Author: kevans
Date: Thu Aug 23 01:45:18 2018
New Revision: 338221
URL: https://svnweb.freebsd.org/changeset/base/338221
Log:
bectl(8): jail: Tear down jail by default after command exits
Add a -U flag to get back the old behavior. The new behavior is a little
more friendly to the common use cases, jail the BE and execute a script.
Having the jail torn down automatically when the script is finished, or when
you exit the shell, is a little more friendly than having to remember to
`bectl ujail`.
Batch mode (-b) will continue to leave the jail up, as it's assumed the
caller has other intentions.
Submitted by: Shawn Webb (partially)
Modified:
head/sbin/bectl/bectl.8
head/sbin/bectl/bectl.c
head/sbin/bectl/bectl_jail.c
Modified: head/sbin/bectl/bectl.8
==============================================================================
--- head/sbin/bectl/bectl.8 Thu Aug 23 01:42:45 2018 (r338220)
+++ head/sbin/bectl/bectl.8 Thu Aug 23 01:45:18 2018 (r338221)
@@ -18,7 +18,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd August 17, 2018
+.Dd August 22, 2018
.Dt BECTL 8
.Os
.Sh NAME
@@ -50,7 +50,7 @@ import
.Ao Ar targetBe Ac
.Nm
jail
-.Op Fl b
+.Op Fl b | Fl U
.Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ...
.Ao Ar jailID | jailName Ac
.Ao Ar bootenv Ac
@@ -148,6 +148,7 @@ Import
from
.Dv stdin .
.It Ic jail
+.Op Fl b | Fl U
.Oo Fl o Ar key Ns = Ns Ar value | Fl u Ar key Oc Ns ...
.Ao Ar jailID | jailName Ac
.Ao Ar bootenv Ac
@@ -172,10 +173,17 @@ If
.Ar utility
is specified, it will be executed instead of
.Pa /bin/sh .
+The jail will be destroyed and the boot environment unmounted when the command
+finishes executing, unless the
+.Fl U
+argument is specified.
.Pp
The
.Fl b
argument enables batch mode, thereby disabling interactive mode.
+The
+.Fl U
+argument will be ignored in batch mode.
.Pp
The
.Va name ,
Modified: head/sbin/bectl/bectl.c
==============================================================================
--- head/sbin/bectl/bectl.c Thu Aug 23 01:42:45 2018 (r338220)
+++ head/sbin/bectl/bectl.c Thu Aug 23 01:45:18 2018 (r338221)
@@ -77,7 +77,7 @@ usage(bool explicit)
#if SOON
"\tbectl add (path)*\n"
#endif
- "\tbectl jail [-b] [ -o key=value | -u key ]... bootenv [utility
[argument ...]]\n"
+ "\tbectl jail [-b | -U] [ -o key=value | -u key ]... bootenv
[utility [argument ...]]\n"
"\tbectl list [-a] [-D] [-H] [-s]\n"
"\tbectl mount beName [mountpoint]\n"
"\tbectl rename origBeName newBeName\n"
Modified: head/sbin/bectl/bectl_jail.c
==============================================================================
--- head/sbin/bectl/bectl_jail.c Thu Aug 23 01:42:45 2018
(r338220)
+++ head/sbin/bectl/bectl_jail.c Thu Aug 23 01:45:18 2018
(r338221)
@@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <sys/jail.h>
#include <sys/mount.h>
+#include <sys/wait.h>
#include <err.h>
#include <jail.h>
#include <stdbool.h>
@@ -179,10 +180,11 @@ int
bectl_cmd_jail(int argc, char *argv[])
{
char *bootenv, *mountpoint;
- int jflags, jid, opt, ret;
- bool default_hostname, default_name, interactive;
+ int jid, opt, ret;
+ bool default_hostname, default_name, interactive, unjail;
+ pid_t pid;
- default_hostname = default_name = interactive = true;
+ default_hostname = default_name = interactive = unjail = true;
jpcnt = INIT_PARAMCOUNT;
jp = malloc(jpcnt * sizeof(*jp));
if (jp == NULL)
@@ -193,7 +195,7 @@ bectl_cmd_jail(int argc, char *argv[])
jailparam_add("allow.mount.devfs", "true");
jailparam_add("enforce_statfs", "1");
- while ((opt = getopt(argc, argv, "bo:u:")) != -1) {
+ while ((opt = getopt(argc, argv, "bo:Uu:")) != -1) {
switch (opt) {
case 'b':
interactive = false;
@@ -210,6 +212,9 @@ bectl_cmd_jail(int argc, char *argv[])
default_hostname = false;
}
break;
+ case 'U':
+ unjail = false;
+ break;
case 'u':
if ((ret = jailparam_delarg(optarg)) == 0) {
if (strcmp(optarg, "name") == 0)
@@ -259,16 +264,14 @@ bectl_cmd_jail(int argc, char *argv[])
if (default_hostname)
jailparam_add("host.hostname", bootenv);
- jflags = JAIL_CREATE;
- if (interactive)
- jflags |= JAIL_ATTACH;
/*
* This is our indicator that path was not set by the user, so we'll use
* the path that libbe generated for us.
*/
if (mountpoint == NULL)
jailparam_add("path", mnt_loc);
- jid = jailparam_set(jp, jpused, jflags);
+ /* Create the jail for now, attach later as-needed */
+ jid = jailparam_set(jp, jpused, JAIL_CREATE);
if (jid == -1) {
fprintf(stderr, "unable to create jail. error: %d\n", errno);
return (1);
@@ -277,14 +280,34 @@ bectl_cmd_jail(int argc, char *argv[])
jailparam_free(jp, jpused);
free(jp);
- if (interactive) {
+ /* We're not interactive, nothing more to do here. */
+ if (!interactive)
+ return (0);
+
+ pid = fork();
+ switch(pid) {
+ case -1:
+ perror("fork");
+ return (1);
+ case 0:
+ jail_attach(jid);
/* We're attached within the jail... good bye! */
chdir("/");
if (argc > 1)
execve(argv[1], &argv[1], NULL);
else
execl("/bin/sh", "/bin/sh", NULL);
- return (1);
+ fprintf(stderr, "bectl jail: failed to execute %s\n",
+ (argc > 1 ? argv[1] : "/bin/sh"));
+ _exit(1);
+ default:
+ /* Wait for the child to get back, see if we need to unjail */
+ waitpid(pid, NULL, 0);
+ }
+
+ if (unjail) {
+ jail_remove(jid);
+ unmount(mnt_loc, 0);
}
return (0);
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
