diff options
author | jamie <jamie@FreeBSD.org> | 2015-02-10 01:05:51 +0000 |
---|---|---|
committer | jamie <jamie@FreeBSD.org> | 2015-02-10 01:05:51 +0000 |
commit | f8ff07ebef14d8d87007863c4b3bfcf35f6b515f (patch) | |
tree | 8edd7cea4fda74d466ec21cd28242837d73a9771 /usr.sbin/jail | |
parent | 715b3cae1f17b5ea056fd103ad87563421deac63 (diff) | |
download | FreeBSD-src-f8ff07ebef14d8d87007863c4b3bfcf35f6b515f.zip FreeBSD-src-f8ff07ebef14d8d87007863c4b3bfcf35f6b515f.tar.gz |
MFC r278323:
Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.
Also fix a typo while I'm at it.
PR: 197237 197066
Diffstat (limited to 'usr.sbin/jail')
-rw-r--r-- | usr.sbin/jail/command.c | 32 | ||||
-rw-r--r-- | usr.sbin/jail/config.c | 1 | ||||
-rw-r--r-- | usr.sbin/jail/jail.8 | 9 | ||||
-rw-r--r-- | usr.sbin/jail/jail.c | 2 | ||||
-rw-r--r-- | usr.sbin/jail/jailp.h | 1 |
5 files changed, 44 insertions, 1 deletions
diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c index 390be80..d424d1c 100644 --- a/usr.sbin/jail/command.c +++ b/usr.sbin/jail/command.c @@ -112,6 +112,12 @@ next_command(struct cfjail *j) if (!bool_param(j->intparams[IP_MOUNT_FDESCFS])) continue; j->comstring = &dummystring; + break; + case IP_MOUNT_PROCFS: + if (!bool_param(j->intparams[IP_MOUNT_PROCFS])) + continue; + j->comstring = &dummystring; + break; case IP__OP: case IP_STOP_TIMEOUT: j->comstring = &dummystring; @@ -529,6 +535,32 @@ run_command(struct cfjail *j) } break; + case IP_MOUNT_PROCFS: + argv = alloca(7 * sizeof(char *)); + path = string_param(j->intparams[KP_PATH]); + if (path == NULL) { + jail_warnx(j, "mount.procfs: no path"); + return -1; + } + devpath = alloca(strlen(path) + 6); + sprintf(devpath, "%s/proc", path); + if (check_path(j, "mount.procfs", devpath, 0, + down ? "procfs" : NULL) < 0) + return -1; + if (down) { + *(const char **)&argv[0] = "/sbin/umount"; + argv[1] = devpath; + argv[2] = NULL; + } else { + *(const char **)&argv[0] = _PATH_MOUNT; + *(const char **)&argv[1] = "-t"; + *(const char **)&argv[2] = "procfs"; + *(const char **)&argv[3] = "."; + argv[4] = devpath; + argv[5] = NULL; + } + break; + case IP_COMMAND: if (j->name != NULL) goto default_command; diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c index cd02a50..5820209 100644 --- a/usr.sbin/jail/config.c +++ b/usr.sbin/jail/config.c @@ -84,6 +84,7 @@ static const struct ipspec intparams[] = { [IP_MOUNT] = {"mount", PF_INTERNAL | PF_REV}, [IP_MOUNT_DEVFS] = {"mount.devfs", PF_INTERNAL | PF_BOOL}, [IP_MOUNT_FDESCFS] = {"mount.fdescfs", PF_INTERNAL | PF_BOOL}, + [IP_MOUNT_PROCFS] = {"mount.procfs", PF_INTERNAL | PF_BOOL}, [IP_MOUNT_FSTAB] = {"mount.fstab", PF_INTERNAL}, [IP_STOP_TIMEOUT] = {"stop.timeout", PF_INTERNAL | PF_INT}, [IP_VNET_INTERFACE] = {"vnet.interface", PF_INTERNAL}, diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index a1a59c2..b270a15 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -25,7 +25,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 28, 2015 +.Dd February 6, 2015 .Dt JAIL 8 .Os .Sh NAME @@ -753,6 +753,12 @@ Mount a filesystem on the chrooted .Pa /dev/fd directory. +.It Va mount.procfs +Mount a +.Xr procfs 5 +filesystem on the chrooted +.Pa /proc +directory. .It Va allow.dying Allow making changes to a .Va dying @@ -1206,6 +1212,7 @@ environment of the first jail. .Xr jls 8 , .Xr mount 8 , .Xr named 8 , +.Xr procfs 5 , .Xr reboot 8 , .Xr rpcbind 8 , .Xr sendmail 8 , diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c index 661c4ad..82cd6ae 100644 --- a/usr.sbin/jail/jail.c +++ b/usr.sbin/jail/jail.c @@ -93,6 +93,7 @@ static const enum intparam startcommands[] = { IP__MOUNT_FROM_FSTAB, IP_MOUNT_DEVFS, IP_MOUNT_FDESCFS, + IP_MOUNT_PROCFS, IP_EXEC_PRESTART, IP__OP, IP_VNET_INTERFACE, @@ -109,6 +110,7 @@ static const enum intparam stopcommands[] = { IP_STOP_TIMEOUT, IP__OP, IP_EXEC_POSTSTOP, + IP_MOUNT_PROCFS, IP_MOUNT_FDESCFS, IP_MOUNT_DEVFS, IP__MOUNT_FROM_FSTAB, diff --git a/usr.sbin/jail/jailp.h b/usr.sbin/jail/jailp.h index 3f89392..bfefca5 100644 --- a/usr.sbin/jail/jailp.h +++ b/usr.sbin/jail/jailp.h @@ -96,6 +96,7 @@ enum intparam { IP_MOUNT, /* Mount points in fstab(5) form */ IP_MOUNT_DEVFS, /* Mount /dev under prison root */ IP_MOUNT_FDESCFS, /* Mount /dev/fd under prison root */ + IP_MOUNT_PROCFS, /* Mount /proc under prison root */ IP_MOUNT_FSTAB, /* A standard fstab(5) file */ IP_STOP_TIMEOUT, /* Time to wait after sending SIGTERM */ IP_VNET_INTERFACE, /* Assign interface(s) to vnet jail */ |