Date: Thu, 12 Sep 2019 18:53:29 +0000 (UTC) From: Michael Zhilin <mizhka@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r352263 - in head: etc/mtree usr.sbin/jail usr.sbin/jail/tests Message-ID: <201909121853.x8CIrTn6017343@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mizhka Date: Thu Sep 12 18:53:29 2019 New Revision: 352263 URL: https://svnweb.freebsd.org/changeset/base/352263 Log: [jail] removal by jid doesn't trigger pre/post stop scripts This commit fixes bug: command "jail -r" didn't trigger pre/post stop commands (and others) defined in config file if jid is specified insted of name. Also it adds basic tests for usr.sbin/jail to avoid regression. Reviewed by: jamie, kevans, ray MFC after: 5 days Differential Revision: https://reviews.freebsd.org/D21328 Added: head/usr.sbin/jail/tests/ head/usr.sbin/jail/tests/Makefile (contents, props changed) head/usr.sbin/jail/tests/commands.jail.conf (contents, props changed) head/usr.sbin/jail/tests/jail_basic_test.sh (contents, props changed) Modified: head/etc/mtree/BSD.tests.dist head/usr.sbin/jail/Makefile head/usr.sbin/jail/state.c Modified: head/etc/mtree/BSD.tests.dist ============================================================================== --- head/etc/mtree/BSD.tests.dist Thu Sep 12 18:51:59 2019 (r352262) +++ head/etc/mtree/BSD.tests.dist Thu Sep 12 18:53:29 2019 (r352263) @@ -1082,6 +1082,8 @@ .. fstyp .. + jail + .. makefs .. mixer Modified: head/usr.sbin/jail/Makefile ============================================================================== --- head/usr.sbin/jail/Makefile Thu Sep 12 18:51:59 2019 (r352262) +++ head/usr.sbin/jail/Makefile Thu Sep 12 18:53:29 2019 (r352263) @@ -24,4 +24,7 @@ CFLAGS+= -DINET CLEANFILES= y.output +HAS_TESTS= +SUBDIR.${MK_TESTS}+= tests + .include <bsd.prog.mk> Modified: head/usr.sbin/jail/state.c ============================================================================== --- head/usr.sbin/jail/state.c Thu Sep 12 18:51:59 2019 (r352262) +++ head/usr.sbin/jail/state.c Thu Sep 12 18:53:29 2019 (r352263) @@ -44,7 +44,7 @@ static void dep_add(struct cfjail *from, struct cfjail static int cmp_jailptr(const void *a, const void *b); static int cmp_jailptr_name(const void *a, const void *b); static struct cfjail *find_jail(const char *name); -static int running_jid(const char *name, int flags); +static struct cfjail *running_jail(const char *name, int flags); static struct cfjail **jails_byname; static size_t njails; @@ -72,7 +72,7 @@ dep_setup(int docf) if ((j = TAILQ_FIRST(&cfjails)) && (p = j->intparams[IP_DEPEND])) { TAILQ_FOREACH(s, &p->val, tq) { - if (running_jid(s->s, 0) < 0) { + if (running_jail(s->s, 0) == NULL) { warnx("depends on nonexistent jail " "\"%s\"", s->s); j->flags |= JF_FAILED; @@ -369,11 +369,7 @@ start_state(const char *target, int docf, unsigned sta j = find_jail(target); if (j == NULL && state == JF_STOP) { /* Allow -[rR] to specify a currently running jail. */ - if ((jid = running_jid(target, JAIL_DYING)) > 0) { - j = add_jail(); - j->name = estrdup(target); - j->jid = jid; - } + j = running_jail(target, JAIL_DYING); } if (j == NULL) { warnx("\"%s\" not found", target); @@ -446,6 +442,9 @@ static struct cfjail * find_jail(const char *name) { struct cfjail **jp; + + if (jails_byname == NULL) + return NULL; jp = bsearch(name, jails_byname, njails, sizeof(struct cfjail *), cmp_jailptr_name); @@ -453,26 +452,43 @@ find_jail(const char *name) } /* - * Return the named jail's jid if it is running, and -1 if it isn't. + * Return jail if it is running, and NULL if it isn't. */ -static int -running_jid(const char *name, int flags) +static struct cfjail * +running_jail(const char *name, int flags) { - struct iovec jiov[2]; + struct iovec jiov[4]; + struct cfjail *jail; char *ep; - int jid; - + char jailname[MAXHOSTNAMELEN]; + int jid, ret, len; + if ((jid = strtol(name, &ep, 10)) && !*ep) { - jiov[0].iov_base = __DECONST(char *, "jid"); - jiov[0].iov_len = sizeof("jid"); - jiov[1].iov_base = &jid; - jiov[1].iov_len = sizeof(jid); + memset(jailname,0,sizeof(jailname)); + len = sizeof(jailname); } else { - jiov[0].iov_base = __DECONST(char *, "name"); - jiov[0].iov_len = sizeof("name"); - jiov[1].iov_len = strlen(name) + 1; - jiov[1].iov_base = alloca(jiov[1].iov_len); - strcpy(jiov[1].iov_base, name); + strncpy(jailname, name,sizeof(jailname)); + len = strlen(name) + 1; + jid = 0; } - return jail_get(jiov, 2, flags); + + jiov[0].iov_base = __DECONST(char *, "jid"); + jiov[0].iov_len = sizeof("jid"); + jiov[1].iov_base = &jid; + jiov[1].iov_len = sizeof(jid); + jiov[2].iov_base = __DECONST(char *, "name"); + jiov[2].iov_len = sizeof("name"); + jiov[3].iov_base = &jailname; + jiov[3].iov_len = len; + + if ((ret = jail_get(jiov, 4, flags)) < 0) + return (NULL); + + if ((jail = find_jail(jailname)) == NULL) { + jail = add_jail(); + jail->name = estrdup(jailname); + jail->jid = ret; + } + + return (jail); } Added: head/usr.sbin/jail/tests/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/usr.sbin/jail/tests/Makefile Thu Sep 12 18:53:29 2019 (r352263) @@ -0,0 +1,9 @@ +# $FreeBSD$ + +PACKAGE= tests + +ATF_TESTS_SH+= jail_basic_test + +${PACKAGE}FILES+= commands.jail.conf + +.include <bsd.test.mk> Added: head/usr.sbin/jail/tests/commands.jail.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/usr.sbin/jail/tests/commands.jail.conf Thu Sep 12 18:53:29 2019 (r352263) @@ -0,0 +1,7 @@ +# $FreeBSD$ + +exec.prestop = "echo STOP"; +exec.prestart = "echo START"; +persist; + +basejail {} Added: head/usr.sbin/jail/tests/jail_basic_test.sh ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/usr.sbin/jail/tests/jail_basic_test.sh Thu Sep 12 18:53:29 2019 (r352263) @@ -0,0 +1,136 @@ +# +# SPDX-License-Identifier: BSD-2-Clause-FreeBSD +# +# Copyright (c) 2019 Michael Zhilin +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +# $FreeBSD$ + +atf_test_case "basic" "cleanup" +atf_test_case "nested" "cleanup" +atf_test_case "commands" "cleanup" + +basic_head() +{ + atf_set descr 'Basic jail test' + atf_set require.user root +} + +basic_body() +{ + # Create the jail + atf_check -s exit:0 -o ignore jail -c name=basejail persist ip4.addr=192.0.1.1 + # Check output of jls + atf_check -s exit:0 -o ignore jls + atf_check -s exit:0 -o ignore jls -v + atf_check -s exit:0 -o ignore jls -n + # Stop jail + atf_check -s exit:0 -o ignore jail -r basejail + jail -c name=basejail persist ip4.addr=192.0.1.1 + # Stop jail by jid + atf_check -s exit:0 -o ignore jail -r `jls -j basejail jid` + # Recreate + atf_check -s exit:0 -o ignore jail -cm name=basejail persist ip4.addr=192.0.1.1 + # Restart + atf_check -s exit:0 -o ignore jail -rc name=basejail persist ip4.addr=192.0.1.1 +} + +basic_cleanup() +{ + jail -r basejail +} + +nested_head() +{ + atf_set descr 'Hierarchical jails test' + atf_set require.user root +} + +nested_body() +{ + # Create the first jail + jail -c name=basejail persist ip4.addr=192.0.1.1 children.max=1 + atf_check -s exit:0 -o empty \ + jexec basejail \ + jail -c name=nestedjail persist ip4.addr=192.0.1.1 + + atf_check -s exit:1 -o empty -e inline:"jail: prison limit exceeded\n"\ + jexec basejail \ + jail -c name=secondnestedjail persist ip4.addr=192.0.1.1 + # Check output of jls + atf_check -s exit:0 -o ignore \ + jexec basejail jls + atf_check -s exit:0 -o ignore \ + jexec basejail jls -v + atf_check -s exit:0 -o ignore \ + jexec basejail jls -n + # Create jail with no child - children.max should be 0 by default + jail -c name=basejail_nochild persist ip4.addr=192.0.1.1 + atf_check -s exit:1 -o empty \ + -e inline:"jail: jail_set: Operation not permitted\n" \ + jexec basejail_nochild \ + jail -c name=nestedjail persist ip4.addr=192.0.1.1 +} + +nested_cleanup() +{ + jail -r nestedjail + jail -r basejail + jail -r basejail_nochild +} + +commands_header() +{ + atf_set descr 'Commands jail test' + atf_set require.user root +} + +commands_body() +{ + # exec.prestart + atf_check -s exit:0 -o inline:"START\n" \ + jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail + # exec.prestop by jailname + atf_check -s exit:0 -o inline:"STOP\n" \ + jail -f $(atf_get_srcdir)/commands.jail.conf -qr basejail + # exec.prestop by jid + jail -f $(atf_get_srcdir)/commands.jail.conf -qc basejail + atf_check -s exit:0 -o inline:"STOP\n" \ + jail -f $(atf_get_srcdir)/commands.jail.conf -qr `jls -j basejail jid` +} + +commands_cleanup() +{ + jls -j basejail > /dev/null 2>&1 + if [ $? -e 0 ] + then + jail -r basejail + fi +} + +atf_init_test_cases() +{ + atf_add_test_case "basic" + atf_add_test_case "nested" + atf_add_test_case "commands" +}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201909121853.x8CIrTn6017343>