From nobody Thu Apr 23 03:49:54 2026
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4g1MYN1fvMz6bTt9
	for <dev-commits-src-branches@mlmmj.nyi.freebsd.org>; Thu, 23 Apr 2026 03:50:00 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4g1MYM5XYNz44gH
	for <dev-commits-src-branches@FreeBSD.org>; Thu, 23 Apr 2026 03:49:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1776916199;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uUVD1tlQE5VZLZ4bdddEmlVnUSPNZ7lCZzjDbpbxB4o=;
	b=KGwG4PBa+Z8fTWpok4x85k9iBt8yfiHYbXKCHPtDS4KNEc1unWU3hznzHY3hTayNgH0NEt
	xynqhBzMRwNVTIqSKhTbb3WuRuvwCCzPY7nuQ26GRTaSykkKJlWarJpK093zVpk5nNDZkb
	wfTC5nekl2bthEt8a9rpByt10WdWsLQPFRLsp2EBpajm+o6HggcvmJ5vYhQ7EjwPmWVhoF
	KHj9dy6zzNlUpp99DYWFtjtnEkarMFK8jrtexdoSftwf2Oyalve/BWLVwtmDkf1DNLVVGu
	cv7fw74r5NhivRmK94oCa4NXDrmwsDONvoWhuJ6R5n1GwAqmjX3+U7lIfqyfsA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1776916199; a=rsa-sha256; cv=none;
	b=NPHNFbnnCBpMNJdO2WCyufZ5VU1T0scntCDNonWNEfgYguVPsT0lNVwubGhUzUeKJ8hAlv
	JkWVhpQI4/Bkmk8QM8nN+MEC+IXIazynDOtZo7umfoGy5587V9L6pDFGFx0YS65ql8LrFV
	V2elepJcivnMdHMnJza+tWlCVviGJG9Ub1RSGLQQ9xAPZwNyv5TmP0XsLJlQwviah8/JjT
	TAeKX0p9D4bYwpCiWWbKiNDhHHx8CTMbxAK250qJFt4UcGW9AeU9qjlU9ub/kfhL5LDjZd
	/wcVAlwWqjvziOSq/2WOKCqBHXc/2+C81/Rsj6t9MIIo4UXsa+Lwno0yjmQy0A==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1776916199;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=uUVD1tlQE5VZLZ4bdddEmlVnUSPNZ7lCZzjDbpbxB4o=;
	b=WQuCzI1Dc4aIhWQiJQSLp9RQKTd2vo4QFdHeoNUXPiQBwzJOiAt1l+VetenQ+W3W+TWnPl
	pNf3VnH/qkD4jUEBXaeFCUYAl747hfa90peSkqENvWA4NG2QNowTfmTc4NFufmBszUlIko
	gmd+EHLXlj5a8eO5awb2XsMEIA3cCriDQmaKqXCVsW8NIQsZXBqVrDd8CHbIPSxNnSg/s5
	lBkShUrZB0IWgWj8jEd8K/NbA29geZAyQo1lW1eauvD3SIBiEKEFQTNk3zMKi3FSgnHe3D
	OJPb3X2k5tccxH1QFlI5hRrr+gq4Yu49JgeVR+WchMj3y3UBZjaLcuIRFb7T8w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4g1MYM4rVRz10wp
	for <dev-commits-src-branches@FreeBSD.org>; Thu, 23 Apr 2026 03:49:59 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 3a359
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Thu, 23 Apr 2026 03:49:54 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Cc: Quent=?utf-8?Q?in Th=C3=A9?=bault <quentin.thebault@defenso.fr>
From: Kyle Evans <kevans@FreeBSD.org>
Subject: git: eefbf748bfda - stable/14 - jail: add JID, JNAME and JPATH to environment for exec.* commands
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kevans
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: eefbf748bfdac188ef5e92fc0f79d62333473fd7
Auto-Submitted: auto-generated
Date: Thu, 23 Apr 2026 03:49:54 +0000
Message-Id: <69e996e2.3a359.796ebc4d@gitrepo.freebsd.org>

The branch stable/14 has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=eefbf748bfdac188ef5e92fc0f79d62333473fd7

commit eefbf748bfdac188ef5e92fc0f79d62333473fd7
Author:     Quentin Thébault <quentin.thebault@defenso.fr>
AuthorDate: 2025-03-05 09:51:06 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2026-04-23 03:21:38 +0000

    jail: add JID, JNAME and JPATH to environment for exec.* commands
    
    Although variable substitution is available in the jail configuration
    file, the jail identifier is often not since it is dynamically
    attributed at run time.
    
    In order to facilitate scripting of exec.* commands executed on the
    system, this change sets the JID, JNAME and JPATH environment variables.
    
    These variables are not added when using exec.clean. Neither are they
    for commands executed inside jails, to avoid disclosing information
    about the host system.
    
    Reviewed by: imp
    
    (cherry picked from commit d8f021add40c321c4578da55dae52fb93c7ccb5f)
---
 usr.sbin/jail/command.c                | 14 +++++++++++++-
 usr.sbin/jail/jail.8                   | 21 +++++++++++++++++++++
 usr.sbin/jail/tests/commands.jail.conf |  3 +++
 usr.sbin/jail/tests/jail_basic_test.sh | 11 +++++++++--
 4 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c
index 9004b4729fec..20f28abc6706 100644
--- a/usr.sbin/jail/command.c
+++ b/usr.sbin/jail/command.c
@@ -291,7 +291,7 @@ run_command(struct cfjail *j)
 	const struct cfstring *comstring, *s;
 	login_cap_t *lcap;
 	const char **argv;
-	char *acs, *cs, *comcs, *devpath;
+	char *acs, *ajidstr, *cs, *comcs, *devpath;
 	const char *jidstr, *conslog, *path, *ruleset, *term, *username;
 	enum intparam comparam;
 	size_t comlen;
@@ -771,6 +771,18 @@ run_command(struct cfjail *j)
 		}
 		endpwent();
 	}
+	if (!injail) {
+		if (asprintf(&ajidstr, "%d", j->jid) == -1) {
+			jail_warnx(j, "asprintf jid=%d: %s", j->jid,
+				strerror(errno));
+			exit(1);
+		}
+		setenv("JID", ajidstr, 1);
+		free(ajidstr);
+		setenv("JNAME", string_param(j->intparams[KP_NAME]), 1);
+		path = string_param(j->intparams[KP_PATH]);
+		setenv("JPATH", path ? path : "", 1);
+	}
 
 	if (consfd != 0 && (dup2(consfd, 1) < 0 || dup2(consfd, 2) < 0)) {
 		jail_warnx(j, "exec.consolelog: %s", strerror(errno));
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index d4b6addfa5ec..6d3b071496bf 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -832,6 +832,22 @@ commands in sequence.
 All commands must succeed (return a zero exit status), or the jail will
 not be created or removed, as appropriate.
 .Pp
+The following variables are added to the environment:
+.Bl -tag -width indent -offset indent
+.It Ev JID
+The
+.Va jid ,
+or jail identifier.
+.It Ev JNAME
+The
+.Va name
+of the jail.
+.It Ev JPATH
+The
+.Va path
+of the jail.
+.El
+.Pp
 The pseudo-parameters are:
 .Bl -tag -width indent
 .It Va exec.prepare
@@ -896,6 +912,11 @@ is imported from the current environment.
 is set to "/bin:/usr/bin".
 The environment variables from the login class capability database for the
 target login are also set.
+.Ev JID ,
+.Ev JNAME ,
+and
+.Ev JPATH
+are not set.
 If a user is specified (as with
 .Va exec.jail_user ) ,
 commands are run from that (possibly jailed) user's directory.
diff --git a/usr.sbin/jail/tests/commands.jail.conf b/usr.sbin/jail/tests/commands.jail.conf
index 4ea24ec6b058..afd56d1fa5d6 100644
--- a/usr.sbin/jail/tests/commands.jail.conf
+++ b/usr.sbin/jail/tests/commands.jail.conf
@@ -1,6 +1,9 @@
 
 exec.prestop = "echo STOP";
 exec.prestart = "echo START";
+exec.poststart = "env";
 persist;
 
+path = "/tmp/test_${name}_root";
+
 basejail {}
diff --git a/usr.sbin/jail/tests/jail_basic_test.sh b/usr.sbin/jail/tests/jail_basic_test.sh
index a907e713ab9a..73ed1f6ebb4b 100755
--- a/usr.sbin/jail/tests/jail_basic_test.sh
+++ b/usr.sbin/jail/tests/jail_basic_test.sh
@@ -101,13 +101,19 @@ commands_head()
 {
 	atf_set descr 'Commands jail test'
 	atf_set require.user root
+	mkdir /tmp/test_basejail_root
 }
 
 commands_body()
 {
-	# exec.prestart
-	atf_check -s exit:0 -o inline:"START\n" \
+	# exec.prestart (START) and exec.poststart (env)
+	atf_check -s exit:0 -o save:stdout -e empty \
 		jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail
+	grep -E '^START$' stdout || atf_fail "exec.prestart output not found"
+	grep -E '^JID=[0-9]+' stdout || atf_fail "JID not found in exec.poststart env output"
+	grep -E '^JNAME=basejail$' stdout || atf_fail "JNAME not found in exec.poststart env output"
+	grep -E '^JPATH=/tmp/test_basejail_root$' stdout || atf_fail "JPATH not found in exec.poststart env output"
+
 	# exec.prestop by jailname
 	atf_check -s exit:0 -o inline:"STOP\n" \
 		jail -f $(atf_get_srcdir)/commands.jail.conf -qr basejail 
@@ -124,6 +130,7 @@ commands_cleanup()
 	then
 	    jail -r basejail
 	fi
+	rmdir /tmp/test_basejail_root
 }
 
 atf_init_test_cases()