MFC 256385:

- Add mount.fdescfs parameter to jail(8). This is similar to
  mount.devfs but mounts fdescfs.  The mount happens just after
  mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
  fails to start.

Approved by:	re (gjb)

1 files changed, 32 insertions, 1 deletions

diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c
index 452a079..04a4514 100644
--- a/usr.sbin/jail/command.c
+++ b/usr.sbin/jail/command.c
@@ -106,7 +106,12 @@ next_command(struct cfjail *j)
 			case IP_MOUNT_DEVFS:
 				if (!bool_param(j->intparams[IP_MOUNT_DEVFS]))
 					continue;
-				/* FALLTHROUGH */
+				j->comstring = &dummystring;
+				break;
+			case IP_MOUNT_FDESCFS:
+				if (!bool_param(j->intparams[IP_MOUNT_FDESCFS]))
+					continue;
+				j->comstring = &dummystring;
 			case IP__OP:
 			case IP_STOP_TIMEOUT:
 				j->comstring = &dummystring;
@@ -452,6 +457,32 @@ run_command(struct cfjail *j)
 		}
 		break;
 
+	case IP_MOUNT_FDESCFS:
+		argv = alloca(7 * sizeof(char *));
+		path = string_param(j->intparams[KP_PATH]);
+		if (path == NULL) {
+			jail_warnx(j, "mount.fdescfs: no path");
+			return -1;
+		}
+		devpath = alloca(strlen(path) + 8);
+		sprintf(devpath, "%s/dev/fd", path);
+		if (check_path(j, "mount.fdescfs", devpath, 0,
+		    down ? "fdescfs" : NULL) < 0)
+			return -1;
+		if (down) {
+			*(const char **)&argv[0] = "/sbin/umount";
+			argv[1] = devpath;
+			argv[2] = NULL;
+		} else {
+			*(const char **)&argv[0] = _PATH_MOUNT;
+			*(const char **)&argv[1] = "-t";
+			*(const char **)&argv[2] = "fdescfs";
+			*(const char **)&argv[3] = ".";
+			argv[4] = devpath;
+			argv[5] = NULL;
+		}
+		break;
+
 	case IP_COMMAND:
 		if (j->name != NULL)
 			goto default_command;