Date: Fri, 6 Jul 2018 19:10:07 +0000 (UTC) From: Jamie Gritton <jamie@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r336039 - in stable/10: lib/libugidfw sbin/ipfw usr.bin/cpuset usr.bin/sockstat Message-ID: <201807061910.w66JA7Qb060702@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jamie Date: Fri Jul 6 19:10:07 2018 New Revision: 336039 URL: https://svnweb.freebsd.org/changeset/base/336039 Log: MFC r335921: Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8), sockstat(1), ugidfw(8) These are the last of the jail-aware userland utilities that didn't work with names. PR: 229266 Differential Revision: D16047 Modified: stable/10/lib/libugidfw/ugidfw.c stable/10/sbin/ipfw/Makefile stable/10/sbin/ipfw/ipfw.8 stable/10/sbin/ipfw/ipfw2.c stable/10/usr.bin/cpuset/Makefile stable/10/usr.bin/cpuset/cpuset.1 stable/10/usr.bin/cpuset/cpuset.c stable/10/usr.bin/sockstat/Makefile stable/10/usr.bin/sockstat/sockstat.1 stable/10/usr.bin/sockstat/sockstat.c Directory Properties: stable/10/ (props changed) Modified: stable/10/lib/libugidfw/ugidfw.c ============================================================================== --- stable/10/lib/libugidfw/ugidfw.c Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/lib/libugidfw/ugidfw.c Fri Jul 6 19:10:07 2018 (r336039) @@ -32,9 +32,11 @@ */ #include <sys/param.h> #include <sys/errno.h> +#include <sys/jail.h> #include <sys/time.h> #include <sys/sysctl.h> #include <sys/ucred.h> +#include <sys/uio.h> #include <sys/mount.h> #include <security/mac_bsdextended/mac_bsdextended.h> @@ -599,16 +601,45 @@ bsde_parse_gidrange(char *spec, gid_t *min, gid_t *max } int +bsde_get_jailid(const char *name, size_t buflen, char *errstr) +{ + char *ep; + int jid; + struct iovec jiov[4]; + + /* Copy jail_getid(3) instead of messing with library dependancies */ + jid = strtoul(name, &ep, 10); + if (*name && !*ep) + return jid; + jiov[0].iov_base = __DECONST(char *, "name"); + jiov[0].iov_len = sizeof("name"); + jiov[1].iov_len = strlen(name) + 1; + jiov[1].iov_base = alloca(jiov[1].iov_len); + strcpy(jiov[1].iov_base, name); + if (errstr && buflen) { + jiov[2].iov_base = __DECONST(char *, "errmsg"); + jiov[2].iov_len = sizeof("errmsg"); + jiov[3].iov_base = errstr; + jiov[3].iov_len = buflen; + errstr[0] = 0; + jid = jail_get(jiov, 4, 0); + if (jid < 0 && !errstr[0]) + snprintf(errstr, buflen, "jail_get: %s", + strerror(errno)); + } else + jid = jail_get(jiov, 2, 0); + return jid; +} + +static int bsde_parse_subject(int argc, char *argv[], struct mac_bsdextended_subject *subject, size_t buflen, char *errstr) { int not_seen, flags; int current, neg, nextnot; - char *endp; uid_t uid_min, uid_max; gid_t gid_min, gid_max; int jid; - long value; current = 0; flags = 0; @@ -667,13 +698,9 @@ bsde_parse_subject(int argc, char *argv[], snprintf(errstr, buflen, "one jail only"); return (-1); } - value = strtol(argv[current+1], &endp, 10); - if (*endp != '\0') { - snprintf(errstr, buflen, "invalid jid: '%s'", - argv[current+1]); + jid = bsde_get_jailid(argv[current+1], buflen, errstr); + if (jid < 0) return (-1); - } - jid = value; flags |= MBS_PRISON_DEFINED; if (nextnot) { neg ^= MBS_PRISON_DEFINED; Modified: stable/10/sbin/ipfw/Makefile ============================================================================== --- stable/10/sbin/ipfw/Makefile Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/sbin/ipfw/Makefile Fri Jul 6 19:10:07 2018 (r336039) @@ -11,8 +11,8 @@ SRCS+= altq.c CFLAGS+=-DPF .endif -DPADD= ${LIBUTIL} -LDADD= -lutil +DPADD= ${LIBJAIL} ${LIBUTIL} +LDADD= -ljail -lutil MAN= ipfw.8 .include <bsd.prog.mk> Modified: stable/10/sbin/ipfw/ipfw.8 ============================================================================== --- stable/10/sbin/ipfw/ipfw.8 Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/sbin/ipfw/ipfw.8 Fri Jul 6 19:10:07 2018 (r336039) @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd March 12, 2018 +.Dd July 3, 2018 .Dt IPFW 8 .Os .Sh NAME @@ -1377,10 +1377,10 @@ Matches all TCP or UDP packets sent by or received for A .Ar group may be specified by name or number. -.It Cm jail Ar prisonID +.It Cm jail Ar jail Matches all TCP or UDP packets sent by or received for the -jail whos prison ID is -.Ar prisonID . +jail whose ID or name is +.Ar jail . .It Cm icmptypes Ar types Matches ICMP packets whose ICMP type is in the list .Ar types . Modified: stable/10/sbin/ipfw/ipfw2.c ============================================================================== --- stable/10/sbin/ipfw/ipfw2.c Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/sbin/ipfw/ipfw2.c Fri Jul 6 19:10:07 2018 (r336039) @@ -32,6 +32,7 @@ #include <err.h> #include <errno.h> #include <grp.h> +#include <jail.h> #include <netdb.h> #include <pwd.h> #include <stdio.h> @@ -3653,13 +3654,12 @@ read_options: case TOK_JAIL: NEED1("jail requires argument"); { - char *end; int jid; cmd->opcode = O_JAIL; - jid = (int)strtol(*av, &end, 0); - if (jid < 0 || *end != '\0') - errx(EX_DATAERR, "jail requires prison ID"); + jid = jail_getid(*av); + if (jid < 0) + errx(EX_DATAERR, "%s", jail_errmsg); cmd32->d[0] = (uint32_t)jid; cmd->len |= F_INSN_SIZE(ipfw_insn_u32); av++; Modified: stable/10/usr.bin/cpuset/Makefile ============================================================================== --- stable/10/usr.bin/cpuset/Makefile Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/usr.bin/cpuset/Makefile Fri Jul 6 19:10:07 2018 (r336039) @@ -2,4 +2,7 @@ PROG= cpuset +DPADD= ${LIBJAIL} +LDADD= -ljail + .include <bsd.prog.mk> Modified: stable/10/usr.bin/cpuset/cpuset.1 ============================================================================== --- stable/10/usr.bin/cpuset/cpuset.1 Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/usr.bin/cpuset/cpuset.1 Fri Jul 6 19:10:07 2018 (r336039) @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 14, 2011 +.Dd July 3, 2018 .Dt CPUSET 1 .Os .Sh NAME @@ -48,10 +48,10 @@ .Nm .Op Fl cr .Op Fl l Ar cpu-list -.Op Fl j Ar jailid | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq +.Op Fl j Ar jail | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq .Nm .Op Fl cgir -.Op Fl j Ar jailid | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq +.Op Fl j Ar jail | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq .Sh DESCRIPTION The .Nm @@ -62,7 +62,7 @@ about processor binding, sets, and available processor .Nm requires a target to modify or query. The target may be specified as a command, process id, thread id, a -cpuset id, an irq or a jail id. +cpuset id, an irq or a jail. Using .Fl g the target's set id or mask may be queried. @@ -118,8 +118,8 @@ the id of the target. When used with the .Fl g option print the id rather than the valid mask of the target. -.It Fl j Ar jailid -Specifies a jail id as the target of the operation. +.It Fl j Ar jail +Specifies a jail id or name as the target of the operation. .It Fl l Ar cpu-list Specifies a list of CPUs to apply to a target. Specification may include Modified: stable/10/usr.bin/cpuset/cpuset.c ============================================================================== --- stable/10/usr.bin/cpuset/cpuset.c Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/usr.bin/cpuset/cpuset.c Fri Jul 6 19:10:07 2018 (r336039) @@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$"); #include <ctype.h> #include <err.h> #include <errno.h> +#include <jail.h> #include <limits.h> #include <stdio.h> #include <stdlib.h> @@ -226,7 +227,9 @@ main(int argc, char *argv[]) case 'j': jflag = 1; which = CPU_WHICH_JAIL; - id = atoi(optarg); + id = jail_getid(optarg); + if (id < 0) + errx(EXIT_FAILURE, "%s", jail_errmsg); break; case 'l': lflag = 1; Modified: stable/10/usr.bin/sockstat/Makefile ============================================================================== --- stable/10/usr.bin/sockstat/Makefile Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/usr.bin/sockstat/Makefile Fri Jul 6 19:10:07 2018 (r336039) @@ -2,4 +2,7 @@ PROG= sockstat +DPADD= ${LIBJAIL} +LDADD= -ljail + .include <bsd.prog.mk> Modified: stable/10/usr.bin/sockstat/sockstat.1 ============================================================================== --- stable/10/usr.bin/sockstat/sockstat.1 Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/usr.bin/sockstat/sockstat.1 Fri Jul 6 19:10:07 2018 (r336039) @@ -27,7 +27,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 27, 2015 +.Dd July 3, 2018 .Dt SOCKSTAT 1 .Os .Sh NAME @@ -58,8 +58,8 @@ Show (IPv6) sockets. .It Fl c Show connected sockets. -.It Fl j Ar jid -Show only sockets belonging to the specified jail ID. +.It Fl j Ar jail +Show only sockets belonging to the specified jail ID or name. .It Fl L Only show Internet sockets if the local and foreign addresses are not in the loopback network prefix Modified: stable/10/usr.bin/sockstat/sockstat.c ============================================================================== --- stable/10/usr.bin/sockstat/sockstat.c Fri Jul 6 18:50:22 2018 (r336038) +++ stable/10/usr.bin/sockstat/sockstat.c Fri Jul 6 19:10:07 2018 (r336039) @@ -54,6 +54,7 @@ __FBSDID("$FreeBSD$"); #include <ctype.h> #include <err.h> #include <errno.h> +#include <jail.h> #include <netdb.h> #include <pwd.h> #include <stdarg.h> @@ -1157,7 +1158,9 @@ main(int argc, char *argv[]) opt_c = 1; break; case 'j': - opt_j = atoi(optarg); + opt_j = jail_getid(optarg); + if (opt_j < 0) + errx(1, "%s", jail_errmsg); break; case 'L': opt_L = 1;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807061910.w66JA7Qb060702>