From nobody Fri Jun 13 01:21:52 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bJM7P1dfsz5ykSJ;
	Fri, 13 Jun 2025 01:21:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bJM7N2np5z3LFX;
	Fri, 13 Jun 2025 01:21:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1749777712;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=SjSe/lQOdxfbZXF3LQfdRg2LG/jGHyCkwI0eXlvUmLI=;
	b=LpJwXuGngjj0AN7hOEOoKbIs3jKfbqZY1DWiwLqwQ6Kby9XgfCv/an7IxqpOONUR+WQ3/u
	dCOKo0EKHMbm4FASGNChW5MnrdH4y5vtXlYUsbHMjm4G8mifJRsglSIzt1Ch83ifFPAmMY
	mxQmToBkRG4+ag4O3KPe2i0OZ0en/iILcHAAkNBuccX5n1A4J3oRZIGvMYqZ9Z4IeyC2Cw
	daBSlzegnMs0xOSprak0GWKgTNfb0XZUNe6N/Cu5/U6SHCrWbcy8NFUGcU0tXiY0fBi+Kc
	mFkRoo4lQ13I4RbBEyINWS76xwyblhFccvGep2XkSjD1pGaROAIsM4aMwsPa/Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1749777712;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=SjSe/lQOdxfbZXF3LQfdRg2LG/jGHyCkwI0eXlvUmLI=;
	b=uK/qd7pXaAZE//MadvfRNGn+hXNtdbLMoa8PF640KyTEMM7MHbhtaGJDkyn1tiJC19smVT
	m4gQJAcmOuhnnQb8L+HAPparXkU4nT+oew964s0RB5Xoy3FCuBP9BSbxnxHPlokShNFGkk
	qvdbaSxOsPIMtY54BLgz1GKp/JQfPikmWpMNdUt6OGzxP+xO2PBEMRPJfOVBRv555B2G9u
	60GV4mJMf9DDFNqTlyoPg9AeYRjCuSCID1Thy63c+uWh5KheLbalsT8wMRCg9Ij1CHKxFt
	a8tDrfDlpKL5NI2rL+Eldr/hL+NDiMfc5nmtRtJdA1LqYxkgOw/qAbmqBXo/Vg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1749777712; a=rsa-sha256; cv=none;
	b=qQlkCaz+d0//9oEauhNzeGksHtj0B/GwRHYGECq6qxpjuzmmyUXGHb9M+qQENZmo2S1czq
	XGv+Prvo/C8h3bha4Sw98noB/dcVUBbOiwofzeIE4/7IPnYx4ifSEsztv0RDk0mA0z2F2c
	wGx5IL5bVReRszAw5qRwC/0tmgNbjRqQdQYdVolJt4ZONIoDp7Bj7fMGIybqoM2bJmOPXm
	i0kj9VZfEVKFxS7Yp+W4w4gk6QH2wrC7tstg5KO/GsL9HXWdNBRdy4GbC0qmOmm/g6bSwi
	iPliW2qrkP3MC2DjU7OyZZyCD5q9fmJuknyhs9b1YYub6J2AQ7jKTws+FYfi3g==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bJM7N26GpzdJM;
	Fri, 13 Jun 2025 01:21:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 55D1LqSY087798;
	Fri, 13 Jun 2025 01:21:52 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 55D1LqdJ087795;
	Fri, 13 Jun 2025 01:21:52 GMT
	(envelope-from git)
Date: Fri, 13 Jun 2025 01:21:52 GMT
Message-Id: <202506130121.55D1LqdJ087795@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Warner Losh <imp@FreeBSD.org>
Subject: git: d8f021add40c - main - jail: add JID, JNAME and JPATH
  to environment for exec.* commands
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: imp
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: d8f021add40c321c4578da55dae52fb93c7ccb5f
Auto-Submitted: auto-generated

The branch main has been updated by imp:

URL: https://cgit.FreeBSD.org/src/commit/?id=d8f021add40c321c4578da55dae52fb93c7ccb5f

commit d8f021add40c321c4578da55dae52fb93c7ccb5f
Author:     Quentin Thébault <quentin.thebault@defenso.fr>
AuthorDate: 2025-03-05 09:51:06 +0000
Commit:     Warner Losh <imp@FreeBSD.org>
CommitDate: 2025-06-13 01:21:45 +0000

    jail: add JID, JNAME and JPATH to environment for exec.* commands
    
    Although variable substitution is available in the jail configuration
    file, the jail identifier is often not since it is dynamically
    attributed at run time.
    
    In order to facilitate scripting of exec.* commands executed on the
    system, this change sets the JID, JNAME and JPATH environment variables.
    
    These variables are not added when using exec.clean. Neither are they
    for commands executed inside jails, to avoid disclosing information
    about the host system.
    
    Reviewed by: imp
    Pull Request: https://github.com/freebsd/freebsd-src/pull/1609
    Closes: https://github.com/freebsd/freebsd-src/pull/1609
---
 usr.sbin/jail/command.c                | 14 +++++++++++++-
 usr.sbin/jail/jail.8                   | 21 +++++++++++++++++++++
 usr.sbin/jail/tests/commands.jail.conf |  3 +++
 usr.sbin/jail/tests/jail_basic_test.sh | 11 +++++++++--
 4 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c
index fe6563230bde..8ea3f3ee8795 100644
--- a/usr.sbin/jail/command.c
+++ b/usr.sbin/jail/command.c
@@ -290,7 +290,7 @@ run_command(struct cfjail *j)
 	const struct cfstring *comstring, *s;
 	login_cap_t *lcap;
 	const char **argv;
-	char *acs, *cs, *comcs, *devpath;
+	char *acs, *ajidstr, *cs, *comcs, *devpath;
 	const char *jidstr, *conslog, *fmt, *path, *ruleset, *term, *username;
 	enum intparam comparam;
 	size_t comlen, ret;
@@ -795,6 +795,18 @@ run_command(struct cfjail *j)
 		}
 		endpwent();
 	}
+	if (!injail) {
+		if (asprintf(&ajidstr, "%d", j->jid) == -1) {
+			jail_warnx(j, "asprintf jid=%d: %s", j->jid,
+				strerror(errno));
+			exit(1);
+		}
+		setenv("JID", ajidstr, 1);
+		free(ajidstr);
+		setenv("JNAME", string_param(j->intparams[KP_NAME]), 1);
+		path = string_param(j->intparams[KP_PATH]);
+		setenv("JPATH", path ? path : "", 1);
+	}
 
 	if (consfd != 0 && (dup2(consfd, 1) < 0 || dup2(consfd, 2) < 0)) {
 		jail_warnx(j, "exec.consolelog: %s", strerror(errno));
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 8d7bc25a8694..dd7b91d5cefa 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -858,6 +858,22 @@ commands in sequence.
 All commands must succeed (return a zero exit status), or the jail will
 not be created or removed, as appropriate.
 .Pp
+The following variables are added to the environment:
+.Bl -tag -width indent -offset indent
+.It Ev JID
+The
+.Va jid ,
+or jail identifier.
+.It Ev JNAME
+The
+.Va name
+of the jail.
+.It Ev JPATH
+The
+.Va path
+of the jail.
+.El
+.Pp
 The pseudo-parameters are:
 .Bl -tag -width indent
 .It Va exec.prepare
@@ -922,6 +938,11 @@ is imported from the current environment.
 is set to "/bin:/usr/bin".
 The environment variables from the login class capability database for the
 target login are also set.
+.Ev JID ,
+.Ev JNAME ,
+and
+.Ev JPATH
+are not set.
 If a user is specified (as with
 .Va exec.jail_user ) ,
 commands are run from that (possibly jailed) user's directory.
diff --git a/usr.sbin/jail/tests/commands.jail.conf b/usr.sbin/jail/tests/commands.jail.conf
index 4ea24ec6b058..afd56d1fa5d6 100644
--- a/usr.sbin/jail/tests/commands.jail.conf
+++ b/usr.sbin/jail/tests/commands.jail.conf
@@ -1,6 +1,9 @@
 
 exec.prestop = "echo STOP";
 exec.prestart = "echo START";
+exec.poststart = "env";
 persist;
 
+path = "/tmp/test_${name}_root";
+
 basejail {}
diff --git a/usr.sbin/jail/tests/jail_basic_test.sh b/usr.sbin/jail/tests/jail_basic_test.sh
index 5d67f42c2d56..6498eb1c1fdc 100755
--- a/usr.sbin/jail/tests/jail_basic_test.sh
+++ b/usr.sbin/jail/tests/jail_basic_test.sh
@@ -129,13 +129,19 @@ commands_head()
 {
 	atf_set descr 'Commands jail test'
 	atf_set require.user root
+	mkdir /tmp/test_basejail_root
 }
 
 commands_body()
 {
-	# exec.prestart
-	atf_check -s exit:0 -o inline:"START\n" \
+	# exec.prestart (START) and exec.poststart (env)
+	atf_check -s exit:0 -o save:stdout -e empty \
 		jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail
+	grep -E '^START$' stdout || atf_fail "exec.prestart output not found"
+	grep -E '^JID=[0-9]+' stdout || atf_fail "JID not found in exec.poststart env output"
+	grep -E '^JNAME=basejail$' stdout || atf_fail "JNAME not found in exec.poststart env output"
+	grep -E '^JPATH=/tmp/test_basejail_root$' stdout || atf_fail "JPATH not found in exec.poststart env output"
+
 	# exec.prestop by jailname
 	atf_check -s exit:0 -o inline:"STOP\n" \
 		jail -f $(atf_get_srcdir)/commands.jail.conf -qr basejail 
@@ -152,6 +158,7 @@ commands_cleanup()
 	then
 	    jail -r basejail
 	fi
+	rmdir /tmp/test_basejail_root
 }
 
 atf_init_test_cases()