Date: Thu, 23 Apr 2026 03:49:54 +0000 From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Cc: Quent=?utf-8?Q?in Th=C3=A9?=bault <quentin.thebault@defenso.fr> Subject: git: eefbf748bfda - stable/14 - jail: add JID, JNAME and JPATH to environment for exec.* commands Message-ID: <69e996e2.3a359.796ebc4d@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch stable/14 has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=eefbf748bfdac188ef5e92fc0f79d62333473fd7 commit eefbf748bfdac188ef5e92fc0f79d62333473fd7 Author: Quentin Thébault <quentin.thebault@defenso.fr> AuthorDate: 2025-03-05 09:51:06 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2026-04-23 03:21:38 +0000 jail: add JID, JNAME and JPATH to environment for exec.* commands Although variable substitution is available in the jail configuration file, the jail identifier is often not since it is dynamically attributed at run time. In order to facilitate scripting of exec.* commands executed on the system, this change sets the JID, JNAME and JPATH environment variables. These variables are not added when using exec.clean. Neither are they for commands executed inside jails, to avoid disclosing information about the host system. Reviewed by: imp (cherry picked from commit d8f021add40c321c4578da55dae52fb93c7ccb5f) --- usr.sbin/jail/command.c | 14 +++++++++++++- usr.sbin/jail/jail.8 | 21 +++++++++++++++++++++ usr.sbin/jail/tests/commands.jail.conf | 3 +++ usr.sbin/jail/tests/jail_basic_test.sh | 11 +++++++++-- 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c index 9004b4729fec..20f28abc6706 100644 --- a/usr.sbin/jail/command.c +++ b/usr.sbin/jail/command.c @@ -291,7 +291,7 @@ run_command(struct cfjail *j) const struct cfstring *comstring, *s; login_cap_t *lcap; const char **argv; - char *acs, *cs, *comcs, *devpath; + char *acs, *ajidstr, *cs, *comcs, *devpath; const char *jidstr, *conslog, *path, *ruleset, *term, *username; enum intparam comparam; size_t comlen; @@ -771,6 +771,18 @@ run_command(struct cfjail *j) } endpwent(); } + if (!injail) { + if (asprintf(&ajidstr, "%d", j->jid) == -1) { + jail_warnx(j, "asprintf jid=%d: %s", j->jid, + strerror(errno)); + exit(1); + } + setenv("JID", ajidstr, 1); + free(ajidstr); + setenv("JNAME", string_param(j->intparams[KP_NAME]), 1); + path = string_param(j->intparams[KP_PATH]); + setenv("JPATH", path ? path : "", 1); + } if (consfd != 0 && (dup2(consfd, 1) < 0 || dup2(consfd, 2) < 0)) { jail_warnx(j, "exec.consolelog: %s", strerror(errno)); diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index d4b6addfa5ec..6d3b071496bf 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -832,6 +832,22 @@ commands in sequence. All commands must succeed (return a zero exit status), or the jail will not be created or removed, as appropriate. .Pp +The following variables are added to the environment: +.Bl -tag -width indent -offset indent +.It Ev JID +The +.Va jid , +or jail identifier. +.It Ev JNAME +The +.Va name +of the jail. +.It Ev JPATH +The +.Va path +of the jail. +.El +.Pp The pseudo-parameters are: .Bl -tag -width indent .It Va exec.prepare @@ -896,6 +912,11 @@ is imported from the current environment. is set to "/bin:/usr/bin". The environment variables from the login class capability database for the target login are also set. +.Ev JID , +.Ev JNAME , +and +.Ev JPATH +are not set. If a user is specified (as with .Va exec.jail_user ) , commands are run from that (possibly jailed) user's directory. diff --git a/usr.sbin/jail/tests/commands.jail.conf b/usr.sbin/jail/tests/commands.jail.conf index 4ea24ec6b058..afd56d1fa5d6 100644 --- a/usr.sbin/jail/tests/commands.jail.conf +++ b/usr.sbin/jail/tests/commands.jail.conf @@ -1,6 +1,9 @@ exec.prestop = "echo STOP"; exec.prestart = "echo START"; +exec.poststart = "env"; persist; +path = "/tmp/test_${name}_root"; + basejail {} diff --git a/usr.sbin/jail/tests/jail_basic_test.sh b/usr.sbin/jail/tests/jail_basic_test.sh index a907e713ab9a..73ed1f6ebb4b 100755 --- a/usr.sbin/jail/tests/jail_basic_test.sh +++ b/usr.sbin/jail/tests/jail_basic_test.sh @@ -101,13 +101,19 @@ commands_head() { atf_set descr 'Commands jail test' atf_set require.user root + mkdir /tmp/test_basejail_root } commands_body() { - # exec.prestart - atf_check -s exit:0 -o inline:"START\n" \ + # exec.prestart (START) and exec.poststart (env) + atf_check -s exit:0 -o save:stdout -e empty \ jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail + grep -E '^START$' stdout || atf_fail "exec.prestart output not found" + grep -E '^JID=[0-9]+' stdout || atf_fail "JID not found in exec.poststart env output" + grep -E '^JNAME=basejail$' stdout || atf_fail "JNAME not found in exec.poststart env output" + grep -E '^JPATH=/tmp/test_basejail_root$' stdout || atf_fail "JPATH not found in exec.poststart env output" + # exec.prestop by jailname atf_check -s exit:0 -o inline:"STOP\n" \ jail -f $(atf_get_srcdir)/commands.jail.conf -qr basejail @@ -124,6 +130,7 @@ commands_cleanup() then jail -r basejail fi + rmdir /tmp/test_basejail_root } atf_init_test_cases()home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69e996e2.3a359.796ebc4d>