From owner-svn-src-all@freebsd.org Thu May 14 23:38:13 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 5465F2E3F34; Thu, 14 May 2020 23:38:13 +0000 (UTC) (envelope-from freqlabs@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49NSdx1XJSz45ZH; Thu, 14 May 2020 23:38:13 +0000 (UTC) (envelope-from freqlabs@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 15F681B13B; Thu, 14 May 2020 23:38:13 +0000 (UTC) (envelope-from freqlabs@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04ENcCOu094164; Thu, 14 May 2020 23:38:12 GMT (envelope-from freqlabs@FreeBSD.org) Received: (from freqlabs@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04ENcCN5094159; Thu, 14 May 2020 23:38:12 GMT (envelope-from freqlabs@FreeBSD.org) Message-Id: <202005142338.04ENcCN5094159@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: freqlabs set sender to freqlabs@FreeBSD.org using -f From: Ryan Moeller Date: Thu, 14 May 2020 23:38:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r361066 - head/usr.sbin/jail X-SVN-Group: head X-SVN-Commit-Author: freqlabs X-SVN-Commit-Paths: head/usr.sbin/jail X-SVN-Commit-Revision: 361066 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 May 2020 23:38:13 -0000 Author: freqlabs Date: Thu May 14 23:38:11 2020 New Revision: 361066 URL: https://svnweb.freebsd.org/changeset/base/361066 Log: jail: Add exec.prepare and exec.release command hooks This change introduces new jail command hooks that run before and after any other actions. The exec.prepare hook can be used for example to invoke a script that checks if the jail's root exists, creating it if it does not. Since arbitrary variables in jail.conf can be passed to the command, it can be pretty useful for templating jails. An example use case for exec.release would be to remove the filesystem of an ephemeral jail. The names "prepare" and "release" are borrowed from the names of similar hooks in libvirt. Reviewed by: jamie, manpages, mmacy Approved by: mmacy (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D24829 Modified: head/usr.sbin/jail/command.c head/usr.sbin/jail/config.c head/usr.sbin/jail/jail.8 head/usr.sbin/jail/jail.c head/usr.sbin/jail/jailp.h Modified: head/usr.sbin/jail/command.c ============================================================================== --- head/usr.sbin/jail/command.c Thu May 14 23:20:58 2020 (r361065) +++ head/usr.sbin/jail/command.c Thu May 14 23:38:11 2020 (r361066) @@ -148,7 +148,8 @@ next_command(struct cfjail *j) if (j->comstring == NULL || j->comstring->len == 0 || (create_failed && (comparam == IP_EXEC_PRESTART || comparam == IP_EXEC_CREATED || comparam == IP_EXEC_START || - comparam == IP_COMMAND || comparam == IP_EXEC_POSTSTART))) + comparam == IP_COMMAND || comparam == IP_EXEC_POSTSTART || + comparam == IP_EXEC_PREPARE))) continue; switch (run_command(j)) { case -1: Modified: head/usr.sbin/jail/config.c ============================================================================== --- head/usr.sbin/jail/config.c Thu May 14 23:20:58 2020 (r361065) +++ head/usr.sbin/jail/config.c Thu May 14 23:38:11 2020 (r361066) @@ -71,8 +71,10 @@ static const struct ipspec intparams[] = { [IP_EXEC_JAIL_USER] = {"exec.jail_user", PF_INTERNAL}, [IP_EXEC_POSTSTART] = {"exec.poststart", PF_INTERNAL}, [IP_EXEC_POSTSTOP] = {"exec.poststop", PF_INTERNAL}, + [IP_EXEC_PREPARE] = {"exec.prepare", PF_INTERNAL}, [IP_EXEC_PRESTART] = {"exec.prestart", PF_INTERNAL}, [IP_EXEC_PRESTOP] = {"exec.prestop", PF_INTERNAL}, + [IP_EXEC_RELEASE] = {"exec.release", PF_INTERNAL}, [IP_EXEC_CREATED] = {"exec.created", PF_INTERNAL}, [IP_EXEC_START] = {"exec.start", PF_INTERNAL}, [IP_EXEC_STOP] = {"exec.stop", PF_INTERNAL}, Modified: head/usr.sbin/jail/jail.8 ============================================================================== --- head/usr.sbin/jail/jail.8 Thu May 14 23:20:58 2020 (r361065) +++ head/usr.sbin/jail/jail.8 Thu May 14 23:38:11 2020 (r361066) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 17, 2020 +.Dd May 14, 2020 .Dt JAIL 8 .Os .Sh NAME @@ -726,6 +726,11 @@ not be created or removed, as appropriate. .Pp The pseudo-parameters are: .Bl -tag -width indent +.It Va exec.prepare +Command(s) to run in the system environment to prepare a jail for creation. +These commands are executed before assigning IP addresses and mounting +filesystems, so they may be used to create a new jail filesystem if it does +not already exist. .It Va exec.prestart Command(s) to run in the system environment before a jail is created. .It Va exec.created @@ -760,6 +765,11 @@ A typical command to run is .Dq sh /etc/rc.shutdown jail . .It Va exec.poststop Command(s) to run in the system environment after a jail is removed. +.It Va exec.release +Command(s) to run in the system environment after all other actions are done. +These commands are executed after unmounting filesystems and removing IP +addresses, so they may be used to remove a jail filesystem if it is no longer +needed. .It Va exec.clean Run commands in a clean environment. The environment is discarded except for Modified: head/usr.sbin/jail/jail.c ============================================================================== --- head/usr.sbin/jail/jail.c Thu May 14 23:20:58 2020 (r361065) +++ head/usr.sbin/jail/jail.c Thu May 14 23:38:11 2020 (r361066) @@ -87,6 +87,7 @@ static struct permspec perm_sysctl[] = { static const enum intparam startcommands[] = { IP__NULL, + IP_EXEC_PREPARE, #ifdef INET IP__IP4_IFADDR, #endif @@ -126,6 +127,7 @@ static const enum intparam stopcommands[] = { #ifdef INET IP__IP4_IFADDR, #endif + IP_EXEC_RELEASE, IP__NULL }; Modified: head/usr.sbin/jail/jailp.h ============================================================================== --- head/usr.sbin/jail/jailp.h Thu May 14 23:20:58 2020 (r361065) +++ head/usr.sbin/jail/jailp.h Thu May 14 23:38:11 2020 (r361066) @@ -87,8 +87,10 @@ enum intparam { IP_EXEC_JAIL_USER, /* Run jailed commands as this user */ IP_EXEC_POSTSTART, /* Commands run outside jail after creating */ IP_EXEC_POSTSTOP, /* Commands run outside jail after removing */ + IP_EXEC_PREPARE, /* Commands run outside jail before addrs and mounting */ IP_EXEC_PRESTART, /* Commands run outside jail before creating */ IP_EXEC_PRESTOP, /* Commands run outside jail before removing */ + IP_EXEC_RELEASE, /* Commands run outside jail after addrs and unmounted */ IP_EXEC_CREATED, /* Commands run outside jail right after it was started */ IP_EXEC_START, /* Commands run inside jail on creation */ IP_EXEC_STOP, /* Commands run inside jail on removal */