From owner-svn-src-head@FreeBSD.ORG  Fri Feb  6 17:54:56 2015
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 0CA3C35E;
 Fri,  6 Feb 2015 17:54:56 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E1A27634;
 Fri,  6 Feb 2015 17:54:55 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
 by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t16HstWc042760;
 Fri, 6 Feb 2015 17:54:55 GMT (envelope-from jamie@FreeBSD.org)
Received: (from jamie@localhost)
 by svn.freebsd.org (8.14.9/8.14.9/Submit) id t16HssXU042750;
 Fri, 6 Feb 2015 17:54:54 GMT (envelope-from jamie@FreeBSD.org)
Message-Id: <201502061754.t16HssXU042750@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: jamie set sender to
 jamie@FreeBSD.org using -f
From: Jamie Gritton <jamie@FreeBSD.org>
Date: Fri, 6 Feb 2015 17:54:54 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r278323 - in head: etc/rc.d usr.sbin/jail
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Feb 2015 17:54:56 -0000

Author: jamie
Date: Fri Feb  6 17:54:53 2015
New Revision: 278323
URL: https://svnweb.freebsd.org/changeset/base/278323

Log:
  Add mount.procfs jail parameter, so procfs can be mounted when a prison's
  root is in its fstab.
  
  Also fix a typo while I'm at it.
  
  PR:		197237 197066
  MFC after:	3 days

Modified:
  head/etc/rc.d/jail
  head/usr.sbin/jail/command.c
  head/usr.sbin/jail/config.c
  head/usr.sbin/jail/jail.8
  head/usr.sbin/jail/jail.c
  head/usr.sbin/jail/jailp.h

Modified: head/etc/rc.d/jail
==============================================================================
--- head/etc/rc.d/jail	Fri Feb  6 17:43:13 2015	(r278322)
+++ head/etc/rc.d/jail	Fri Feb  6 17:54:53 2015	(r278323)
@@ -28,7 +28,7 @@ extra_commands="config console status"
 
 need_dad_wait=
 
-# extact_var jail name param num defval
+# extract_var jail name param num defval
 #	Extract value from ${jail_$jail_$name} or ${jail_$name} and
 #	set it to $param.  If not defined, $defval is used.
 #	When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and
@@ -233,8 +233,7 @@ parse_options()
 		fi
 		eval : \${jail_${_j}_procfs_enable:=${jail_procfs_enable:-NO}}
 		if checkyesno jail_${_j}_procfs_enable; then
-			echo "	mount += " \
-			    "\"procfs ${_rootdir%/}/proc procfs rw 0 0\";"
+			echo "	mount.procfs;"
 		fi
 
 		eval : \${jail_${_j}_mount_enable:=${jail_mount_enable:-NO}}

Modified: head/usr.sbin/jail/command.c
==============================================================================
--- head/usr.sbin/jail/command.c	Fri Feb  6 17:43:13 2015	(r278322)
+++ head/usr.sbin/jail/command.c	Fri Feb  6 17:54:53 2015	(r278323)
@@ -112,6 +112,12 @@ next_command(struct cfjail *j)
 				if (!bool_param(j->intparams[IP_MOUNT_FDESCFS]))
 					continue;
 				j->comstring = &dummystring;
+				break;
+			case IP_MOUNT_PROCFS:
+				if (!bool_param(j->intparams[IP_MOUNT_PROCFS]))
+					continue;
+				j->comstring = &dummystring;
+				break;
 			case IP__OP:
 			case IP_STOP_TIMEOUT:
 				j->comstring = &dummystring;
@@ -528,6 +534,32 @@ run_command(struct cfjail *j)
 		}
 		break;
 
+	case IP_MOUNT_PROCFS:
+		argv = alloca(7 * sizeof(char *));
+		path = string_param(j->intparams[KP_PATH]);
+		if (path == NULL) {
+			jail_warnx(j, "mount.procfs: no path");
+			return -1;
+		}
+		devpath = alloca(strlen(path) + 6);
+		sprintf(devpath, "%s/proc", path);
+		if (check_path(j, "mount.procfs", devpath, 0,
+		    down ? "procfs" : NULL) < 0)
+			return -1;
+		if (down) {
+			argv[0] = "/sbin/umount";
+			argv[1] = devpath;
+			argv[2] = NULL;
+		} else {
+			argv[0] = _PATH_MOUNT;
+			argv[1] = "-t";
+			argv[2] = "procfs";
+			argv[3] = ".";
+			argv[4] = devpath;
+			argv[5] = NULL;
+		}
+		break;
+
 	case IP_COMMAND:
 		if (j->name != NULL)
 			goto default_command;

Modified: head/usr.sbin/jail/config.c
==============================================================================
--- head/usr.sbin/jail/config.c	Fri Feb  6 17:43:13 2015	(r278322)
+++ head/usr.sbin/jail/config.c	Fri Feb  6 17:54:53 2015	(r278323)
@@ -84,6 +84,7 @@ static const struct ipspec intparams[] =
     [IP_MOUNT] =		{"mount",		PF_INTERNAL | PF_REV},
     [IP_MOUNT_DEVFS] =		{"mount.devfs",		PF_INTERNAL | PF_BOOL},
     [IP_MOUNT_FDESCFS] =	{"mount.fdescfs",	PF_INTERNAL | PF_BOOL},
+    [IP_MOUNT_PROCFS] =		{"mount.procfs",	PF_INTERNAL | PF_BOOL},
     [IP_MOUNT_FSTAB] =		{"mount.fstab",		PF_INTERNAL},
     [IP_STOP_TIMEOUT] =		{"stop.timeout",	PF_INTERNAL | PF_INT},
     [IP_VNET_INTERFACE] =	{"vnet.interface",	PF_INTERNAL},

Modified: head/usr.sbin/jail/jail.8
==============================================================================
--- head/usr.sbin/jail/jail.8	Fri Feb  6 17:43:13 2015	(r278322)
+++ head/usr.sbin/jail/jail.8	Fri Feb  6 17:54:53 2015	(r278323)
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 28, 2015
+.Dd February 6, 2015
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -753,6 +753,12 @@ Mount a
 filesystem on the chrooted
 .Pa /dev/fd
 directory.
+.It Va mount.procfs
+Mount a
+.Xr procfs 5
+filesystem on the chrooted
+.Pa /proc
+directory.
 .It Va allow.dying
 Allow making changes to a
 .Va dying
@@ -1207,6 +1213,7 @@ environment of the first jail.
 .Xr jls 8 ,
 .Xr mount 8 ,
 .Xr named 8 ,
+.Xr procfs 5 ,
 .Xr reboot 8 ,
 .Xr rpcbind 8 ,
 .Xr sendmail 8 ,

Modified: head/usr.sbin/jail/jail.c
==============================================================================
--- head/usr.sbin/jail/jail.c	Fri Feb  6 17:43:13 2015	(r278322)
+++ head/usr.sbin/jail/jail.c	Fri Feb  6 17:54:53 2015	(r278323)
@@ -93,6 +93,7 @@ static const enum intparam startcommands
     IP__MOUNT_FROM_FSTAB,
     IP_MOUNT_DEVFS,
     IP_MOUNT_FDESCFS,
+    IP_MOUNT_PROCFS,
     IP_EXEC_PRESTART, 
     IP__OP,
     IP_VNET_INTERFACE,
@@ -109,6 +110,7 @@ static const enum intparam stopcommands[
     IP_STOP_TIMEOUT,
     IP__OP,
     IP_EXEC_POSTSTOP,
+    IP_MOUNT_PROCFS,
     IP_MOUNT_FDESCFS,
     IP_MOUNT_DEVFS,
     IP__MOUNT_FROM_FSTAB,

Modified: head/usr.sbin/jail/jailp.h
==============================================================================
--- head/usr.sbin/jail/jailp.h	Fri Feb  6 17:43:13 2015	(r278322)
+++ head/usr.sbin/jail/jailp.h	Fri Feb  6 17:54:53 2015	(r278323)
@@ -96,6 +96,7 @@ enum intparam {
 	IP_MOUNT,		/* Mount points in fstab(5) form */
 	IP_MOUNT_DEVFS,		/* Mount /dev under prison root */
 	IP_MOUNT_FDESCFS,	/* Mount /dev/fd under prison root */
+	IP_MOUNT_PROCFS,	/* Mount /proc under prison root */
 	IP_MOUNT_FSTAB,		/* A standard fstab(5) file */
 	IP_STOP_TIMEOUT,	/* Time to wait after sending SIGTERM */
 	IP_VNET_INTERFACE,	/* Assign interface(s) to vnet jail */