diff options
| author | matteo <matteo@FreeBSD.org> | 2006-05-11 13:04:23 +0000 |
|---|---|---|
| committer | matteo <matteo@FreeBSD.org> | 2006-05-11 13:04:23 +0000 |
| commit | e3299095ec06bd390f18e58c9afdded62c00051b (patch) | |
| tree | f28ed71a1885530f1b3a69123acc6f5f02967058 /usr.sbin/jail/jail.c | |
| parent | ddd14f2cd2c6b7db82c8caa0c1bb7a4fcc5676cb (diff) | |
| download | FreeBSD-src-e3299095ec06bd390f18e58c9afdded62c00051b.zip FreeBSD-src-e3299095ec06bd390f18e58c9afdded62c00051b.tar.gz | |
Add the -s option to set jail's securelevel. This is useful for jails run with non-root privileges.
PR: bin/80242
MFC after: 2 weeks
Diffstat (limited to 'usr.sbin/jail/jail.c')
| -rw-r--r-- | usr.sbin/jail/jail.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c index 49caa52..1116ed6 100644 --- a/usr.sbin/jail/jail.c +++ b/usr.sbin/jail/jail.c @@ -12,6 +12,7 @@ __FBSDID("$FreeBSD$"); #include <sys/param.h> #include <sys/jail.h> +#include <sys/sysctl.h> #include <netinet/in.h> #include <arpa/inet.h> @@ -28,6 +29,7 @@ __FBSDID("$FreeBSD$"); #include <unistd.h> static void usage(void); +static void setsecurelevel(int level); extern char **environ; #define GET_USER_INFO do { \ @@ -58,13 +60,14 @@ main(int argc, char **argv) char path[PATH_MAX], *username, *JidFile; static char *cleanenv; const char *shell, *p = NULL; + int securelevel = -1; FILE *fp; iflag = Jflag = lflag = uflag = Uflag = 0; username = JidFile = cleanenv = NULL; fp = NULL; - while ((ch = getopt(argc, argv, "ilu:U:J:")) != -1) { + while ((ch = getopt(argc, argv, "ils:u:U:J:")) != -1) { switch (ch) { case 'i': iflag = 1; @@ -73,6 +76,9 @@ main(int argc, char **argv) JidFile = optarg; Jflag = 1; break; + case 's': + securelevel = (int) strtol(optarg, NULL, 0); + break; case 'u': username = optarg; uflag = 1; @@ -130,6 +136,8 @@ main(int argc, char **argv) errx(1, "Could not write JidFile: %s", JidFile); } } + if (securelevel > 0) + setsecurelevel(securelevel); if (username != NULL) { if (Uflag) GET_USER_INFO; @@ -168,8 +176,17 @@ static void usage(void) { - (void)fprintf(stderr, "%s%s\n", - "usage: jail [-i] [-J jid_file] [-l -u username | -U username]", + (void)fprintf(stderr, "%s%s%s\n", + "usage: jail [-i] [-J jid_file] [-s securelevel] [-l -u ", + "username | -U username]", " path hostname ip-number command ..."); exit(1); } + +static void +setsecurelevel(int level) { + if (sysctlbyname("kern.securelevel", NULL, 0, &level, sizeof(level))) + err(1, "Can not set securelevel to %d", level); + +} + |
