From owner-svn-src-all@FreeBSD.ORG Sat Feb 7 05:19:01 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 24408432; Sat, 7 Feb 2015 05:19:01 +0000 (UTC) Received: from mail-pa0-x230.google.com (mail-pa0-x230.google.com [IPv6:2607:f8b0:400e:c03::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DED907B4; Sat, 7 Feb 2015 05:19:00 +0000 (UTC) Received: by mail-pa0-f48.google.com with SMTP id ey11so21578380pad.7; Fri, 06 Feb 2015 21:19:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=vcAWQDlBkn9QtMjOqui9dqG35hlAzXJs0XYzcxAXm8I=; b=IYTF6mai896G+ZqCKMWj/4OfrzmHReWvEZr7VXR54HLKuDlJVRNoIUOqPRS01s84dP vZyBJ/6HttDyxKeTo4h2D7FEzB+XZDj7M/UK2Mvh1RZW5LwaDkMSHnGHHEDg3tBjGhsT KJODeW2H8/ijDYeMYC+VxNz+dnqMhkDy+EeUAK2+okf1U5Bu5ZSJ9A5CA2ANtYJiFJZW xFUmz/ze+oBxrgwMyRcCyS0p8x+NCg3nRHIORcXiUodKmKiR+ynkgESPzN8xM7boMD4p hsYhwLSplu7dOOWgPS9x3ifseY3SWy1FUPuI46+m5FeaRNmOJoECMQNmZ9ZiosGY0G2c 315A== X-Received: by 10.66.249.39 with SMTP id yr7mr10915427pac.43.1423286340429; Fri, 06 Feb 2015 21:19:00 -0800 (PST) Received: from ?IPv6:2601:8:ab80:7d6:e47d:5c02:fe5f:40fa? ([2601:8:ab80:7d6:e47d:5c02:fe5f:40fa]) by mx.google.com with ESMTPSA id tn2sm9689534pbc.15.2015.02.06.21.18.59 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 06 Feb 2015 21:18:59 -0800 (PST) Content-Type: multipart/signed; boundary="Apple-Mail=_5B8F74D2-0F6E-4589-B0BD-79FAE33C3A09"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: svn commit: r278323 - in head: etc/rc.d usr.sbin/jail From: Garrett Cooper In-Reply-To: <201502061754.t16HssXU042750@svn.freebsd.org> Date: Fri, 6 Feb 2015 21:18:58 -0800 Message-Id: References: <201502061754.t16HssXU042750@svn.freebsd.org> To: Jamie Gritton X-Mailer: Apple Mail (2.1878.6) Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2015 05:19:01 -0000 --Apple-Mail=_5B8F74D2-0F6E-4589-B0BD-79FAE33C3A09 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Feb 6, 2015, at 9:54, Jamie Gritton wrote: > Author: jamie > Date: Fri Feb 6 17:54:53 2015 > New Revision: 278323 > URL: https://svnweb.freebsd.org/changeset/base/278323 >=20 > Log: > Add mount.procfs jail parameter, so procfs can be mounted when a = prison's > root is in its fstab. >=20 > Also fix a typo while I'm at it. >=20 > PR: 197237 197066 > MFC after: 3 days >=20 > Modified: > head/etc/rc.d/jail > head/usr.sbin/jail/command.c > head/usr.sbin/jail/config.c > head/usr.sbin/jail/jail.8 > head/usr.sbin/jail/jail.c > head/usr.sbin/jail/jailp.h >=20 > Modified: head/etc/rc.d/jail > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/etc/rc.d/jail Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/etc/rc.d/jail Fri Feb 6 17:54:53 2015 = (r278323) > @@ -28,7 +28,7 @@ extra_commands=3D"config console status" >=20 > need_dad_wait=3D >=20 > -# extact_var jail name param num defval > +# extract_var jail name param num defval > # Extract value from ${jail_$jail_$name} or ${jail_$name} and > # set it to $param. If not defined, $defval is used. > # When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and > @@ -233,8 +233,7 @@ parse_options() > fi > eval : = \${jail_${_j}_procfs_enable:=3D${jail_procfs_enable:-NO}} > if checkyesno jail_${_j}_procfs_enable; then > - echo " mount +=3D " \ > - "\"procfs ${_rootdir%/}/proc procfs rw 0 = 0\";" > + echo " mount.procfs;" > fi >=20 > eval : = \${jail_${_j}_mount_enable:=3D${jail_mount_enable:-NO}} >=20 > Modified: head/usr.sbin/jail/command.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/command.c Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/command.c Fri Feb 6 17:54:53 2015 = (r278323) > @@ -112,6 +112,12 @@ next_command(struct cfjail *j) > if = (!bool_param(j->intparams[IP_MOUNT_FDESCFS])) > continue; > j->comstring =3D &dummystring; > + break; > + case IP_MOUNT_PROCFS: > + if = (!bool_param(j->intparams[IP_MOUNT_PROCFS])) > + continue; > + j->comstring =3D &dummystring; > + break; Did you intend on adding another break? The code would previously fall = through to the next case statement... > case IP__OP: > case IP_STOP_TIMEOUT: > j->comstring =3D &dummystring; > @@ -528,6 +534,32 @@ run_command(struct cfjail *j) > } > break; >=20 > + case IP_MOUNT_PROCFS: > + argv =3D alloca(7 * sizeof(char *)); > + path =3D string_param(j->intparams[KP_PATH]); > + if (path =3D=3D NULL) { > + jail_warnx(j, "mount.procfs: no path"); > + return -1; > + } > + devpath =3D alloca(strlen(path) + 6); > + sprintf(devpath, "%s/proc", path); > + if (check_path(j, "mount.procfs", devpath, 0, > + down ? "procfs" : NULL) < 0) > + return -1; > + if (down) { > + argv[0] =3D "/sbin/umount"; > + argv[1] =3D devpath; > + argv[2] =3D NULL; > + } else { > + argv[0] =3D _PATH_MOUNT; > + argv[1] =3D "-t"; > + argv[2] =3D "procfs"; > + argv[3] =3D "."; > + argv[4] =3D devpath; > + argv[5] =3D NULL; > + } > + break; > + > case IP_COMMAND: > if (j->name !=3D NULL) > goto default_command; >=20 > Modified: head/usr.sbin/jail/config.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/config.c Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/config.c Fri Feb 6 17:54:53 2015 = (r278323) > @@ -84,6 +84,7 @@ static const struct ipspec intparams[] =3D > [IP_MOUNT] =3D {"mount", PF_INTERNAL | = PF_REV}, > [IP_MOUNT_DEVFS] =3D {"mount.devfs", = PF_INTERNAL | PF_BOOL}, > [IP_MOUNT_FDESCFS] =3D {"mount.fdescfs", PF_INTERNAL | = PF_BOOL}, > + [IP_MOUNT_PROCFS] =3D {"mount.procfs", = PF_INTERNAL | PF_BOOL}, > [IP_MOUNT_FSTAB] =3D {"mount.fstab", = PF_INTERNAL}, > [IP_STOP_TIMEOUT] =3D {"stop.timeout", = PF_INTERNAL | PF_INT}, > [IP_VNET_INTERFACE] =3D {"vnet.interface", PF_INTERNAL}, >=20 > Modified: head/usr.sbin/jail/jail.8 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/jail.8 Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/jail.8 Fri Feb 6 17:54:53 2015 = (r278323) > @@ -25,7 +25,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd January 28, 2015 > +.Dd February 6, 2015 > .Dt JAIL 8 > .Os > .Sh NAME > @@ -753,6 +753,12 @@ Mount a > filesystem on the chrooted > .Pa /dev/fd > directory. > +.It Va mount.procfs > +Mount a > +.Xr procfs 5 > +filesystem on the chrooted > +.Pa /proc > +directory. > .It Va allow.dying > Allow making changes to a > .Va dying > @@ -1207,6 +1213,7 @@ environment of the first jail. > .Xr jls 8 , > .Xr mount 8 , > .Xr named 8 , > +.Xr procfs 5 , > .Xr reboot 8 , > .Xr rpcbind 8 , > .Xr sendmail 8 , >=20 > Modified: head/usr.sbin/jail/jail.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/jail.c Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/jail.c Fri Feb 6 17:54:53 2015 = (r278323) > @@ -93,6 +93,7 @@ static const enum intparam startcommands > IP__MOUNT_FROM_FSTAB, > IP_MOUNT_DEVFS, > IP_MOUNT_FDESCFS, > + IP_MOUNT_PROCFS, > IP_EXEC_PRESTART,=20 > IP__OP, > IP_VNET_INTERFACE, > @@ -109,6 +110,7 @@ static const enum intparam stopcommands[ > IP_STOP_TIMEOUT, > IP__OP, > IP_EXEC_POSTSTOP, > + IP_MOUNT_PROCFS, > IP_MOUNT_FDESCFS, > IP_MOUNT_DEVFS, > IP__MOUNT_FROM_FSTAB, >=20 > Modified: head/usr.sbin/jail/jailp.h > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/jailp.h Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/jailp.h Fri Feb 6 17:54:53 2015 = (r278323) > @@ -96,6 +96,7 @@ enum intparam { > IP_MOUNT, /* Mount points in fstab(5) form */ > IP_MOUNT_DEVFS, /* Mount /dev under prison root */ > IP_MOUNT_FDESCFS, /* Mount /dev/fd under prison root */ > + IP_MOUNT_PROCFS, /* Mount /proc under prison root */ > IP_MOUNT_FSTAB, /* A standard fstab(5) file */ > IP_STOP_TIMEOUT, /* Time to wait after sending SIGTERM */ > IP_VNET_INTERFACE, /* Assign interface(s) to vnet jail */ >=20 --Apple-Mail=_5B8F74D2-0F6E-4589-B0BD-79FAE33C3A09 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJU1aBCAAoJEMZr5QU6S73e/oUH/iuXGJqEFbVXVaBRyaej41LA l4H31ffEFZ0GEh0v/Ukio64E1j0Et2BL6++kv8Y50IatJpsE0MoulXNgHjQiWffV ajj+tHIjFNch5ux/xpJ2gMGZ3crFHt4lXKsF60NKZh8kwejG0RQoo7k/S4zWX20Y vNf5xTBdG3VlJZ7fIGnHScdtIN1m6s0fC7wtmJwp7pmnq8dFKdeVfKL/46fwpYtS tZ5/u+16FV/LzxhtC8rB9ah4I+hdo5iSqBAiNAWDRWcpb7J+rB7a+mEsqvJMe/XI 7nosd3zdCdzm5u/yqH1ZswGasS+qslfEt9ZSeZlaYIFwH1khM962jh+uB+EEcjU= =EYsH -----END PGP SIGNATURE----- --Apple-Mail=_5B8F74D2-0F6E-4589-B0BD-79FAE33C3A09--