summaryrefslogtreecommitdiffstats
path: root/sbin
diff options
context:
space:
mode:
Diffstat (limited to 'sbin')
-rw-r--r--sbin/hastctl/hastctl.c2
-rw-r--r--sbin/hastd/primary.c2
-rw-r--r--sbin/hastd/secondary.c2
-rw-r--r--sbin/hastd/subr.c58
-rw-r--r--sbin/hastd/subr.h2
5 files changed, 44 insertions, 22 deletions
diff --git a/sbin/hastctl/hastctl.c b/sbin/hastctl/hastctl.c
index cf692ce..c4cd6a4 100644
--- a/sbin/hastctl/hastctl.c
+++ b/sbin/hastctl/hastctl.c
@@ -480,7 +480,7 @@ main(int argc, char *argv[])
cfg->hc_controladdr);
}
- if (drop_privs(true) != 0)
+ if (drop_privs(NULL) != 0)
exit(EX_CONFIG);
/* Send the command to the server... */
diff --git a/sbin/hastd/primary.c b/sbin/hastd/primary.c
index 3363fcb..d8eb664 100644
--- a/sbin/hastd/primary.c
+++ b/sbin/hastd/primary.c
@@ -904,7 +904,7 @@ hastd_primary(struct hast_resource *res)
init_ggate(res);
init_environment(res);
- if (drop_privs(true) != 0) {
+ if (drop_privs(res) != 0) {
cleanup(res);
exit(EX_CONFIG);
}
diff --git a/sbin/hastd/secondary.c b/sbin/hastd/secondary.c
index 5d7df68..58b8f69 100644
--- a/sbin/hastd/secondary.c
+++ b/sbin/hastd/secondary.c
@@ -436,7 +436,7 @@ hastd_secondary(struct hast_resource *res, struct nv *nvin)
init_local(res);
init_environment();
- if (drop_privs(true) != 0)
+ if (drop_privs(res) != 0)
exit(EX_CONFIG);
pjdlog_info("Privileges successfully dropped.");
diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c
index ea84e2a..29f33e7 100644
--- a/sbin/hastd/subr.c
+++ b/sbin/hastd/subr.c
@@ -32,9 +32,10 @@
__FBSDID("$FreeBSD$");
#include <sys/capability.h>
-#include <sys/types.h>
+#include <sys/param.h>
#include <sys/disk.h>
#include <sys/ioctl.h>
+#include <sys/jail.h>
#include <sys/stat.h>
#include <errno.h>
@@ -147,13 +148,15 @@ role2str(int role)
}
int
-drop_privs(bool usecapsicum)
+drop_privs(struct hast_resource *res)
{
+ char jailhost[sizeof(res->hr_name) * 2];
+ struct jail jailst;
struct passwd *pw;
uid_t ruid, euid, suid;
gid_t rgid, egid, sgid;
gid_t gidset[1];
- bool capsicum;
+ bool capsicum, jailed;
/*
* According to getpwnam(3) we have to clear errno before calling the
@@ -173,10 +176,34 @@ drop_privs(bool usecapsicum)
return (-1);
}
}
- if (chroot(pw->pw_dir) == -1) {
- KEEP_ERRNO(pjdlog_errno(LOG_ERR,
- "Unable to change root directory to %s", pw->pw_dir));
- return (-1);
+
+ bzero(&jailst, sizeof(jailst));
+ jailst.version = JAIL_API_VERSION;
+ jailst.path = pw->pw_dir;
+ if (res == NULL) {
+ (void)snprintf(jailhost, sizeof(jailhost), "hastctl");
+ } else {
+ (void)snprintf(jailhost, sizeof(jailhost), "hastd: %s (%s)",
+ res->hr_name, role2str(res->hr_role));
+ }
+ jailst.hostname = jailhost;
+ jailst.jailname = NULL;
+ jailst.ip4s = 0;
+ jailst.ip4 = NULL;
+ jailst.ip6s = 0;
+ jailst.ip6 = NULL;
+ if (jail(&jailst) >= 0) {
+ jailed = true;
+ } else {
+ jailed = false;
+ pjdlog_errno(LOG_WARNING,
+ "Unable to jail to directory to %s", pw->pw_dir);
+ if (chroot(pw->pw_dir) == -1) {
+ KEEP_ERRNO(pjdlog_errno(LOG_ERR,
+ "Unable to change root directory to %s",
+ pw->pw_dir));
+ return (-1);
+ }
}
PJDLOG_VERIFY(chdir("/") == 0);
gidset[0] = pw->pw_gid;
@@ -197,15 +224,10 @@ drop_privs(bool usecapsicum)
return (-1);
}
- capsicum = false;
- if (usecapsicum) {
- if (cap_enter() == 0) {
- capsicum = true;
- } else {
- pjdlog_errno(LOG_WARNING,
- "Unable to sandbox using capsicum");
- }
- }
+ if (res == NULL || res->hr_role != HAST_ROLE_PRIMARY)
+ capsicum = (cap_enter() == 0);
+ else
+ capsicum = false;
/*
* Better be sure that everything succeeded.
@@ -223,8 +245,8 @@ drop_privs(bool usecapsicum)
PJDLOG_VERIFY(gidset[0] == pw->pw_gid);
pjdlog_debug(1,
- "Privileges successfully dropped using %schroot+setgid+setuid.",
- capsicum ? "capsicum+" : "");
+ "Privileges successfully dropped using %s%s+setgid+setuid.",
+ capsicum ? "capsicum+" : "", jailed ? "jail" : "chroot");
return (0);
}
diff --git a/sbin/hastd/subr.h b/sbin/hastd/subr.h
index c04a242..e76930a 100644
--- a/sbin/hastd/subr.h
+++ b/sbin/hastd/subr.h
@@ -51,6 +51,6 @@ int snprlcat(char *str, size_t size, const char *fmt, ...);
int provinfo(struct hast_resource *res, bool dowrite);
const char *role2str(int role);
-int drop_privs(bool usecapsicum);
+int drop_privs(struct hast_resource *res);
#endif /* !_SUBR_H_ */
OpenPOWER on IntegriCloud