Date: Sun, 25 Nov 2001 21:16:39 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.ORG> To: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> Cc: Evan Sarmiento <evms@cs.bu.edu>, freebsd-stable@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: jail patch Message-ID: <Pine.NEB.3.96L.1011125211141.74761G-100000@fledge.watson.org> In-Reply-To: <15361.9475.891401.44730@horsey.gshapiro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 25 Nov 2001, Gregory Neil Shapiro wrote: > evms> I wrote this a while ago, but, if anyone is interested, please > evms> take a look: this module implements a system call that takes > evms> a u_int_32t. This system call, named killjail, kills all processes > evms> which belong to the jail which uses that particular IP address. > > evms> I included it in a tar with a makefile and with a program > evms> that uses it. (Eg: ./killjail 1.2.3.4) > > evms> http://www.sekt7.org/kjs.tar > > evms> Works on 4.4 but can be easily ported to 5.0. > > This can be done in userland without kernel interaction: > > #!/bin/sh > > EX_OK=0 > EX_USAGE=64 > > if [ "$1" = "" ] > then > echo "Usage: $0 jailname" > exit ${EX_USAGE} > fi > > pids=`grep -l " $1\$" /proc/*/status | awk -F/ '{print $3}'` > if [ "$pids" != "" ] > then > kill -15 $pids 2> /dev/null > fi > exit ${EX_OK} Note that there are a couple of caveats: (1) This only works well if jail.set_hostname_allowed is set to '0', or jails can rename themselves to avoid being killed, including to unfortunate names such as '-'. (2) This can be raced, unlike a kill(-1, 15) from within the jail (I believe). In the jailng code, I allow jails to be identified using a name (other than the hostname) when they are created, and that can later be used as a handle for signalling. Two of the concepts that are useful in jailng are (1) the ability to identify jails and manage them from the outside more easily, and (2) jailinit, which permits a jail to maintain a runlevel, meaning that you don't have to be 'in' a jail in order to start an orderly shutdown (as you can signal jailinit), not to mention introducing the notion of an orderly shutdown :-). Introducing a jailkill() based on a u_int32_t argument seems somewhat hackish to me; on the other hand, it does address a real need. I suspect a jailkill script of this sort is the answer for -STABLE, and that in -CURRENT, a more comprehensive solution would be better. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011125211141.74761G-100000>