Author: jamie
Date: Fri Jul 6 19:10:11 2018
New Revision: 336040
URL: https://svnweb.freebsd.org/changeset/base/336040
Log:
MFC r335921:
Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't work
with names.
PR: 229266
Differential Revision: D16047
Modified:
stable/11/lib/libugidfw/ugidfw.c
stable/11/sbin/ipfw/Makefile
stable/11/sbin/ipfw/ipfw.8
stable/11/sbin/ipfw/ipfw2.c
stable/11/usr.bin/cpuset/Makefile
stable/11/usr.bin/cpuset/cpuset.1
stable/11/usr.bin/cpuset/cpuset.c
stable/11/usr.bin/sockstat/Makefile
stable/11/usr.bin/sockstat/sockstat.1
stable/11/usr.bin/sockstat/sockstat.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/11/lib/libugidfw/ugidfw.c
==============================================================================
--- stable/11/lib/libugidfw/ugidfw.c Fri Jul 6 19:10:07 2018
(r336039)
+++ stable/11/lib/libugidfw/ugidfw.c Fri Jul 6 19:10:11 2018
(r336040)
@@ -32,9 +32,11 @@
*/
#include <sys/param.h>
#include <sys/errno.h>
+#include <sys/jail.h>
#include <sys/time.h>
#include <sys/sysctl.h>
#include <sys/ucred.h>
+#include <sys/uio.h>
#include <sys/mount.h>
#include <security/mac_bsdextended/mac_bsdextended.h>
@@ -598,16 +600,45 @@ bsde_parse_gidrange(char *spec, gid_t *min, gid_t *max
}
static int
+bsde_get_jailid(const char *name, size_t buflen, char *errstr)
+{
+ char *ep;
+ int jid;
+ struct iovec jiov[4];
+
+ /* Copy jail_getid(3) instead of messing with library dependancies */
+ jid = strtoul(name, &ep, 10);
+ if (*name && !*ep)
+ return jid;
+ jiov[0].iov_base = __DECONST(char *, "name");
+ jiov[0].iov_len = sizeof("name");
+ jiov[1].iov_len = strlen(name) + 1;
+ jiov[1].iov_base = alloca(jiov[1].iov_len);
+ strcpy(jiov[1].iov_base, name);
+ if (errstr && buflen) {
+ jiov[2].iov_base = __DECONST(char *, "errmsg");
+ jiov[2].iov_len = sizeof("errmsg");
+ jiov[3].iov_base = errstr;
+ jiov[3].iov_len = buflen;
+ errstr[0] = 0;
+ jid = jail_get(jiov, 4, 0);
+ if (jid < 0 && !errstr[0])
+ snprintf(errstr, buflen, "jail_get: %s",
+ strerror(errno));
+ } else
+ jid = jail_get(jiov, 2, 0);
+ return jid;
+}
+
+static int
bsde_parse_subject(int argc, char *argv[],
struct mac_bsdextended_subject *subject, size_t buflen, char *errstr)
{
int not_seen, flags;
int current, neg, nextnot;
- char *endp;
uid_t uid_min, uid_max;
gid_t gid_min, gid_max;
int jid = 0;
- long value;
current = 0;
flags = 0;
@@ -666,13 +697,9 @@ bsde_parse_subject(int argc, char *argv[],
snprintf(errstr, buflen, "one jail only");
return (-1);
}
- value = strtol(argv[current+1], &endp, 10);
- if (*endp != '\0') {
- snprintf(errstr, buflen, "invalid jid: '%s'",
- argv[current+1]);
+ jid = bsde_get_jailid(argv[current+1], buflen, errstr);
+ if (jid < 0)
return (-1);
- }
- jid = value;
flags |= MBS_PRISON_DEFINED;
if (nextnot) {
neg ^= MBS_PRISON_DEFINED;
Modified: stable/11/sbin/ipfw/Makefile
==============================================================================
--- stable/11/sbin/ipfw/Makefile Fri Jul 6 19:10:07 2018
(r336039)
+++ stable/11/sbin/ipfw/Makefile Fri Jul 6 19:10:11 2018
(r336040)
@@ -13,7 +13,7 @@ SRCS+= altq.c
CFLAGS+=-DPF
.endif
-LIBADD= util
+LIBADD= jail util
MAN= ipfw.8
.include <bsd.prog.mk>
Modified: stable/11/sbin/ipfw/ipfw.8
==============================================================================
--- stable/11/sbin/ipfw/ipfw.8 Fri Jul 6 19:10:07 2018 (r336039)
+++ stable/11/sbin/ipfw/ipfw.8 Fri Jul 6 19:10:11 2018 (r336040)
@@ -1,7 +1,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd June 28, 2018
+.Dd July 3, 2018
.Dt IPFW 8
.Os
.Sh NAME
@@ -1535,10 +1535,10 @@ Matches all TCP or UDP packets sent by or received for
A
.Ar group
may be specified by name or number.
-.It Cm jail Ar prisonID
+.It Cm jail Ar jail
Matches all TCP or UDP packets sent by or received for the
-jail whos prison ID is
-.Ar prisonID .
+jail whose ID or name is
+.Ar jail .
.It Cm icmptypes Ar types
Matches ICMP packets whose ICMP type is in the list
.Ar types .
Modified: stable/11/sbin/ipfw/ipfw2.c
==============================================================================
--- stable/11/sbin/ipfw/ipfw2.c Fri Jul 6 19:10:07 2018 (r336039)
+++ stable/11/sbin/ipfw/ipfw2.c Fri Jul 6 19:10:11 2018 (r336040)
@@ -32,6 +32,7 @@
#include <err.h>
#include <errno.h>
#include <grp.h>
+#include <jail.h>
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
@@ -4581,13 +4582,12 @@ read_options:
case TOK_JAIL:
NEED1("jail requires argument");
{
- char *end;
int jid;
cmd->opcode = O_JAIL;
- jid = (int)strtol(*av, &end, 0);
- if (jid < 0 || *end != '\0')
- errx(EX_DATAERR, "jail requires prison ID");
+ jid = jail_getid(*av);
+ if (jid < 0)
+ errx(EX_DATAERR, "%s", jail_errmsg);
cmd32->d[0] = (uint32_t)jid;
cmd->len |= F_INSN_SIZE(ipfw_insn_u32);
av++;
Modified: stable/11/usr.bin/cpuset/Makefile
==============================================================================
--- stable/11/usr.bin/cpuset/Makefile Fri Jul 6 19:10:07 2018
(r336039)
+++ stable/11/usr.bin/cpuset/Makefile Fri Jul 6 19:10:11 2018
(r336040)
@@ -2,4 +2,6 @@
PROG= cpuset
+LIBADD= jail
+
.include <bsd.prog.mk>
Modified: stable/11/usr.bin/cpuset/cpuset.1
==============================================================================
--- stable/11/usr.bin/cpuset/cpuset.1 Fri Jul 6 19:10:07 2018
(r336039)
+++ stable/11/usr.bin/cpuset/cpuset.1 Fri Jul 6 19:10:11 2018
(r336040)
@@ -25,7 +25,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd February 26, 2018
+.Dd July 3, 2018
.Dt CPUSET 1
.Os
.Sh NAME
@@ -48,11 +48,11 @@
.Nm
.Op Fl c
.Op Fl l Ar cpu-list
-.Op Fl j Ar jailid | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
+.Op Fl j Ar jail | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid | Fl x Ar irq
.Nm
.Fl g
.Op Fl cir
-.Op Fl d Ar domain | Fl j Ar jailid | Fl p Ar pid | Fl t Ar tid | Fl s Ar
setid | Fl x Ar irq
+.Op Fl d Ar domain | Fl j Ar jail | Fl p Ar pid | Fl t Ar tid | Fl s Ar setid
| Fl x Ar irq
.Sh DESCRIPTION
The
.Nm
@@ -63,7 +63,7 @@ about processor binding, sets, and available processor
.Nm
requires a target to modify or query.
The target may be specified as a command, process id, thread id, a
-cpuset id, an irq, a jail id, or a NUMA domain.
+cpuset id, an irq, a jail, or a NUMA domain.
Using
.Fl g
the target's set id or mask may be queried.
@@ -121,8 +121,8 @@ the id of the target.
When used with the
.Fl g
option print the id rather than the valid mask of the target.
-.It Fl j Ar jailid
-Specifies a jail id as the target of the operation.
+.It Fl j Ar jail
+Specifies a jail id or name as the target of the operation.
.It Fl l Ar cpu-list
Specifies a list of CPUs to apply to a target.
Specification may include
Modified: stable/11/usr.bin/cpuset/cpuset.c
==============================================================================
--- stable/11/usr.bin/cpuset/cpuset.c Fri Jul 6 19:10:07 2018
(r336039)
+++ stable/11/usr.bin/cpuset/cpuset.c Fri Jul 6 19:10:11 2018
(r336040)
@@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$");
#include <ctype.h>
#include <err.h>
#include <errno.h>
+#include <jail.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
@@ -233,7 +234,9 @@ main(int argc, char *argv[])
case 'j':
jflag = 1;
which = CPU_WHICH_JAIL;
- id = atoi(optarg);
+ id = jail_getid(optarg);
+ if (id < 0)
+ errx(EXIT_FAILURE, "%s", jail_errmsg);
break;
case 'l':
lflag = 1;
Modified: stable/11/usr.bin/sockstat/Makefile
==============================================================================
--- stable/11/usr.bin/sockstat/Makefile Fri Jul 6 19:10:07 2018
(r336039)
+++ stable/11/usr.bin/sockstat/Makefile Fri Jul 6 19:10:11 2018
(r336040)
@@ -2,4 +2,6 @@
PROG= sockstat
+LIBADD= jail
+
.include <bsd.prog.mk>
Modified: stable/11/usr.bin/sockstat/sockstat.1
==============================================================================
--- stable/11/usr.bin/sockstat/sockstat.1 Fri Jul 6 19:10:07 2018
(r336039)
+++ stable/11/usr.bin/sockstat/sockstat.1 Fri Jul 6 19:10:11 2018
(r336040)
@@ -27,7 +27,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd August 27, 2015
+.Dd July 3, 2018
.Dt SOCKSTAT 1
.Os
.Sh NAME
@@ -58,8 +58,8 @@ Show
(IPv6) sockets.
.It Fl c
Show connected sockets.
-.It Fl j Ar jid
-Show only sockets belonging to the specified jail ID.
+.It Fl j Ar jail
+Show only sockets belonging to the specified jail ID or name.
.It Fl L
Only show Internet sockets if the local and foreign addresses are not
in the loopback network prefix
Modified: stable/11/usr.bin/sockstat/sockstat.c
==============================================================================
--- stable/11/usr.bin/sockstat/sockstat.c Fri Jul 6 19:10:07 2018
(r336039)
+++ stable/11/usr.bin/sockstat/sockstat.c Fri Jul 6 19:10:11 2018
(r336040)
@@ -56,6 +56,7 @@ __FBSDID("$FreeBSD$");
#include <ctype.h>
#include <err.h>
#include <errno.h>
+#include <jail.h>
#include <netdb.h>
#include <pwd.h>
#include <stdarg.h>
@@ -1181,7 +1182,9 @@ main(int argc, char *argv[])
opt_c = 1;
break;
case 'j':
- opt_j = atoi(optarg);
+ opt_j = jail_getid(optarg);
+ if (opt_j < 0)
+ errx(1, "%s", jail_errmsg);
break;
case 'L':
opt_L = 1;
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
