From owner-svn-src-head@freebsd.org Thu Aug 23 01:45:20 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C108109C9FD; Thu, 23 Aug 2018 01:45:20 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C713977D2F; Thu, 23 Aug 2018 01:45:19 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A832B1B558; Thu, 23 Aug 2018 01:45:19 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7N1jJPp058672; Thu, 23 Aug 2018 01:45:19 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7N1jJ7W058669; Thu, 23 Aug 2018 01:45:19 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <201808230145.w7N1jJ7W058669@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Thu, 23 Aug 2018 01:45:19 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r338221 - head/sbin/bectl X-SVN-Group: head X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: head/sbin/bectl X-SVN-Commit-Revision: 338221 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Aug 2018 01:45:20 -0000 Author: kevans Date: Thu Aug 23 01:45:18 2018 New Revision: 338221 URL: https://svnweb.freebsd.org/changeset/base/338221 Log: bectl(8): jail: Tear down jail by default after command exits Add a -U flag to get back the old behavior. The new behavior is a little more friendly to the common use cases, jail the BE and execute a script. Having the jail torn down automatically when the script is finished, or when you exit the shell, is a little more friendly than having to remember to `bectl ujail`. Batch mode (-b) will continue to leave the jail up, as it's assumed the caller has other intentions. Submitted by: Shawn Webb (partially) Modified: head/sbin/bectl/bectl.8 head/sbin/bectl/bectl.c head/sbin/bectl/bectl_jail.c Modified: head/sbin/bectl/bectl.8 ============================================================================== --- head/sbin/bectl/bectl.8 Thu Aug 23 01:42:45 2018 (r338220) +++ head/sbin/bectl/bectl.8 Thu Aug 23 01:45:18 2018 (r338221) @@ -18,7 +18,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 17, 2018 +.Dd August 22, 2018 .Dt BECTL 8 .Os .Sh NAME @@ -50,7 +50,7 @@ import .Ao Ar targetBe Ac .Nm jail -.Op Fl b +.Op Fl b | Fl U .Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ... .Ao Ar jailID | jailName Ac .Ao Ar bootenv Ac @@ -148,6 +148,7 @@ Import from .Dv stdin . .It Ic jail +.Op Fl b | Fl U .Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ... .Ao Ar jailID | jailName Ac .Ao Ar bootenv Ac @@ -172,10 +173,17 @@ If .Ar utility is specified, it will be executed instead of .Pa /bin/sh . +The jail will be destroyed and the boot environment unmounted when the command +finishes executing, unless the +.Fl U +argument is specified. .Pp The .Fl b argument enables batch mode, thereby disabling interactive mode. +The +.Fl U +argument will be ignored in batch mode. .Pp The .Va name , Modified: head/sbin/bectl/bectl.c ============================================================================== --- head/sbin/bectl/bectl.c Thu Aug 23 01:42:45 2018 (r338220) +++ head/sbin/bectl/bectl.c Thu Aug 23 01:45:18 2018 (r338221) @@ -77,7 +77,7 @@ usage(bool explicit) #if SOON "\tbectl add (path)*\n" #endif - "\tbectl jail [-b] [ -o key=value | -u key ]... bootenv [utility [argument ...]]\n" + "\tbectl jail [-b | -U] [ -o key=value | -u key ]... bootenv [utility [argument ...]]\n" "\tbectl list [-a] [-D] [-H] [-s]\n" "\tbectl mount beName [mountpoint]\n" "\tbectl rename origBeName newBeName\n" Modified: head/sbin/bectl/bectl_jail.c ============================================================================== --- head/sbin/bectl/bectl_jail.c Thu Aug 23 01:42:45 2018 (r338220) +++ head/sbin/bectl/bectl_jail.c Thu Aug 23 01:45:18 2018 (r338221) @@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -179,10 +180,11 @@ int bectl_cmd_jail(int argc, char *argv[]) { char *bootenv, *mountpoint; - int jflags, jid, opt, ret; - bool default_hostname, default_name, interactive; + int jid, opt, ret; + bool default_hostname, default_name, interactive, unjail; + pid_t pid; - default_hostname = default_name = interactive = true; + default_hostname = default_name = interactive = unjail = true; jpcnt = INIT_PARAMCOUNT; jp = malloc(jpcnt * sizeof(*jp)); if (jp == NULL) @@ -193,7 +195,7 @@ bectl_cmd_jail(int argc, char *argv[]) jailparam_add("allow.mount.devfs", "true"); jailparam_add("enforce_statfs", "1"); - while ((opt = getopt(argc, argv, "bo:u:")) != -1) { + while ((opt = getopt(argc, argv, "bo:Uu:")) != -1) { switch (opt) { case 'b': interactive = false; @@ -210,6 +212,9 @@ bectl_cmd_jail(int argc, char *argv[]) default_hostname = false; } break; + case 'U': + unjail = false; + break; case 'u': if ((ret = jailparam_delarg(optarg)) == 0) { if (strcmp(optarg, "name") == 0) @@ -259,16 +264,14 @@ bectl_cmd_jail(int argc, char *argv[]) if (default_hostname) jailparam_add("host.hostname", bootenv); - jflags = JAIL_CREATE; - if (interactive) - jflags |= JAIL_ATTACH; /* * This is our indicator that path was not set by the user, so we'll use * the path that libbe generated for us. */ if (mountpoint == NULL) jailparam_add("path", mnt_loc); - jid = jailparam_set(jp, jpused, jflags); + /* Create the jail for now, attach later as-needed */ + jid = jailparam_set(jp, jpused, JAIL_CREATE); if (jid == -1) { fprintf(stderr, "unable to create jail. error: %d\n", errno); return (1); @@ -277,14 +280,34 @@ bectl_cmd_jail(int argc, char *argv[]) jailparam_free(jp, jpused); free(jp); - if (interactive) { + /* We're not interactive, nothing more to do here. */ + if (!interactive) + return (0); + + pid = fork(); + switch(pid) { + case -1: + perror("fork"); + return (1); + case 0: + jail_attach(jid); /* We're attached within the jail... good bye! */ chdir("/"); if (argc > 1) execve(argv[1], &argv[1], NULL); else execl("/bin/sh", "/bin/sh", NULL); - return (1); + fprintf(stderr, "bectl jail: failed to execute %s\n", + (argc > 1 ? argv[1] : "/bin/sh")); + _exit(1); + default: + /* Wait for the child to get back, see if we need to unjail */ + waitpid(pid, NULL, 0); + } + + if (unjail) { + jail_remove(jid); + unmount(mnt_loc, 0); } return (0);