Some jail parameters (in particular, "ip4" and "ip6" for IP address

restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.

Approved by:	re (kib), bz (mentor)
Discussed with:	rwatson

2 files changed, 43 insertions, 28 deletions

diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8
index 7189001..f3340bd 100644
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@@ -34,7 +34,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 8, 2009
+.Dd July 25, 2009
 .Dt JAIL 8
 .Os
 .Sh NAME
@@ -252,14 +252,26 @@ match.
 It is only possible to start multiple jails with the same IP address,
 if none of the jails has more than this single overlapping IP address
 assigned to itself.
-.Pp
-A list of zero elements (an empty string) will stop the jail from using IPv4
-entirely; setting the boolean parameter
-.Ar noip4
-will not restrict the jail at all.
-.It Va ip6.addr
+.It Va ip4
+Control the availablity of IPv4 addresses.
+Possible values are
+.Dq inherit
+to allow unrestricted access to all system addresses,
+.Dq new
+to restrict addresses via
+.Va ip4.addr
+above, and
+.Dq disable
+to stop the jail from using IPv4 entirely.
+Setting the
+.Va ip4.addr
+parameter implies a value of
+.Dq new .
+.It Va ip6.addr , Va ip6
 A list of IPv6 addresses assigned to the prison, the counterpart to
-.Ar ip4.addr
+.Va ip4.addr
+and
+.Va ip4
 above.
 .It Va host.hostname
 Hostname of the prison.
@@ -268,9 +280,15 @@ Other similar parameters are
 .Va host.hostuuid
 and
 .Va host.hostid .
-Setting the boolean parameter
-.Va nohost
-will retain the system values of these settings.
+.It Va host
+Set the origin of hostname and related information.
+Possible values are
+.Dq inherit
+to use the system information and
+.Dq new
+for the jail to use the information from the above fields.
+Setting any of the above fields implies a value of
+.Dq new .
 .It Va securelevel
 The value of the jail's
 .Va kern.securelevel
diff --git a/usr.sbin/jls/jls.c b/usr.sbin/jls/jls.c
index 40019f1..8c8b981 100644
--- a/usr.sbin/jls/jls.c
+++ b/usr.sbin/jls/jls.c
@@ -57,7 +57,7 @@ __FBSDID("$FreeBSD$");
 #define	PRINT_VERBOSE	0x20
 
 static struct jailparam *params;
-static int *param_noparent;
+static int *param_parent;
 static int nparams;
 
 static int add_param(const char *name, void *value, size_t valuelen,
@@ -71,7 +71,7 @@ static void quoted_print(char *str);
 int
 main(int argc, char **argv)
 {
-	char *dot, *ep, *jname, *nname;
+	char *dot, *ep, *jname;
 	int c, i, jflags, jid, lastjid, pflags, spc;
 
 	jname = NULL;
@@ -139,17 +139,14 @@ main(int argc, char **argv)
 			    JP_USER);
 
 	if (pflags & PRINT_SKIP) {
-		/* Check for parameters with boolean parents. */
+		/* Check for parameters with jailsys parents. */
 		for (i = 0; i < nparams; i++) {
 			if ((params[i].jp_flags & JP_USER) &&
 			    (dot = strchr(params[i].jp_name, '.'))) {
 				*dot = 0;
-				nname = noname(params[i].jp_name);
+				param_parent[i] = add_param(params[i].jp_name,
+				    NULL, (size_t)0, NULL, JP_OPT);
 				*dot = '.';
-				param_noparent[i] =
-				    add_param(nname, NULL, (size_t)0, NULL,
-					JP_OPT);
-				free(nname);
 			}
 		}
 	}
@@ -237,21 +234,20 @@ add_param(const char *name, void *value, size_t valuelen,
 	if (!nparams) {
 		paramlistsize = 32;
 		params = malloc(paramlistsize * sizeof(*params));
-		param_noparent =
-		    malloc(paramlistsize * sizeof(*param_noparent));
-		if (params == NULL || param_noparent == NULL)
+		param_parent = malloc(paramlistsize * sizeof(*param_parent));
+		if (params == NULL || param_parent == NULL)
 			err(1, "malloc");
 	} else if (nparams >= paramlistsize) {
 		paramlistsize *= 2;
 		params = realloc(params, paramlistsize * sizeof(*params));
-		param_noparent = realloc(param_noparent,
-		    paramlistsize * sizeof(*param_noparent));
-		if (params == NULL || param_noparent == NULL)
+		param_parent = realloc(param_parent,
+		    paramlistsize * sizeof(*param_parent));
+		if (params == NULL || param_parent == NULL)
 			err(1, "realloc");
 	}
 
 	/* Look up the parameter. */
-	param_noparent[nparams] = -1;
+	param_parent[nparams] = -1;
 	param = params + nparams++;
 	if (source != NULL) {
 		*param = *source;
@@ -387,8 +383,9 @@ print_jail(int pflags, int jflags)
 			if ((pflags & PRINT_SKIP) &&
 			    ((!(params[i].jp_ctltype &
 				(CTLFLAG_WR | CTLFLAG_TUN))) ||
-			     (param_noparent[i] >= 0 &&
-			      *(int *)params[param_noparent[i]].jp_value)))
+			     (param_parent[i] >= 0 &&
+			      *(int *)params[param_parent[i]].jp_value !=
+			      JAIL_SYS_NEW)))
 				continue;
 			if (spc)
 				putchar(' ');