Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 6 Jul 2018 19:10:07 +0000 (UTC)
From:      Jamie Gritton <jamie@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org
Subject:   svn commit: r336039 - in stable/10: lib/libugidfw sbin/ipfw usr.bin/cpuset usr.bin/sockstat
Message-ID:  <201807061910.w66JA7Qb060702@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jamie
Date: Fri Jul  6 19:10:07 2018
New Revision: 336039
URL: https://svnweb.freebsd.org/changeset/base/336039

Log:
  MFC r335921:
  
    Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
     sockstat(1), ugidfw(8)
    These are the last of the jail-aware userland utilities that didn't work
     with names.
  
  PR:		229266
  Differential Revision:	D16047

Modified:
  stable/10/lib/libugidfw/ugidfw.c
  stable/10/sbin/ipfw/Makefile
  stable/10/sbin/ipfw/ipfw.8
  stable/10/sbin/ipfw/ipfw2.c
  stable/10/usr.bin/cpuset/Makefile
  stable/10/usr.bin/cpuset/cpuset.1
  stable/10/usr.bin/cpuset/cpuset.c
  stable/10/usr.bin/sockstat/Makefile
  stable/10/usr.bin/sockstat/sockstat.1
  stable/10/usr.bin/sockstat/sockstat.c
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libugidfw/ugidfw.c
==============================================================================
--- stable/10/lib/libugidfw/ugidfw.c	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/lib/libugidfw/ugidfw.c	Fri Jul  6 19:10:07 2018	(r336039)
@@ -32,9 +32,11 @@
  */
 #include <sys/param.h>
 #include <sys/errno.h>
+#include <sys/jail.h>
 #include <sys/time.h>
 #include <sys/sysctl.h>
 #include <sys/ucred.h>
+#include <sys/uio.h>
 #include <sys/mount.h>
 
 #include <security/mac_bsdextended/mac_bsdextended.h>
@@ -599,16 +601,45 @@ bsde_parse_gidrange(char *spec, gid_t *min, gid_t *max
 }
 
 int
+bsde_get_jailid(const char *name, size_t buflen, char *errstr)
+{
+	char *ep;
+	int jid;
+	struct iovec jiov[4];
+
+	/* Copy jail_getid(3) instead of messing with library dependancies */
+	jid = strtoul(name, &ep, 10);
+	if (*name && !*ep)
+		return jid;
+	jiov[0].iov_base = __DECONST(char *, "name");
+	jiov[0].iov_len = sizeof("name");
+	jiov[1].iov_len = strlen(name) + 1;
+	jiov[1].iov_base = alloca(jiov[1].iov_len);
+	strcpy(jiov[1].iov_base, name);
+	if (errstr && buflen) {
+		jiov[2].iov_base = __DECONST(char *, "errmsg");
+		jiov[2].iov_len = sizeof("errmsg");
+		jiov[3].iov_base = errstr;
+		jiov[3].iov_len = buflen;
+		errstr[0] = 0;
+		jid = jail_get(jiov, 4, 0);
+		if (jid < 0 && !errstr[0])
+			snprintf(errstr, buflen, "jail_get: %s",
+			    strerror(errno));
+	} else
+		jid = jail_get(jiov, 2, 0);
+	return jid;
+}
+
+static int
 bsde_parse_subject(int argc, char *argv[],
     struct mac_bsdextended_subject *subject, size_t buflen, char *errstr)
 {
 	int not_seen, flags;
 	int current, neg, nextnot;
-	char *endp;
 	uid_t uid_min, uid_max;
 	gid_t gid_min, gid_max;
 	int jid;
-	long value;
 
 	current = 0;
 	flags = 0;
@@ -667,13 +698,9 @@ bsde_parse_subject(int argc, char *argv[],
 				snprintf(errstr, buflen, "one jail only");
 				return (-1);
 			}
-			value = strtol(argv[current+1], &endp, 10);
-			if (*endp != '\0') {
-				snprintf(errstr, buflen, "invalid jid: '%s'",
-				    argv[current+1]);
+			jid = bsde_get_jailid(argv[current+1], buflen, errstr);
+			if (jid < 0)
 				return (-1);
-			}
-			jid = value;
 			flags |= MBS_PRISON_DEFINED;
 			if (nextnot) {
 				neg ^= MBS_PRISON_DEFINED;

Modified: stable/10/sbin/ipfw/Makefile
==============================================================================
--- stable/10/sbin/ipfw/Makefile	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/sbin/ipfw/Makefile	Fri Jul  6 19:10:07 2018	(r336039)
@@ -11,8 +11,8 @@ SRCS+=	altq.c
 CFLAGS+=-DPF
 .endif
 
-DPADD=	${LIBUTIL}
-LDADD=	-lutil
+DPADD=	${LIBJAIL} ${LIBUTIL}
+LDADD=	-ljail -lutil
 MAN=	ipfw.8
 
 .include <bsd.prog.mk>

Modified: stable/10/sbin/ipfw/ipfw.8
==============================================================================
--- stable/10/sbin/ipfw/ipfw.8	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/sbin/ipfw/ipfw.8	Fri Jul  6 19:10:07 2018	(r336039)
@@ -1,7 +1,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 12, 2018
+.Dd July 3, 2018
 .Dt IPFW 8
 .Os
 .Sh NAME
@@ -1377,10 +1377,10 @@ Matches all TCP or UDP packets sent by or received for
 A
 .Ar group
 may be specified by name or number.
-.It Cm jail Ar prisonID
+.It Cm jail Ar jail
 Matches all TCP or UDP packets sent by or received for the
-jail whos prison ID is
-.Ar prisonID .
+jail whose ID or name is
+.Ar jail .
 .It Cm icmptypes Ar types
 Matches ICMP packets whose ICMP type is in the list
 .Ar types .

Modified: stable/10/sbin/ipfw/ipfw2.c
==============================================================================
--- stable/10/sbin/ipfw/ipfw2.c	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/sbin/ipfw/ipfw2.c	Fri Jul  6 19:10:07 2018	(r336039)
@@ -32,6 +32,7 @@
 #include <err.h>
 #include <errno.h>
 #include <grp.h>
+#include <jail.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <stdio.h>
@@ -3653,13 +3654,12 @@ read_options:
 		case TOK_JAIL:
 			NEED1("jail requires argument");
 		    {
-			char *end;
 			int jid;
 
 			cmd->opcode = O_JAIL;
-			jid = (int)strtol(*av, &end, 0);
-			if (jid < 0 || *end != '\0')
-				errx(EX_DATAERR, "jail requires prison ID");
+			jid = jail_getid(*av);
+			if (jid < 0)
+				errx(EX_DATAERR, "%s", jail_errmsg);
 			cmd32->d[0] = (uint32_t)jid;
 			cmd->len |= F_INSN_SIZE(ipfw_insn_u32);
 			av++;

Modified: stable/10/usr.bin/cpuset/Makefile
==============================================================================
--- stable/10/usr.bin/cpuset/Makefile	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/usr.bin/cpuset/Makefile	Fri Jul  6 19:10:07 2018	(r336039)
@@ -2,4 +2,7 @@
 
 PROG=   cpuset
 
+DPADD=	${LIBJAIL}
+LDADD=	-ljail
+
 .include <bsd.prog.mk>

Modified: stable/10/usr.bin/cpuset/cpuset.1
==============================================================================
--- stable/10/usr.bin/cpuset/cpuset.1	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/usr.bin/cpuset/cpuset.1	Fri Jul  6 19:10:07 2018	(r336039)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 14, 2011
+.Dd July 3, 2018
 .Dt CPUSET 1
 .Os
 .Sh NAME
@@ -48,10 +48,10 @@
 .Nm
 .Op Fl cr
 .Op Fl l Ar cpu-list
-.Op Fl j Ar jailid | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
+.Op Fl j Ar jail | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
 .Nm
 .Op Fl cgir
-.Op Fl j Ar jailid | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
+.Op Fl j Ar jail | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
 .Sh DESCRIPTION
 The
 .Nm
@@ -62,7 +62,7 @@ about processor binding, sets, and available processor
 .Nm
 requires a target to modify or query.
 The target may be specified as a command, process id, thread id, a
-cpuset id, an irq or a jail id.
+cpuset id, an irq or a jail.
 Using
 .Fl g
 the target's set id or mask may be queried.
@@ -118,8 +118,8 @@ the id of the target.
 When used with the
 .Fl g
 option print the id rather than the valid mask of the target.
-.It Fl j Ar jailid
-Specifies a jail id as the target of the operation.
+.It Fl j Ar jail
+Specifies a jail id or name as the target of the operation.
 .It Fl l Ar cpu-list
 Specifies a list of CPUs to apply to a target.
 Specification may include

Modified: stable/10/usr.bin/cpuset/cpuset.c
==============================================================================
--- stable/10/usr.bin/cpuset/cpuset.c	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/usr.bin/cpuset/cpuset.c	Fri Jul  6 19:10:07 2018	(r336039)
@@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$");
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
+#include <jail.h>
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -226,7 +227,9 @@ main(int argc, char *argv[])
 		case 'j':
 			jflag = 1;
 			which = CPU_WHICH_JAIL;
-			id = atoi(optarg);
+			id = jail_getid(optarg);
+			if (id < 0)
+				errx(EXIT_FAILURE, "%s", jail_errmsg);
 			break;
 		case 'l':
 			lflag = 1;

Modified: stable/10/usr.bin/sockstat/Makefile
==============================================================================
--- stable/10/usr.bin/sockstat/Makefile	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/usr.bin/sockstat/Makefile	Fri Jul  6 19:10:07 2018	(r336039)
@@ -2,4 +2,7 @@
 
 PROG=		sockstat
 
+DPADD=		${LIBJAIL}
+LDADD=		-ljail
+
 .include <bsd.prog.mk>

Modified: stable/10/usr.bin/sockstat/sockstat.1
==============================================================================
--- stable/10/usr.bin/sockstat/sockstat.1	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/usr.bin/sockstat/sockstat.1	Fri Jul  6 19:10:07 2018	(r336039)
@@ -27,7 +27,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 27, 2015
+.Dd July 3, 2018
 .Dt SOCKSTAT 1
 .Os
 .Sh NAME
@@ -58,8 +58,8 @@ Show
 (IPv6) sockets.
 .It Fl c
 Show connected sockets.
-.It Fl j Ar jid
-Show only sockets belonging to the specified jail ID.
+.It Fl j Ar jail
+Show only sockets belonging to the specified jail ID or name.
 .It Fl L
 Only show Internet sockets if the local and foreign addresses are not
 in the loopback network prefix

Modified: stable/10/usr.bin/sockstat/sockstat.c
==============================================================================
--- stable/10/usr.bin/sockstat/sockstat.c	Fri Jul  6 18:50:22 2018	(r336038)
+++ stable/10/usr.bin/sockstat/sockstat.c	Fri Jul  6 19:10:07 2018	(r336039)
@@ -54,6 +54,7 @@ __FBSDID("$FreeBSD$");
 #include <ctype.h>
 #include <err.h>
 #include <errno.h>
+#include <jail.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <stdarg.h>
@@ -1157,7 +1158,9 @@ main(int argc, char *argv[])
 			opt_c = 1;
 			break;
 		case 'j':
-			opt_j = atoi(optarg);
+			opt_j = jail_getid(optarg);
+			if (opt_j < 0)
+				errx(1, "%s", jail_errmsg);
 			break;
 		case 'L':
 			opt_L = 1;



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807061910.w66JA7Qb060702>