Date: Thu, 23 Aug 2018 01:45:19 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r338221 - head/sbin/bectl Message-ID: <201808230145.w7N1jJ7W058669@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans Date: Thu Aug 23 01:45:18 2018 New Revision: 338221 URL: https://svnweb.freebsd.org/changeset/base/338221 Log: bectl(8): jail: Tear down jail by default after command exits Add a -U flag to get back the old behavior. The new behavior is a little more friendly to the common use cases, jail the BE and execute a script. Having the jail torn down automatically when the script is finished, or when you exit the shell, is a little more friendly than having to remember to `bectl ujail`. Batch mode (-b) will continue to leave the jail up, as it's assumed the caller has other intentions. Submitted by: Shawn Webb (partially) Modified: head/sbin/bectl/bectl.8 head/sbin/bectl/bectl.c head/sbin/bectl/bectl_jail.c Modified: head/sbin/bectl/bectl.8 ============================================================================== --- head/sbin/bectl/bectl.8 Thu Aug 23 01:42:45 2018 (r338220) +++ head/sbin/bectl/bectl.8 Thu Aug 23 01:45:18 2018 (r338221) @@ -18,7 +18,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 17, 2018 +.Dd August 22, 2018 .Dt BECTL 8 .Os .Sh NAME @@ -50,7 +50,7 @@ import .Ao Ar targetBe Ac .Nm jail -.Op Fl b +.Op Fl b | Fl U .Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ... .Ao Ar jailID | jailName Ac .Ao Ar bootenv Ac @@ -148,6 +148,7 @@ Import from .Dv stdin . .It Ic jail +.Op Fl b | Fl U .Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ... .Ao Ar jailID | jailName Ac .Ao Ar bootenv Ac @@ -172,10 +173,17 @@ If .Ar utility is specified, it will be executed instead of .Pa /bin/sh . +The jail will be destroyed and the boot environment unmounted when the command +finishes executing, unless the +.Fl U +argument is specified. .Pp The .Fl b argument enables batch mode, thereby disabling interactive mode. +The +.Fl U +argument will be ignored in batch mode. .Pp The .Va name , Modified: head/sbin/bectl/bectl.c ============================================================================== --- head/sbin/bectl/bectl.c Thu Aug 23 01:42:45 2018 (r338220) +++ head/sbin/bectl/bectl.c Thu Aug 23 01:45:18 2018 (r338221) @@ -77,7 +77,7 @@ usage(bool explicit) #if SOON "\tbectl add (path)*\n" #endif - "\tbectl jail [-b] [ -o key=value | -u key ]... bootenv [utility [argument ...]]\n" + "\tbectl jail [-b | -U] [ -o key=value | -u key ]... bootenv [utility [argument ...]]\n" "\tbectl list [-a] [-D] [-H] [-s]\n" "\tbectl mount beName [mountpoint]\n" "\tbectl rename origBeName newBeName\n" Modified: head/sbin/bectl/bectl_jail.c ============================================================================== --- head/sbin/bectl/bectl_jail.c Thu Aug 23 01:42:45 2018 (r338220) +++ head/sbin/bectl/bectl_jail.c Thu Aug 23 01:45:18 2018 (r338221) @@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/jail.h> #include <sys/mount.h> +#include <sys/wait.h> #include <err.h> #include <jail.h> #include <stdbool.h> @@ -179,10 +180,11 @@ int bectl_cmd_jail(int argc, char *argv[]) { char *bootenv, *mountpoint; - int jflags, jid, opt, ret; - bool default_hostname, default_name, interactive; + int jid, opt, ret; + bool default_hostname, default_name, interactive, unjail; + pid_t pid; - default_hostname = default_name = interactive = true; + default_hostname = default_name = interactive = unjail = true; jpcnt = INIT_PARAMCOUNT; jp = malloc(jpcnt * sizeof(*jp)); if (jp == NULL) @@ -193,7 +195,7 @@ bectl_cmd_jail(int argc, char *argv[]) jailparam_add("allow.mount.devfs", "true"); jailparam_add("enforce_statfs", "1"); - while ((opt = getopt(argc, argv, "bo:u:")) != -1) { + while ((opt = getopt(argc, argv, "bo:Uu:")) != -1) { switch (opt) { case 'b': interactive = false; @@ -210,6 +212,9 @@ bectl_cmd_jail(int argc, char *argv[]) default_hostname = false; } break; + case 'U': + unjail = false; + break; case 'u': if ((ret = jailparam_delarg(optarg)) == 0) { if (strcmp(optarg, "name") == 0) @@ -259,16 +264,14 @@ bectl_cmd_jail(int argc, char *argv[]) if (default_hostname) jailparam_add("host.hostname", bootenv); - jflags = JAIL_CREATE; - if (interactive) - jflags |= JAIL_ATTACH; /* * This is our indicator that path was not set by the user, so we'll use * the path that libbe generated for us. */ if (mountpoint == NULL) jailparam_add("path", mnt_loc); - jid = jailparam_set(jp, jpused, jflags); + /* Create the jail for now, attach later as-needed */ + jid = jailparam_set(jp, jpused, JAIL_CREATE); if (jid == -1) { fprintf(stderr, "unable to create jail. error: %d\n", errno); return (1); @@ -277,14 +280,34 @@ bectl_cmd_jail(int argc, char *argv[]) jailparam_free(jp, jpused); free(jp); - if (interactive) { + /* We're not interactive, nothing more to do here. */ + if (!interactive) + return (0); + + pid = fork(); + switch(pid) { + case -1: + perror("fork"); + return (1); + case 0: + jail_attach(jid); /* We're attached within the jail... good bye! */ chdir("/"); if (argc > 1) execve(argv[1], &argv[1], NULL); else execl("/bin/sh", "/bin/sh", NULL); - return (1); + fprintf(stderr, "bectl jail: failed to execute %s\n", + (argc > 1 ? argv[1] : "/bin/sh")); + _exit(1); + default: + /* Wait for the child to get back, see if we need to unjail */ + waitpid(pid, NULL, 0); + } + + if (unjail) { + jail_remove(jid); + unmount(mnt_loc, 0); } return (0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808230145.w7N1jJ7W058669>