In preparation for using clang's -Wcast-qual:

Use __DECONST (instead of my own attempted re-invention) for the iov
parameters to jail_get/set(2).  Similarly remove the decost-ish hack
from execvp's argv, except the __DECONST is only added at very end.

While I'm at it, remove an unused variable and fix a comment typo.

3 files changed, 65 insertions, 67 deletions

diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c
index 0d1c898..6101e07 100644
--- a/usr.sbin/jail/command.c
+++ b/usr.sbin/jail/command.c
@@ -260,8 +260,8 @@ run_command(struct cfjail *j)
 	const struct passwd *pwd;
 	const struct cfstring *comstring, *s;
 	login_cap_t *lcap;
-	char **argv;
-	char *cs, *comcs, *devpath;
+	const char **argv;
+	char *acs, *cs, *comcs, *devpath;
 	const char *jidstr, *conslog, *path, *ruleset, *term, *username;
 	enum intparam comparam;
 	size_t comlen;
@@ -332,27 +332,26 @@ run_command(struct cfjail *j)
 		}
 
 		argv = alloca((8 + argc) * sizeof(char *));
-		*(const char **)&argv[0] = _PATH_IFCONFIG;
+		argv[0] = _PATH_IFCONFIG;
 		if ((cs = strchr(val, '|'))) {
-			argv[1] = alloca(cs - val + 1);
-			strlcpy(argv[1], val, cs - val + 1);
+			argv[1] = acs = alloca(cs - val + 1);
+			strlcpy(acs, val, cs - val + 1);
 			addr = cs + 1;
 		} else {
-			*(const char **)&argv[1] =
-			    string_param(j->intparams[IP_INTERFACE]);
+			argv[1] = string_param(j->intparams[IP_INTERFACE]);
 			addr = val;
 		}
-		*(const char **)&argv[2] = "inet";
+		argv[2] = "inet";
 		if (!(cs = strchr(addr, '/'))) {
 			argv[3] = addr;
-			*(const char **)&argv[4] = "netmask";
-			*(const char **)&argv[5] = "255.255.255.255";
+			argv[4] = "netmask";
+			argv[5] = "255.255.255.255";
 			argc = 6;
 		} else if (strchr(cs + 1, '.')) {
-			argv[3] = alloca(cs - addr + 1);
-			strlcpy(argv[3], addr, cs - addr + 1);
-			*(const char **)&argv[4] = "netmask";
-			*(const char **)&argv[5] = cs + 1;
+			argv[3] = acs = alloca(cs - addr + 1);
+			strlcpy(acs, addr, cs - addr + 1);
+			argv[4] = "netmask";
+			argv[5] = cs + 1;
 			argc = 6;
 		} else {
 			argv[3] = addr;
@@ -360,14 +359,15 @@ run_command(struct cfjail *j)
 		}
 
 		if (!down) {
-			for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
+			for (cs = strtok(extrap, " "); cs;
+			     cs = strtok(NULL, " ")) {
 				size_t len = strlen(cs) + 1;
-				argv[argc] = alloca(len);
-				strlcpy(argv[argc++], cs, len);
+				argv[argc++] = acs = alloca(len);
+				strlcpy(acs, cs, len);
 			}
 		}
 
-		*(const char **)&argv[argc] = down ? "-alias" : "alias";
+		argv[argc] = down ? "-alias" : "alias";
 		argv[argc + 1] = NULL;
 		break;
 #endif
@@ -389,46 +389,45 @@ run_command(struct cfjail *j)
 		}
 
 		argv = alloca((8 + argc) * sizeof(char *));
-		*(const char **)&argv[0] = _PATH_IFCONFIG;
+		argv[0] = _PATH_IFCONFIG;
 		if ((cs = strchr(val, '|'))) {
-			argv[1] = alloca(cs - val + 1);
-			strlcpy(argv[1], val, cs - val + 1);
+			argv[1] = acs = alloca(cs - val + 1);
+			strlcpy(acs, val, cs - val + 1);
 			addr = cs + 1;
 		} else {
-			*(const char **)&argv[1] =
-			    string_param(j->intparams[IP_INTERFACE]);
+			argv[1] = string_param(j->intparams[IP_INTERFACE]);
 			addr = val;
 		}
-		*(const char **)&argv[2] = "inet6";
+		argv[2] = "inet6";
 		argv[3] = addr;
 		if (!(cs = strchr(addr, '/'))) {
-			*(const char **)&argv[4] = "prefixlen";
-			*(const char **)&argv[5] = "128";
+			argv[4] = "prefixlen";
+			argv[5] = "128";
 			argc = 6;
 		} else
 			argc = 4;
 
 		if (!down) {
-			for (cs = strtok(extrap, " "); cs; cs = strtok(NULL, " ")) {
+			for (cs = strtok(extrap, " "); cs;
+			     cs = strtok(NULL, " ")) {
 				size_t len = strlen(cs) + 1;
-				argv[argc] = alloca(len);
-				strlcpy(argv[argc++], cs, len);
+				argv[argc++] = acs = alloca(len);
+				strlcpy(acs, cs, len);
 			}
 		}
 
-		*(const char **)&argv[argc] = down ? "-alias" : "alias";
+		argv[argc] = down ? "-alias" : "alias";
 		argv[argc + 1] = NULL;
 		break;	
 #endif
 
 	case IP_VNET_INTERFACE:
 		argv = alloca(5 * sizeof(char *));
-		*(const char **)&argv[0] = _PATH_IFCONFIG;
+		argv[0] = _PATH_IFCONFIG;
 		argv[1] = comstring->s;
-		*(const char **)&argv[2] = down ? "-vnet" : "vnet";
+		argv[2] = down ? "-vnet" : "vnet";
 		jidstr = string_param(j->intparams[KP_JID]);
-		*(const char **)&argv[3] =
-			jidstr ? jidstr : string_param(j->intparams[KP_NAME]);
+		argv[3] = jidstr ? jidstr : string_param(j->intparams[KP_NAME]);
 		argv[4] = NULL;
 		break;
 
@@ -454,22 +453,22 @@ run_command(struct cfjail *j)
 		if (down) {
 			argv[4] = NULL;
 			argv[3] = argv[1];
-			*(const char **)&argv[0] = "/sbin/umount";
+			argv[0] = "/sbin/umount";
 		} else {
 			if (argc == 4) {
 				argv[7] = NULL;
 				argv[6] = argv[1];
 				argv[5] = argv[0];
 				argv[4] = argv[3];
-				*(const char **)&argv[3] = "-o";
+				argv[3] = "-o";
 			} else {
 				argv[5] = NULL;
 				argv[4] = argv[1];
 				argv[3] = argv[0];
 			}
-			*(const char **)&argv[0] = _PATH_MOUNT;
+			argv[0] = _PATH_MOUNT;
 		}
-		*(const char **)&argv[1] = "-t";
+		argv[1] = "-t";
 		break;
 
 	case IP_MOUNT_DEVFS:
@@ -485,19 +484,19 @@ run_command(struct cfjail *j)
 		    down ? "devfs" : NULL) < 0)
 			return -1;
 		if (down) {
-			*(const char **)&argv[0] = "/sbin/umount";
+			argv[0] = "/sbin/umount";
 			argv[1] = devpath;
 			argv[2] = NULL;
 		} else {
-			*(const char **)&argv[0] = _PATH_MOUNT;
-			*(const char **)&argv[1] = "-t";
-			*(const char **)&argv[2] = "devfs";
+			argv[0] = _PATH_MOUNT;
+			argv[1] = "-t";
+			argv[2] = "devfs";
 			ruleset = string_param(j->intparams[KP_DEVFS_RULESET]);
 			if (!ruleset)
 			    ruleset = "4";	/* devfsrules_jail */
-			argv[3] = alloca(11 + strlen(ruleset));
-			sprintf(argv[3], "-oruleset=%s", ruleset);
-			*(const char **)&argv[4] = ".";
+			argv[3] = acs = alloca(11 + strlen(ruleset));
+			sprintf(acs, "-oruleset=%s", ruleset);
+			argv[4] = ".";
 			argv[5] = devpath;
 			argv[6] = NULL;
 		}
@@ -516,14 +515,14 @@ run_command(struct cfjail *j)
 		    down ? "fdescfs" : NULL) < 0)
 			return -1;
 		if (down) {
-			*(const char **)&argv[0] = "/sbin/umount";
+			argv[0] = "/sbin/umount";
 			argv[1] = devpath;
 			argv[2] = NULL;
 		} else {
-			*(const char **)&argv[0] = _PATH_MOUNT;
-			*(const char **)&argv[1] = "-t";
-			*(const char **)&argv[2] = "fdescfs";
-			*(const char **)&argv[3] = ".";
+			argv[0] = _PATH_MOUNT;
+			argv[1] = "-t";
+			argv[2] = "fdescfs";
+			argv[3] = ".";
 			argv[4] = devpath;
 			argv[5] = NULL;
 		}
@@ -548,8 +547,8 @@ run_command(struct cfjail *j)
 		if ((cs = strpbrk(comstring->s, "!\"$&'()*;<>?[\\]`{|}~")) &&
 		    !(cs[0] == '&' && cs[1] == '\0')) {
 			argv = alloca(4 * sizeof(char *));
-			*(const char **)&argv[0] = _PATH_BSHELL;
-			*(const char **)&argv[1] = "-c";
+			argv[0] = _PATH_BSHELL;
+			argv[1] = "-c";
 			argv[2] = comstring->s;
 			argv[3] = NULL;
 		} else {
@@ -693,7 +692,7 @@ run_command(struct cfjail *j)
 		exit(1);
 	}
 	closefrom(3);
-	execvp(argv[0], argv);
+	execvp(argv[0], __DECONST(char *const*, argv));
 	jail_warnx(j, "exec %s: %s", argv[0], strerror(errno));
 	exit(1);
 }
diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c
index 661c4ad..b8f5779 100644
--- a/usr.sbin/jail/jail.c
+++ b/usr.sbin/jail/jail.c
@@ -656,11 +656,11 @@ create_jail(struct cfjail *j)
 		 * The jail already exists, but may be dying.
 		 * Make sure it is, in which case an update is appropriate.
 		 */
-		*(const void **)&jiov[0].iov_base = "jid";
+		jiov[0].iov_base = __DECONST(char *, "jid");
 		jiov[0].iov_len = sizeof("jid");
 		jiov[1].iov_base = &jid;
 		jiov[1].iov_len = sizeof(jid);
-		*(const void **)&jiov[2].iov_base = "dying";
+		jiov[2].iov_base = __DECONST(char *, "dying");
 		jiov[2].iov_len = sizeof("dying");
 		jiov[3].iov_base = &dying;
 		jiov[3].iov_len = sizeof(dying);
@@ -721,11 +721,11 @@ clear_persist(struct cfjail *j)
 	if (!(j->flags & JF_PERSIST))
 		return;
 	j->flags &= ~JF_PERSIST;
-	*(const void **)&jiov[0].iov_base = "jid";
+	jiov[0].iov_base = __DECONST(char *, "jid");
 	jiov[0].iov_len = sizeof("jid");
 	jiov[1].iov_base = &j->jid;
 	jiov[1].iov_len = sizeof(j->jid);
-	*(const void **)&jiov[2].iov_base = "nopersist";
+	jiov[2].iov_base = __DECONST(char *, "nopersist");
 	jiov[2].iov_len = sizeof("nopersist");
 	jiov[3].iov_base = NULL;
 	jiov[3].iov_len = 0;
@@ -849,12 +849,12 @@ running_jid(struct cfjail *j, int dflag)
 			j->jid = -1;
 			return;
 		}
-		*(const void **)&jiov[0].iov_base = "jid";
+		jiov[0].iov_base = __DECONST(char *, "jid");
 		jiov[0].iov_len = sizeof("jid");
 		jiov[1].iov_base = &jid;
 		jiov[1].iov_len = sizeof(jid);
 	} else if ((pval = string_param(j->intparams[KP_NAME]))) {
-		*(const void **)&jiov[0].iov_base = "name";
+		jiov[0].iov_base = __DECONST(char *, "name");
 		jiov[0].iov_len = sizeof("name");
 		jiov[1].iov_len = strlen(pval) + 1;
 		jiov[1].iov_base = alloca(jiov[1].iov_len);
@@ -880,7 +880,7 @@ jail_quoted_warnx(const struct cfjail *j, const char *name_msg,
 }
 
 /*
- * Set jail parameters and possible print them out.
+ * Set jail parameters and possibly print them out.
  */
 static int
 jailparam_set_note(const struct cfjail *j, struct jailparam *jp, unsigned njp,
diff --git a/usr.sbin/jail/state.c b/usr.sbin/jail/state.c
index 17b2a0c..b3eb942 100644
--- a/usr.sbin/jail/state.c
+++ b/usr.sbin/jail/state.c
@@ -60,7 +60,7 @@ dep_setup(int docf)
 	const char *cs;
 	char *pname;
 	size_t plen;
-	int error, deps, ldeps;
+	int deps, ldeps;
 
 	if (!docf) {
 		/*
@@ -88,7 +88,6 @@ dep_setup(int docf)
 	TAILQ_FOREACH(j, &cfjails, tq)
 		jails_byname[njails++] = j;
 	qsort(jails_byname, njails, sizeof(struct cfjail *), cmp_jailptr);
-	error = 0;
 	deps = 0;
 	ldeps = 0;
 	plen = 0;
@@ -331,15 +330,15 @@ start_state(const char *target, int docf, unsigned state, int running)
 			 * -R matches its wildcards against currently running
 			 * jails, not against the config file.
 			 */
-			*(const void **)&jiov[0].iov_base = "lastjid";
+			jiov[0].iov_base = __DECONST(char *, "lastjid");
 			jiov[0].iov_len = sizeof("lastjid");
 			jiov[1].iov_base = &jid;
 			jiov[1].iov_len = sizeof(jid);
-			*(const void **)&jiov[2].iov_base = "jid";
+			jiov[2].iov_base = __DECONST(char *, "jid");
 			jiov[2].iov_len = sizeof("jid");
 			jiov[3].iov_base = &jid;
 			jiov[3].iov_len = sizeof(jid);
-			*(const void **)&jiov[4].iov_base = "name";
+			jiov[4].iov_base = __DECONST(char *, "name");
 			jiov[4].iov_len = sizeof("name");
 			jiov[5].iov_base = &namebuf;
 			jiov[5].iov_len = sizeof(namebuf);
@@ -454,12 +453,12 @@ running_jid(const char *name, int flags)
 	int jid;
 
 	if ((jid = strtol(name, &ep, 10)) && !*ep) {
-		*(const void **)&jiov[0].iov_base = "jid";
+		jiov[0].iov_base = __DECONST(char *, "jid");
 		jiov[0].iov_len = sizeof("jid");
 		jiov[1].iov_base = &jid;
 		jiov[1].iov_len = sizeof(jid);
 	} else {
-		*(const void **)&jiov[0].iov_base = "name";
+		jiov[0].iov_base = __DECONST(char *, "name");
 		jiov[0].iov_len = sizeof("name");
 		jiov[1].iov_len = strlen(name) + 1;
 		jiov[1].iov_base = alloca(jiov[1].iov_len);