summaryrefslogtreecommitdiffstats
path: root/usr.sbin/jail
Commit message (Collapse)AuthorAgeFilesLines
* Move properly to the next parameter when jailparam_init failsjamie2012-10-041-0/+1
| | | | (i.e. on an unknown parameter), to avoid freeing bogus pointers.
* Warn about filesystem-based attacks.des2012-09-161-1/+9
|
* Partially roll back r239601 - keep parameter strings both length-delimitedjamie2012-08-231-4/+5
| | | | | | | | and null-terminated at the same time, because they're later passed to libjail as null-terminated. That means I also need to add a nul byte when comma-combining array parameters. MFC after: 6 days
* Pre-separate IP addresses passed on the command line, so they can bejamie2012-08-231-2/+26
| | | | | | | | properly parsed for interface prefixes and netmask suffixes. This was already done for the old-style (fixed) command line, but missed for the new-style. MFC after: 1 week
* Remember that I'm using length-defined strings in parameters:jamie2012-08-231-5/+3
| | | | | | | | | | | Remove a bogus null terminator when stripping the netmask from IP addresses. This was causing later addresses in a comma-separated string to disappear. Use memcpy instead of strcpy. This could just cause Bad Things. PR: 170832 MFC after: 1 week
* o Restore -u <username> getopt(3) flag somehow killed in r234712.maxim2012-06-281-1/+1
| | | | | | PR: bin/169490 Submitted by: amdmi3 MFC after: 2 weeks
* Minor spelling fixes.joel2012-06-032-2/+2
|
* When writing the jid via the -i flag, do it right when the jail is created,jamie2012-05-283-5/+7
| | | | before any commands run. /etc/rc.d/jail depends on this.
* Don't try to set a null TERM environment.jamie2012-05-251-1/+2
| | | | Submitted by: Mateusz Guzik <mjguzik gmail.com>
* Fixes to man8 groff mandoc style, usage mistakes, or typos.wblock2012-05-241-4/+5
| | | | | | | PR: 168016 Submitted by: Nobuyuki Koganemaru Approved by: gjb MFC after: 3 days
* Note that the new jail(8) will be appearing in 9.1.jamie2012-05-232-4/+4
|
* Fix world after byacc import:bapt2012-05-222-1/+2
| | | | | | | | - old yacc(1) use to magicially append stdlib.h, while new one don't - new yacc(1) do declare yyparse by itself, fix redundant declaration of 'yyparse' Approved by: des (mentor)
* Remove end of line whitespace.joel2012-05-121-3/+3
|
* General mdoc(7) and typo fixes.gjb2012-05-121-5/+5
| | | | | | PR: 167804 Submitted by: Nobuyuki Koganemaru (kogane!jp.freebsd.org) MFC after: 3 days
* mdoc: remove redundant Pp and end a display block with Ed.joel2012-05-121-1/+1
|
* Fix .Pp macro.joel2012-05-111-1/+1
|
* Add a meta-parameter IP__NULL to enum intparam, instead of mixingjamie2012-05-034-10/+11
| | | | | | enum values and zeroes. This keeps clang happy (and is just good form). Submitted by: dim
* Add YY_NO_INPUT so clang doesn't complain about "input" not being used.jamie2012-05-021-0/+1
|
* Fix the dates and history as of the move to HEAD.jamie2012-04-271-3/+3
|
* A new jail(8) with a configuration file, ultimately to replace the workjamie2012-04-2610-635/+4377
|\ | | | | | | | | | | currently done by /etc/rc.d/jail. MFC after: 3 months
| * Use the defvs_ruleset paramater when mounting a jail's /dev,jamie2012-02-274-22/+17
| | | | | | | | instead of a mount.devfs.ruleset pseudo-parameter.
| * From r224286:jamie2012-02-271-3/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Document the potential for jail escape. From r224615: Always disable mount and unmount for jails with enforce_statfs==2. From r231267: A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for mounting devfs inside jails. A value of -1 disables mounting devfs in jails, a value of zero means no restrictions. Nested jails can only have mounting devfs disabled or inherit parent's enforcement as jails are not allowed to view or manipulate devfs(8) rules. From r232059: To improve control over the use of mount(8) inside a jail(8), introduce a new jail parameter node with the following parameters: allow.mount.devfs: allow mounting the devfs filesystem inside a jail allow.mount.nullfs: allow mounting the nullfs filesystem inside a jail From r232186: allow.mount.zfs: allow mounting the zfs filesystem inside a jail
| * Improvements in error messages:jamie2012-02-084-18/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Some errors printed the jail name for unnamed (command line) jails. Attempting to create an already-existing jail from the command line returned with no error (even for non-root) due to bad logic in start_state. Ignore kvm_proc errors, which are typically caused by permission problems. Instead, stop ignoring permission errors when removing a jail (but continue to silently ignore other errors, i.e. the jail no longer existing). This makes non-root attempts at removing a jail give a clearer error message.
| * Allow relative pathnames for jails generated on the command linejamie2012-02-071-1/+1
| | | | | | | | (but continue to flag when from a config file).
| * Better communicate the purpose of "-r *".jamie2012-01-311-2/+4
| |
| * Don't report errors for the exit status of processes that are killedjamie2011-07-061-6/+10
| | | | | | | | | | | | | | | | as part of jail removal (IP_STOP_TIMEOUT). Note a jail as "removed" even if it wasn't jail_remove() that did the deed, e.g. if it already went away because all its processes were killed.
| * Advance to the next command before running anything, so errors found injamie2011-06-222-48/+40
| | | | | | | | | | | | | | | | finish_command can be processed properly. Call failed() once in next_command() instead of multiple times in run_command(). Continue processing commands when a no-wait operation (IP__OP or background command) succeeds.
| * Fix a couple of NULL dereferences.jamie2011-06-211-4/+4
| |
| * Following r222465:jamie2011-06-205-64/+119
| | | | | | | | | | | | Check for IPv4 or IPv6 to be available by the kernel to not provoke errors trying to query options not available. Make it possible to compile out INET or INET6 only parts.
| * Linty stuff.jamie2011-06-202-3/+3
| |
| * Move the actual create/remove (IP__OP) handling into run_command,jamie2011-06-183-44/+40
| | | | | | | | and the cost of an ugly single-use global variable.
| * Update copyright dates and other whitespacey stuff.jamie2011-06-179-16/+16
| |
| * Split run_command up into an outer function (next_command) that choosesjamie2011-06-174-303/+266
| | | | | | | | | | | | | | | | | | a single command string to run, and an inner function (run_command) that runs that single string. Move the list of start/stop commands to run from a switch statement into an array, with a new placeholder parameter IP__OP for actually creating or removing the jail. When jail creation fails, revert all non-exec commands in reverse order.
| * Change cfstrings from an STAILQ into a TAILQ to allow commands to bejamie2011-06-176-53/+52
| | | | | | | | traversed in reverse order.
| * run_command (mostly) cleanup:jamie2010-12-104-160/+194
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the parallelism limit a global instead of always passing it to run_command and finish_command. In the case of an empty command string, try to run any other strings the command may have. Replace JF_BACKGROUND with its sort-of opposite JF_SLEEPQ. Change j->comstring earlier to render JF_RUNQ unncessary. Change the if-else series to a more readable switch statement. Treat IP_STOP_TIMEOUT like a command, calling run_command which then calls term_procs. When the IP_STOP_TIMEOUT "command" finishes, it shouldn't mess with the parallelism limit. Make sufficient checks in finish_command and run_command so that the nonintuitive j->comstring null check isn't necessary to run them. Rename the "waiting" queue to "depend", because the "sleeping" and "runnable" queues are also used to wait for something.
| * Check unmounts for a mount point of the right FS type.jamie2010-11-041-26/+56
| |
| * Check paths for security:jamie2010-11-042-3/+74
| | | | | | | | | | | | | | path must be absolute. mount paths must exist and have no symlinks beyond the jail's path itself. consolelog must exist (apart from the final component) and have no symlinks beyond the jail's path itself.
| * Reads the mount.fstab file, and put its lines separately into thejamie2010-11-044-17/+50
| | | | | | | | IP__MOUNT_FROM_FSTAB internal parameter.
| * Combine check_intparams() and ip_params(), JF_CHECKINT and JF_IPPARAMS.jamie2010-11-013-69/+54
| |
| * Use a little more "ifdef INET6".jamie2010-10-271-6/+16
| |
| * Don't assume either jid or name is set - they may not be from thejamie2010-10-271-4/+5
| | | | | | | | command line.
| * Keep all internal/known parameter names in one place, and usejamie2010-10-273-160/+151
| | | | | | | | enum constants everywhere else.
| * Initial work on the new jail(8). There are more features to add, and somejamie2010-10-2010-608/+4169
| | | | | | | | | | cleaning up to do on existing features, but this is pretty much what the final product will look like.
* | Bump .Dd to reflect latest updatemm2012-02-291-1/+1
| | | | | | | | | | Reported by: bz MFC after: 1 week
* | Add procfs to jail-mountable filesystems.mm2012-02-291-0/+8
| | | | | | | | | | Reviewed by: jamie MFC after: 1 week
* | mdoc(7) stype - start new sentences on new linemm2012-02-281-8/+10
| | | | | | | | MFC after: 1 week
* | Analogous to r232059, add a parameter for the ZFS file system:mm2012-02-261-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | allow.mount.zfs: allow mounting the zfs filesystem inside a jail This way the permssions for mounting all current VFCF_JAIL filesystems inside a jail are controlled wia allow.mount.* jail parameters. Update sysctl descriptions. Update jail(8) and zfs(8) manpages. TODO: document the connection of allow.mount.* and VFCF_JAIL for kernel developers MFC after: 10 days
* | To improve control over the use of mount(8) inside a jail(8), introducemm2012-02-231-8/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a new jail parameter node with the following parameters: allow.mount.devfs: allow mounting the devfs filesystem inside a jail allow.mount.nullfs: allow mounting the nullfs filesystem inside a jail Both parameters are disabled by default (equals the behavior before devfs and nullfs in jails). Administrators have to explicitly allow mounting devfs and nullfs for each jail. The value "-1" of the devfs_ruleset parameter is removed in favor of the new allow setting. Reviewed by: jamie Suggested by: pjd MFC after: 2 weeks
* | Add support for mounting devfs inside jails.mm2012-02-091-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for mounting devfs inside jails. A value of -1 disables mounting devfs in jails, a value of zero means no restrictions. Nested jails can only have mounting devfs disabled or inherit parent's enforcement as jails are not allowed to view or manipulate devfs(8) rules. Utilizes new functions introduced in r231265. Reviewed by: jamie MFC after: 1 month
* | Try resolving jail path with realpath(3).mm2012-01-241-2/+8
| | | | | | | | | | | | | | | | | | jail(8) does a chdir(2) to the given path argument. Kernel evaluates the jail path from the new cwd and not from the original cwd, which leads to undesired behavior if given a relative path. Reviewed by: jamie MFC after: 2 weeks
OpenPOWER on IntegriCloud