Date: Fri, 6 Feb 2015 21:18:58 -0800 From: Garrett Cooper <yaneurabeya@gmail.com> To: Jamie Gritton <jamie@freebsd.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers <src-committers@freebsd.org> Subject: Re: svn commit: r278323 - in head: etc/rc.d usr.sbin/jail Message-ID: <C12F653F-5697-4219-9BE6-838C5278DC09@gmail.com> In-Reply-To: <201502061754.t16HssXU042750@svn.freebsd.org> References: <201502061754.t16HssXU042750@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_5B8F74D2-0F6E-4589-B0BD-79FAE33C3A09 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Feb 6, 2015, at 9:54, Jamie Gritton <jamie@freebsd.org> wrote: > Author: jamie > Date: Fri Feb 6 17:54:53 2015 > New Revision: 278323 > URL: https://svnweb.freebsd.org/changeset/base/278323 >=20 > Log: > Add mount.procfs jail parameter, so procfs can be mounted when a = prison's > root is in its fstab. >=20 > Also fix a typo while I'm at it. >=20 > PR: 197237 197066 > MFC after: 3 days >=20 > Modified: > head/etc/rc.d/jail > head/usr.sbin/jail/command.c > head/usr.sbin/jail/config.c > head/usr.sbin/jail/jail.8 > head/usr.sbin/jail/jail.c > head/usr.sbin/jail/jailp.h >=20 > Modified: head/etc/rc.d/jail > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/etc/rc.d/jail Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/etc/rc.d/jail Fri Feb 6 17:54:53 2015 = (r278323) > @@ -28,7 +28,7 @@ extra_commands=3D"config console status" >=20 > need_dad_wait=3D >=20 > -# extact_var jail name param num defval > +# extract_var jail name param num defval > # Extract value from ${jail_$jail_$name} or ${jail_$name} and > # set it to $param. If not defined, $defval is used. > # When $num is [0-9]*, ${jail_$jail_$name$num} are looked up and > @@ -233,8 +233,7 @@ parse_options() > fi > eval : = \${jail_${_j}_procfs_enable:=3D${jail_procfs_enable:-NO}} > if checkyesno jail_${_j}_procfs_enable; then > - echo " mount +=3D " \ > - "\"procfs ${_rootdir%/}/proc procfs rw 0 = 0\";" > + echo " mount.procfs;" > fi >=20 > eval : = \${jail_${_j}_mount_enable:=3D${jail_mount_enable:-NO}} >=20 > Modified: head/usr.sbin/jail/command.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/command.c Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/command.c Fri Feb 6 17:54:53 2015 = (r278323) > @@ -112,6 +112,12 @@ next_command(struct cfjail *j) > if = (!bool_param(j->intparams[IP_MOUNT_FDESCFS])) > continue; > j->comstring =3D &dummystring; > + break; > + case IP_MOUNT_PROCFS: > + if = (!bool_param(j->intparams[IP_MOUNT_PROCFS])) > + continue; > + j->comstring =3D &dummystring; > + break; Did you intend on adding another break? The code would previously fall = through to the next case statement... > case IP__OP: > case IP_STOP_TIMEOUT: > j->comstring =3D &dummystring; > @@ -528,6 +534,32 @@ run_command(struct cfjail *j) > } > break; >=20 > + case IP_MOUNT_PROCFS: > + argv =3D alloca(7 * sizeof(char *)); > + path =3D string_param(j->intparams[KP_PATH]); > + if (path =3D=3D NULL) { > + jail_warnx(j, "mount.procfs: no path"); > + return -1; > + } > + devpath =3D alloca(strlen(path) + 6); > + sprintf(devpath, "%s/proc", path); > + if (check_path(j, "mount.procfs", devpath, 0, > + down ? "procfs" : NULL) < 0) > + return -1; > + if (down) { > + argv[0] =3D "/sbin/umount"; > + argv[1] =3D devpath; > + argv[2] =3D NULL; > + } else { > + argv[0] =3D _PATH_MOUNT; > + argv[1] =3D "-t"; > + argv[2] =3D "procfs"; > + argv[3] =3D "."; > + argv[4] =3D devpath; > + argv[5] =3D NULL; > + } > + break; > + > case IP_COMMAND: > if (j->name !=3D NULL) > goto default_command; >=20 > Modified: head/usr.sbin/jail/config.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/config.c Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/config.c Fri Feb 6 17:54:53 2015 = (r278323) > @@ -84,6 +84,7 @@ static const struct ipspec intparams[] =3D > [IP_MOUNT] =3D {"mount", PF_INTERNAL | = PF_REV}, > [IP_MOUNT_DEVFS] =3D {"mount.devfs", = PF_INTERNAL | PF_BOOL}, > [IP_MOUNT_FDESCFS] =3D {"mount.fdescfs", PF_INTERNAL | = PF_BOOL}, > + [IP_MOUNT_PROCFS] =3D {"mount.procfs", = PF_INTERNAL | PF_BOOL}, > [IP_MOUNT_FSTAB] =3D {"mount.fstab", = PF_INTERNAL}, > [IP_STOP_TIMEOUT] =3D {"stop.timeout", = PF_INTERNAL | PF_INT}, > [IP_VNET_INTERFACE] =3D {"vnet.interface", PF_INTERNAL}, >=20 > Modified: head/usr.sbin/jail/jail.8 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/jail.8 Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/jail.8 Fri Feb 6 17:54:53 2015 = (r278323) > @@ -25,7 +25,7 @@ > .\" > .\" $FreeBSD$ > .\" > -.Dd January 28, 2015 > +.Dd February 6, 2015 > .Dt JAIL 8 > .Os > .Sh NAME > @@ -753,6 +753,12 @@ Mount a > filesystem on the chrooted > .Pa /dev/fd > directory. > +.It Va mount.procfs > +Mount a > +.Xr procfs 5 > +filesystem on the chrooted > +.Pa /proc > +directory. > .It Va allow.dying > Allow making changes to a > .Va dying > @@ -1207,6 +1213,7 @@ environment of the first jail. > .Xr jls 8 , > .Xr mount 8 , > .Xr named 8 , > +.Xr procfs 5 , > .Xr reboot 8 , > .Xr rpcbind 8 , > .Xr sendmail 8 , >=20 > Modified: head/usr.sbin/jail/jail.c > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/jail.c Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/jail.c Fri Feb 6 17:54:53 2015 = (r278323) > @@ -93,6 +93,7 @@ static const enum intparam startcommands > IP__MOUNT_FROM_FSTAB, > IP_MOUNT_DEVFS, > IP_MOUNT_FDESCFS, > + IP_MOUNT_PROCFS, > IP_EXEC_PRESTART,=20 > IP__OP, > IP_VNET_INTERFACE, > @@ -109,6 +110,7 @@ static const enum intparam stopcommands[ > IP_STOP_TIMEOUT, > IP__OP, > IP_EXEC_POSTSTOP, > + IP_MOUNT_PROCFS, > IP_MOUNT_FDESCFS, > IP_MOUNT_DEVFS, > IP__MOUNT_FROM_FSTAB, >=20 > Modified: head/usr.sbin/jail/jailp.h > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > --- head/usr.sbin/jail/jailp.h Fri Feb 6 17:43:13 2015 = (r278322) > +++ head/usr.sbin/jail/jailp.h Fri Feb 6 17:54:53 2015 = (r278323) > @@ -96,6 +96,7 @@ enum intparam { > IP_MOUNT, /* Mount points in fstab(5) form */ > IP_MOUNT_DEVFS, /* Mount /dev under prison root */ > IP_MOUNT_FDESCFS, /* Mount /dev/fd under prison root */ > + IP_MOUNT_PROCFS, /* Mount /proc under prison root */ > IP_MOUNT_FSTAB, /* A standard fstab(5) file */ > IP_STOP_TIMEOUT, /* Time to wait after sending SIGTERM */ > IP_VNET_INTERFACE, /* Assign interface(s) to vnet jail */ >=20 --Apple-Mail=_5B8F74D2-0F6E-4589-B0BD-79FAE33C3A09 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJU1aBCAAoJEMZr5QU6S73e/oUH/iuXGJqEFbVXVaBRyaej41LA l4H31ffEFZ0GEh0v/Ukio64E1j0Et2BL6++kv8Y50IatJpsE0MoulXNgHjQiWffV ajj+tHIjFNch5ux/xpJ2gMGZ3crFHt4lXKsF60NKZh8kwejG0RQoo7k/S4zWX20Y vNf5xTBdG3VlJZ7fIGnHScdtIN1m6s0fC7wtmJwp7pmnq8dFKdeVfKL/46fwpYtS tZ5/u+16FV/LzxhtC8rB9ah4I+hdo5iSqBAiNAWDRWcpb7J+rB7a+mEsqvJMe/XI 7nosd3zdCdzm5u/yqH1ZswGasS+qslfEt9ZSeZlaYIFwH1khM962jh+uB+EEcjU= =EYsH -----END PGP SIGNATURE----- --Apple-Mail=_5B8F74D2-0F6E-4589-B0BD-79FAE33C3A09--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C12F653F-5697-4219-9BE6-838C5278DC09>