From owner-freebsd-bugs@FreeBSD.ORG Mon Dec 5 19:20:06 2005 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBB1E16A424 for ; Mon, 5 Dec 2005 19:20:06 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D25E43D60 for ; Mon, 5 Dec 2005 19:20:03 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id jB5JK311007426 for ; Mon, 5 Dec 2005 19:20:03 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id jB5JK3Ol007425; Mon, 5 Dec 2005 19:20:03 GMT (envelope-from gnats) Resent-Date: Mon, 5 Dec 2005 19:20:03 GMT Resent-Message-Id: <200512051920.jB5JK3Ol007425@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Lanny Jason Godsey Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E019116A429 for ; Mon, 5 Dec 2005 19:13:53 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B72243D69 for ; Mon, 5 Dec 2005 19:13:53 +0000 (GMT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id jB5JDqpj052713 for ; Mon, 5 Dec 2005 19:13:52 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id jB5JDqgs052712; Mon, 5 Dec 2005 19:13:52 GMT (envelope-from nobody) Message-Id: <200512051913.jB5JDqgs052712@www.freebsd.org> Date: Mon, 5 Dec 2005 19:13:52 GMT From: Lanny Jason Godsey To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-2.3 Cc: Subject: misc/89989: Add option to /usr/sbin/jail: -I (ASCII 73) PID to specify tryprid within jail(2) X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Dec 2005 19:20:07 -0000 >Number: 89989 >Category: misc >Synopsis: Add option to /usr/sbin/jail: -I (ASCII 73) PID to specify tryprid within jail(2) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Dec 05 19:20:03 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Lanny Jason Godsey >Release: 6.0-RELEASE >Organization: >Environment: FreeBSD ne1.yournix.com 6.0-RELEASE FreeBSD 6.0-RELEASE #6: Mon Dec 5 11:48:50 EST 2005 root@ne1.yournix.com:/usr/obj/usr/src/sys/YOURNIX i386 >Description: Add option to /usr/sbin/jail: -I (ASCII 73) PID to specify tryprid within jail(2) On my system, I have multiple jails, one for each service. The bind jail has JID 53, apache JID 80, mysql 3306. I submitted another patch to allow -J to the JID and other info to a file. I use these together to help make my life a little easier. Example: jexec 53 /etc/rc.d/named restart Forgive me for including my last patch (-J) in here, I'm not sure how to seperate the changes within RELENG_6_0 which I use for /usr/src. The second set is against HEAD and is UNTESTED. jail(8) man entry: -I JID Request jail start with jail identifier (JID). Normal behavior begins JID with 1. >How-To-Repeat: >Fix: -- begin RELENG_6_0 cvs diff -u -- Index: sys/kern/kern_jail.c =================================================================== RCS file: /usr/ncvs/src/sys/kern/kern_jail.c,v retrieving revision 1.50 diff -u -r1.50 kern_jail.c --- sys/kern/kern_jail.c 23 Jun 2005 22:13:28 -0000 1.50 +++ sys/kern/kern_jail.c 5 Dec 2005 17:18:53 -0000 @@ -140,7 +140,12 @@ /* Determine next pr_id and add prison to allprison list. */ mtx_lock(&allprison_mtx); - tryprid = lastprid + 1; + /* Use j.tryprid as starting point if requested. */ + if (j.tryprid > 1 && j.tryprid < JAIL_MAX) { + tryprid = j.tryprid; + } else { + tryprid = lastprid + 1; + } if (tryprid == JAIL_MAX) tryprid = 1; next: Index: sys/sys/jail.h =================================================================== RCS file: /usr/ncvs/src/sys/sys/jail.h,v retrieving revision 1.26 diff -u -r1.26 jail.h --- sys/sys/jail.h 9 Jun 2005 18:49:19 -0000 1.26 +++ sys/sys/jail.h 5 Dec 2005 14:48:18 -0000 @@ -18,6 +18,7 @@ char *path; char *hostname; u_int32_t ip_number; + int tryprid; }; struct xprison { Index: usr.sbin/jail/jail.8 =================================================================== RCS file: /usr/ncvs/src/usr.sbin/jail/jail.8,v retrieving revision 1.67.2.3 diff -u -r1.67.2.3 jail.8 --- usr.sbin/jail/jail.8 24 Sep 2005 01:59:39 -0000 1.67.2.3 +++ usr.sbin/jail/jail.8 5 Dec 2005 17:41:55 -0000 @@ -53,6 +53,11 @@ .Bl -tag -width ".Fl u Ar username" .It Fl i Output the jail identifier of the newly created jail. +.It Fl I Ar JID +Request jail(2) start with jail identifier (JID). Normal behavior begins JID with 1. +.It Fl J Ar JidFile +Write a JidFile, like a PidFile, containing JID, path, hostname, ip and +command used to start the jail. .It Fl l Run program in the clean environment. The environment is discarded except for Index: usr.sbin/jail/jail.c =================================================================== RCS file: /usr/ncvs/src/usr.sbin/jail/jail.c,v retrieving revision 1.20 diff -u -r1.20 jail.c --- usr.sbin/jail/jail.c 17 Nov 2004 10:01:48 -0000 1.20 +++ usr.sbin/jail/jail.c 5 Dec 2005 17:24:55 -0000 @@ -54,19 +54,29 @@ struct passwd *pwd = NULL; struct in_addr in; gid_t groups[NGROUPS]; - int ch, i, iflag, lflag, ngroups, uflag, Uflag; - char path[PATH_MAX], *username; + int ch, i, iflag, Iflag, tryprid, Jflag, lflag, ngroups, uflag, Uflag; + char path[PATH_MAX], *username, *JidFile; static char *cleanenv; const char *shell, *p = NULL; + FILE *fp; - iflag = lflag = uflag = Uflag = 0; - username = cleanenv = NULL; + iflag = Iflag = tryprid = Jflag = lflag = uflag = Uflag = 0; + username = JidFile = cleanenv = NULL; + fp = NULL; - while ((ch = getopt(argc, argv, "ilu:U:")) != -1) { + while ((ch = getopt(argc, argv, "ilu:U:J:I:")) != -1) { switch (ch) { case 'i': iflag = 1; break; + case 'I': + tryprid = atoi(optarg); + Iflag = 1; + break; + case 'J': + JidFile = optarg; + Jflag = 1; + break; case 'u': username = optarg; uflag = 1; @@ -103,6 +113,18 @@ if (inet_aton(argv[2], &in) == 0) errx(1, "Could not make sense of ip-number: %s", argv[2]); j.ip_number = ntohl(in.s_addr); + if (Iflag) { + if (tryprid > 1) { + j.tryprid = tryprid; + } else { + errx(1, "Requested JID out of range: %d", tryprid); + } + } + if (Jflag) { + fp = fopen(JidFile, "w"); + if (fp == NULL) + errx(1, "Could not create jid_file: %s", JidFile); + } i = jail(&j); if (i == -1) err(1, "jail"); @@ -110,6 +132,15 @@ printf("%d\n", i); fflush(stdout); } + if (Jflag) { + if (fp != NULL) { + fprintf(fp, "%d\t%s\t%s\t%s\t%s\n", + i, j.path, j.hostname, argv[2], argv[3]); + (void)fclose(fp); + } else { + errx(1, "Could not write jid_file: %s", JidFile); + } + } if (username != NULL) { if (Uflag) GET_USER_INFO; @@ -149,7 +180,7 @@ { (void)fprintf(stderr, "%s%s\n", - "usage: jail [-i] [-l -u username | -U username]", + "usage: jail [-i] [-I JID] [-J jid_file] [-l -u username | -U username]", " path hostname ip-number command ..."); exit(1); } -- end here -- -- Begin HEAD cvs diff -u here -- Index: sys/kern/kern_jail.c =================================================================== RCS file: /usr/ncvs/src/sys/kern/kern_jail.c,v retrieving revision 1.51 diff -u -r1.51 kern_jail.c --- sys/kern/kern_jail.c 28 Sep 2005 00:30:56 -0000 1.51 +++ sys/kern/kern_jail.c 5 Dec 2005 17:46:19 -0000 @@ -139,7 +139,12 @@ /* Determine next pr_id and add prison to allprison list. */ mtx_lock(&allprison_mtx); - tryprid = lastprid + 1; + /* Use j.tryprid as starting point if requested. */ + if (j.tryprid > 1 && j.tryprid < JAIL_MAX) { + tryprid = j.tryprid; + } else { + tryprid = lastprid + 1; + } if (tryprid == JAIL_MAX) tryprid = 1; next: Index: sys/sys/jail.h =================================================================== RCS file: /usr/ncvs/src/sys/sys/jail.h,v retrieving revision 1.26 diff -u -r1.26 jail.h --- sys/sys/jail.h 9 Jun 2005 18:49:19 -0000 1.26 +++ sys/sys/jail.h 5 Dec 2005 17:46:27 -0000 @@ -18,6 +18,7 @@ char *path; char *hostname; u_int32_t ip_number; + int tryprid; }; struct xprison { Index: usr.sbin/jail/jail.8 =================================================================== RCS file: /usr/ncvs/src/usr.sbin/jail/jail.8,v retrieving revision 1.72 diff -u -r1.72 jail.8 --- usr.sbin/jail/jail.8 3 Dec 2005 17:32:39 -0000 1.72 +++ usr.sbin/jail/jail.8 5 Dec 2005 17:46:45 -0000 @@ -54,6 +54,8 @@ .Bl -tag -width ".Fl u Ar username" .It Fl i Output the jail identifier of the newly created jail. +.It Fl I Ar JID +Request jail(2) start with jail identifier (JID). Normal behavior begins JID with 1. .It Fl J Ar jid_file Write a JidFile, like a PidFile, containing jailid, path, hostname, ip and command used to start the jail. Index: usr.sbin/jail/jail.c =================================================================== RCS file: /usr/ncvs/src/usr.sbin/jail/jail.c,v retrieving revision 1.21 diff -u -r1.21 jail.c --- usr.sbin/jail/jail.c 3 Dec 2005 17:32:39 -0000 1.21 +++ usr.sbin/jail/jail.c 5 Dec 2005 17:46:45 -0000 @@ -54,21 +54,25 @@ struct passwd *pwd = NULL; struct in_addr in; gid_t groups[NGROUPS]; - int ch, i, iflag, Jflag, lflag, ngroups, uflag, Uflag; + int ch, i, iflag, Iflag, tryprid, Jflag, lflag, ngroups, uflag, Uflag; char path[PATH_MAX], *username, *JidFile; static char *cleanenv; const char *shell, *p = NULL; FILE *fp; - iflag = Jflag = lflag = uflag = Uflag = 0; + iflag = Iflag = tryprid = Jflag = lflag = uflag = Uflag = 0; username = JidFile = cleanenv = NULL; fp = NULL; - while ((ch = getopt(argc, argv, "ilu:U:J:")) != -1) { + while ((ch = getopt(argc, argv, "ilu:U:J:I:")) != -1) { switch (ch) { case 'i': iflag = 1; break; + case 'I': + tryprid = atoi(optarg); + Iflag = 1; + break; case 'J': JidFile = optarg; Jflag = 1; @@ -109,6 +113,13 @@ if (inet_aton(argv[2], &in) == 0) errx(1, "Could not make sense of ip-number: %s", argv[2]); j.ip_number = ntohl(in.s_addr); + if (Iflag) { + if (tryprid > 1) { + j.tryprid = tryprid; + } else { + errx(1, "Requested JID out of range: %d", tryprid); + } + } if (Jflag) { fp = fopen(JidFile, "w"); if (fp == NULL) @@ -169,7 +180,7 @@ { (void)fprintf(stderr, "%s%s\n", - "usage: jail [-i] [-J jid_file] [-l -u username | -U username]", + "usage: jail [-i] [-I JID] [-J jid_file] [-l -u username | -U username]", " path hostname ip-number command ..."); exit(1); } -- end here -- >Release-Note: >Audit-Trail: >Unformatted: