MFC r278323:

  Add mount.procfs jail parameter, so procfs can be mounted when a prison's
  root is in its fstab.

  Also fix a typo while I'm at it.

PR:		197237 197066

5 files changed, 44 insertions, 1 deletions

diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c
index 390be80..d424d1c 100644
--- a/usr.sbin/jail/command.c
+++ b/usr.sbin/jail/command.c
@@ -112,6 +112,12 @@ next_command(struct cfjail *j)
 				if (!bool_param(j->intparams[IP_MOUNT_FDESCFS]))
 					continue;
 				j->comstring = &dummystring;
+				break;
+			case IP_MOUNT_PROCFS:
+				if (!bool_param(j->intparams[IP_MOUNT_PROCFS]))
+					continue;
+				j->comstring = &dummystring;
+				break;
 			case IP__OP:
 			case IP_STOP_TIMEOUT:
 				j->comstring = &dummystring;
@@ -529,6 +535,32 @@ run_command(struct cfjail *j)
 		}
 		break;
 
+	case IP_MOUNT_PROCFS:
+		argv = alloca(7 * sizeof(char *));
+		path = string_param(j->intparams[KP_PATH]);
+		if (path == NULL) {
+			jail_warnx(j, "mount.procfs: no path");
+			return -1;
+		}
+		devpath = alloca(strlen(path) + 6);
+		sprintf(devpath, "%s/proc", path);
+		if (check_path(j, "mount.procfs", devpath, 0,
+		    down ? "procfs" : NULL) < 0)
+			return -1;
+		if (down) {
+			*(const char **)&argv[0] = "/sbin/umount";
+			argv[1] = devpath;
+			argv[2] = NULL;
+		} else {
+			*(const char **)&argv[0] = _PATH_MOUNT;
+			*(const char **)&argv[1] = "-t";
+			*(const char **)&argv[2] = "procfs";
+			*(const char **)&argv[3] = ".";
+			argv[4] = devpath;
+			argv[5] = NULL;
+		}
+		break;
+
 	case IP_COMMAND:
 		if (j->name != NULL)
 			goto default_command;
diff --git a/usr.sbin/jail/config.c b/usr.sbin/jail/config.c
index cd02a50..5820209 100644
--- a/usr.sbin/jail/config.c
+++ b/usr.sbin/jail/config.c
@@ -84,6 +84,7 @@ static const struct ipspec intparams[] = {
     [IP_MOUNT] =		{"mount",		PF_INTERNAL | PF_REV},
     [IP_MOUNT_DEVFS] =		{"mount.devfs",		PF_INTERNAL | PF_BOOL},
     [IP_MOUNT_FDESCFS] =	{"mount.fdescfs",	PF_INTERNAL | PF_BOOL},
+    [IP_MOUNT_PROCFS] =		{"mount.procfs",	PF_INTERNAL | PF_BOOL},
     [IP_MOUNT_FSTAB] =		{"mount.fstab",		PF_INTERNAL},
     [IP_STOP_TIMEOUT] =		{"stop.timeout",	PF_INTERNAL | PF_INT},
     [IP_VNET_INTERFACE] =	{"vnet.interface",	PF_INTERNAL},
diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index a1a59c2..b270a15 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -25,7 +25,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 28, 2015
+.Dd February 6, 2015
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -753,6 +753,12 @@ Mount a
 filesystem on the chrooted
 .Pa /dev/fd
 directory.
+.It Va mount.procfs
+Mount a
+.Xr procfs 5
+filesystem on the chrooted
+.Pa /proc
+directory.
 .It Va allow.dying
 Allow making changes to a
 .Va dying
@@ -1206,6 +1212,7 @@ environment of the first jail.
 .Xr jls 8 ,
 .Xr mount 8 ,
 .Xr named 8 ,
+.Xr procfs 5 ,
 .Xr reboot 8 ,
 .Xr rpcbind 8 ,
 .Xr sendmail 8 ,
diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c
index 661c4ad..82cd6ae 100644
--- a/usr.sbin/jail/jail.c
+++ b/usr.sbin/jail/jail.c
@@ -93,6 +93,7 @@ static const enum intparam startcommands[] = {
     IP__MOUNT_FROM_FSTAB,
     IP_MOUNT_DEVFS,
     IP_MOUNT_FDESCFS,
+    IP_MOUNT_PROCFS,
     IP_EXEC_PRESTART, 
     IP__OP,
     IP_VNET_INTERFACE,
@@ -109,6 +110,7 @@ static const enum intparam stopcommands[] = {
     IP_STOP_TIMEOUT,
     IP__OP,
     IP_EXEC_POSTSTOP,
+    IP_MOUNT_PROCFS,
     IP_MOUNT_FDESCFS,
     IP_MOUNT_DEVFS,
     IP__MOUNT_FROM_FSTAB,
diff --git a/usr.sbin/jail/jailp.h b/usr.sbin/jail/jailp.h
index 3f89392..bfefca5 100644
--- a/usr.sbin/jail/jailp.h
+++ b/usr.sbin/jail/jailp.h
@@ -96,6 +96,7 @@ enum intparam {
 	IP_MOUNT,		/* Mount points in fstab(5) form */
 	IP_MOUNT_DEVFS,		/* Mount /dev under prison root */
 	IP_MOUNT_FDESCFS,	/* Mount /dev/fd under prison root */
+	IP_MOUNT_PROCFS,	/* Mount /proc under prison root */
 	IP_MOUNT_FSTAB,		/* A standard fstab(5) file */
 	IP_STOP_TIMEOUT,	/* Time to wait after sending SIGTERM */
 	IP_VNET_INTERFACE,	/* Assign interface(s) to vnet jail */