Details

Reviewers

emaste
lwhsu
khng
melifaro

Group Reviewers

Jails

Commits

rG7e49aa86a282: ifconfig(8): Teach ifconfig to attach and run itself in a jail

Summary

Add -j <jail> flag to ifconfig to allow ifconfig to attach and run inside a
jail. This allow parent to configure network interfaces of its children
even if ifconfig is not available in child's tree (e.g. Linux Jails)

Event: Kitchener-Waterloo Hackathon 202305

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

nyan_myuji.xyz created this revision.Mon, May 22, 7:37 PM

Herald added a subscriber: imp. · View Herald TranscriptMon, May 22, 7:37 PM

nyan_myuji.xyz requested review of this revision.Mon, May 22, 7:37 PM

Harbormaster completed remote builds in B51607: Diff 122231.Mon, May 22, 7:37 PM

nyan_myuji.xyz added reviewers: emaste, lwhsu, khng.Mon, May 22, 7:39 PM

fix rescue build

Harbormaster completed remote builds in B51609: Diff 122237.Mon, May 22, 7:53 PM

nyan_myuji.xyz edited the summary of this revision. (Show Details)Mon, May 22, 7:55 PM

khng added inline comments.Mon, May 22, 8:05 PM

sbin/ifconfig/ifconfig.c
468	The following sounds more idiomatic to me: jid = jail_getid(optarg); if (jid == -1) Perror("1"); if (jail_attach(jid) != 0) Perror("2");

nyan_myuji.xyz added inline comments.Mon, May 22, 8:10 PM

sbin/ifconfig/ifconfig.c
468	Great! I prefer that too just worry about breaking style.

improve readability

Harbormaster completed remote builds in B51611: Diff 122241.Mon, May 22, 8:11 PM

nyan_myuji.xyz marked an inline comment as done.Mon, May 22, 8:11 PM

LGTM. You may want to add a manual page changes as well.

This revision is now accepted and ready to land.Mon, May 22, 8:13 PM

yes let's add the man page in here too

sbin/ifconfig/ifconfig.c
473	Do we want #else Perror("not built with jail support") or leave `j` out of options when not `#ifdef JAIL`?

modify man page to refactor the new -j flag

This revision now requires review to proceed.Mon, May 22, 10:23 PM

Harbormaster completed remote builds in B51616: Diff 122254.Mon, May 22, 10:23 PM

lwhsu added inline comments.Mon, May 22, 10:27 PM

sbin/ifconfig/ifconfig.8
31	Bump the date. :-)

lwhsu added inline comments.Mon, May 22, 10:29 PM

sbin/ifconfig/ifconfig.c
473	Maybe perror() is easier since going the other way, we also need to have usage() `#ifdef`'d

If would be perfect if you want to add a simple test under tests/

print error and exit if -j specified but ifconfig isn't built with jail support
bump manpage date

Harbormaster completed remote builds in B51622: Diff 122261.Mon, May 22, 10:31 PM

BTW, I'm not sure if doing jail_attach() in args_parse() is a common or good practice.

Move jail_attach away from args_parse

Harbormaster completed remote builds in B51623: Diff 122262.Mon, May 22, 11:13 PM

cleanup

Harbormaster completed remote builds in B51624: Diff 122263.Mon, May 22, 11:16 PM

including the correct range

Harbormaster completed remote builds in B51625: Diff 122264.Mon, May 22, 11:18 PM

khng accepted this revision.Tue, May 23, 2:35 AM

This revision is now accepted and ready to land.Tue, May 23, 2:35 AM

lwhsu added a reviewer: Jails.Tue, May 23, 6:49 PM

melifaro accepted this revision.Tue, May 23, 7:34 PM

melifaro added a subscriber: melifaro.

melifaro added inline comments.

sbin/ifconfig/ifconfig.c
443	Nit: this is not needed, args is zeroed by default.

remove explicit initialization

This revision now requires review to proceed.Tue, May 23, 7:43 PM

Harbormaster completed remote builds in B51654: Diff 122337.Tue, May 23, 7:44 PM

emaste accepted this revision as: emaste.Tue, May 23, 7:45 PM

This revision is now accepted and ready to land.Tue, May 23, 7:45 PM

Closed by commit rG7e49aa86a282: ifconfig(8): Teach ifconfig to attach and run itself in a jail (authored by nyan_myuji.xyz, committed by lwhsu). · Explain WhyTue, May 23, 8:57 PM

This revision was automatically updated to reflect the committed changes.

lwhsu added a commit: rG7e49aa86a282: ifconfig(8): Teach ifconfig to attach and run itself in a jail.

It would be nice to have something similar for route. Setting up network state for containers with external connectivity also needs some way of setting a default route. For podman, I ended up nesting the container jail inside another jail where I can safely run ifconfig and route without requiring their presence inside the container (or trusting the container's binaries if they are present).

@dfr A patch for route is available at D40377

Teach ifconfig to attach and run itself in a jail.
ClosedPublic
Actions

Details

Diff Detail

Event Timeline

Revision Contents
Changeset List

Diff 122338

sbin/ifconfig/ifconfig.h

sbin/ifconfig/ifconfig.8

sbin/ifconfig/ifconfig.c

Teach ifconfig to attach and run itself in a jail.ClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 122338

sbin/ifconfig/ifconfig.h

sbin/ifconfig/ifconfig.8

sbin/ifconfig/ifconfig.c

Teach ifconfig to attach and run itself in a jail.
ClosedPublic
Actions

Revision Contents
Changeset List