diff options
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/jail/command.c | 39 | ||||
-rw-r--r-- | usr.sbin/jail/jail.c | 43 | ||||
-rw-r--r-- | usr.sbin/jail/jailp.h | 2 |
3 files changed, 40 insertions, 44 deletions
diff --git a/usr.sbin/jail/command.c b/usr.sbin/jail/command.c index d79f4f9..fa6a026 100644 --- a/usr.sbin/jail/command.c +++ b/usr.sbin/jail/command.c @@ -94,7 +94,7 @@ next_command(struct cfjail *j) rval = 0; create_failed = (j->flags & (JF_STOP | JF_FAILED)) == JF_FAILED; - for (; (comparam = *j->comparam) && comparam != IP__OP; + for (; (comparam = *j->comparam); j->comparam += create_failed ? -1 : 1) { if (j->comstring == NULL) { switch (comparam) { @@ -102,6 +102,7 @@ next_command(struct cfjail *j) if (!bool_param(j->intparams[IP_MOUNT_DEVFS])) continue; /* FALLTHROUGH */ + case IP__OP: case IP_STOP_TIMEOUT: j->comstring = &dummystring; break; @@ -256,19 +257,43 @@ run_command(struct cfjail *j) static char *cleanenv; + /* Perform some operations that aren't actually commands */ + comparam = *j->comparam; + down = j->flags & (JF_STOP | JF_FAILED); + switch (comparam) { + case IP_STOP_TIMEOUT: + return term_procs(j); + + case IP__OP: + if (down) { + if (jail_remove(j->jid) == 0 && verbose >= 0 && + (verbose > 0 || (j->flags & JF_STOP + ? note_remove : j->name != NULL))) + jail_note(j, "removed\n"); + j->jid = -1; + if (j->flags & JF_STOP) + dep_done(j, DF_LIGHT); + else + j->flags &= ~JF_PERSIST; + } else { + if (create_jail(j) < 0) { + failed(j); + return -1; + } + if (verbose >= 0 && (j->name || verbose > 0)) + jail_note(j, "created\n"); + dep_done(j, DF_LIGHT); + } + requeue(j, &ready); + return 1; + } /* * Collect exec arguments. Internal commands for network and * mounting build their own argument lists. */ - comparam = *j->comparam; comstring = j->comstring; bg = 0; - down = j->flags & (JF_STOP | JF_FAILED); switch (comparam) { - case IP_STOP_TIMEOUT: - /* This isn't really a command */ - return term_procs(j); - case IP__IP4_IFADDR: argv = alloca(8 * sizeof(char *)); *(const char **)&argv[0] = _PATH_IFCONFIG; diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c index ff1349e..9706b8d 100644 --- a/usr.sbin/jail/jail.c +++ b/usr.sbin/jail/jail.c @@ -55,9 +55,9 @@ struct permspec { }; const char *cfname; +int note_remove; int verbose; -static int create_jail(struct cfjail *j); static void clear_persist(struct cfjail *j); static int update_jail(struct cfjail *j); static int rdtun_params(struct cfjail *j, int dofail); @@ -271,6 +271,7 @@ main(int argc, char **argv) if ((docf = !Rflag && (!strcmp(cfname, "-") || stat(cfname, &st) == 0))) load_config(); + note_remove = docf || argc > 1 || wild_jail_name(argv[0]); } else if (argc > 1 || (argc == 1 && strchr(argv[0], '='))) { /* Single jail specified on the command line */ if (Rflag) @@ -388,25 +389,7 @@ main(int argc, char **argv) continue; if (j->jid > 0) goto jail_create_done; - j->comparam == startcommands + 1; - } else if (*j->comparam == IP__OP) { - if (j->flags & JF_FAILED) { - if (jail_remove(j->jid) == 0 && - verbose >= 0 && - (j->name || verbose > 0)) - jail_note(j, "removed\n"); - j->jid = -1; - j->flags &= ~JF_PERSIST; - j->comparam--; - } else if (create_jail(j) < 0) { - j->comparam--; - } else { - if (verbose >= 0 && - (j->name || verbose > 0)) - jail_note(j, "created\n"); - dep_done(j, DF_LIGHT); - j->comparam++; - } + j->comparam = startcommands + 1; } if (next_command(j)) continue; @@ -449,19 +432,9 @@ main(int argc, char **argv) j->name); goto jail_remove_done; } - j->comparam == stopcommands + 1; - } else if ((j->flags & JF_FAILED) && j->jid > 0) { + j->comparam = stopcommands + 1; + } else if ((j->flags & JF_FAILED) && j->jid > 0) goto jail_remove_done; - } else if (*j->comparam == IP__OP) { - if (jail_remove(j->jid) == 0 && - verbose >= 0 && - (docf || argc > 1 || - wild_jail_name(argv[0]) || verbose > 0)) - jail_note(j, "removed\n"); - j->jid = -1; - dep_done(j, DF_LIGHT); - j->comparam++; - } if (next_command(j)) continue; jail_remove_done: @@ -578,7 +551,7 @@ jail_warnx(const struct cfjail *j, const char *fmt, ...) /* * Create a new jail. */ -static int +int create_jail(struct cfjail *j) { struct iovec jiov[4]; @@ -595,17 +568,14 @@ create_jail(struct cfjail *j) if (path[0] != '/') { jail_warnx(j, "path %s: not an absolute pathname", path); - failed(j); return -1; } if (stat(path, &st) < 0) { jail_warnx(j, "path %s: %s", path, strerror(errno)); - failed(j); return -1; } if (!S_ISDIR(st.st_mode)) { jail_warnx(j, "path %s: %s", path, strerror(ENOTDIR)); - failed(j); return -1; } } @@ -621,7 +591,6 @@ create_jail(struct cfjail *j) alloca((j->njp + dopersist) * sizeof(struct jailparam)); if (dopersist && jailparam_init(sjp++, "persist") < 0) { jail_warnx(j, "%s", jail_errmsg); - failed(j); return -1; } for (jp = j->jp; jp < j->jp + j->njp; jp++) diff --git a/usr.sbin/jail/jailp.h b/usr.sbin/jail/jailp.h index 204cebe..0f96655 100644 --- a/usr.sbin/jail/jailp.h +++ b/usr.sbin/jail/jailp.h @@ -182,6 +182,7 @@ struct cfdepend { extern void *emalloc(size_t); extern void *erealloc(void *, size_t); extern char *estrdup(const char *); +extern int create_jail(struct cfjail *j); extern void failed(struct cfjail *j); extern void jail_note(const struct cfjail *j, const char *fmt, ...); extern void jail_warnx(const struct cfjail *j, const char *fmt, ...); @@ -219,5 +220,6 @@ extern struct cfjails cfjails; extern struct cfjails ready; extern struct cfjails depend; extern const char *cfname; +extern int note_remove; extern int paralimit; extern int verbose; |