From owner-freebsd-stable Sun Nov 25 18:17: 7 2001 Delivered-To: freebsd-stable@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id F025C37B417; Sun, 25 Nov 2001 18:16:56 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.6/8.11.5) with SMTP id fAQ2Gei81973; Sun, 25 Nov 2001 21:16:40 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sun, 25 Nov 2001 21:16:39 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Gregory Neil Shapiro Cc: Evan Sarmiento , freebsd-stable@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: jail patch In-Reply-To: <15361.9475.891401.44730@horsey.gshapiro.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 25 Nov 2001, Gregory Neil Shapiro wrote: > evms> I wrote this a while ago, but, if anyone is interested, please > evms> take a look: this module implements a system call that takes > evms> a u_int_32t. This system call, named killjail, kills all processes > evms> which belong to the jail which uses that particular IP address. > > evms> I included it in a tar with a makefile and with a program > evms> that uses it. (Eg: ./killjail 1.2.3.4) > > evms> http://www.sekt7.org/kjs.tar > > evms> Works on 4.4 but can be easily ported to 5.0. > > This can be done in userland without kernel interaction: > > #!/bin/sh > > EX_OK=0 > EX_USAGE=64 > > if [ "$1" = "" ] > then > echo "Usage: $0 jailname" > exit ${EX_USAGE} > fi > > pids=`grep -l " $1\$" /proc/*/status | awk -F/ '{print $3}'` > if [ "$pids" != "" ] > then > kill -15 $pids 2> /dev/null > fi > exit ${EX_OK} Note that there are a couple of caveats: (1) This only works well if jail.set_hostname_allowed is set to '0', or jails can rename themselves to avoid being killed, including to unfortunate names such as '-'. (2) This can be raced, unlike a kill(-1, 15) from within the jail (I believe). In the jailng code, I allow jails to be identified using a name (other than the hostname) when they are created, and that can later be used as a handle for signalling. Two of the concepts that are useful in jailng are (1) the ability to identify jails and manage them from the outside more easily, and (2) jailinit, which permits a jail to maintain a runlevel, meaning that you don't have to be 'in' a jail in order to start an orderly shutdown (as you can signal jailinit), not to mention introducing the notion of an orderly shutdown :-). Introducing a jailkill() based on a u_int32_t argument seems somewhat hackish to me; on the other hand, it does address a real need. I suspect a jailkill script of this sort is the answer for -STABLE, and that in -CURRENT, a more comprehensive solution would be better. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message