount /dev/fd under prison root */ + IP_MOUNT_PROCFS, /* Mount /proc under prison root */ IP_MOUNT_FSTAB, /* A standard fstab(5) file */ IP_STOP_TIMEOUT, /* Time to wait after sending SIGTERM */ IP_VNET_INTERFACE, /* Assign interface(s) to vnet jail */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201502061754.t16HssXU042750>