diff --git a/usr.sbin/ngctl/Makefile b/usr.sbin/ngctl/Makefile --- a/usr.sbin/ngctl/Makefile +++ b/usr.sbin/ngctl/Makefile @@ -13,4 +13,9 @@ CFLAGS+= -DEDITLINE LIBADD+= edit pthread +.if ${MK_JAIL} != "no" +CFLAGS+= -DJAIL +LIBADD+= jail +.endif + .include diff --git a/usr.sbin/ngctl/main.c b/usr.sbin/ngctl/main.c --- a/usr.sbin/ngctl/main.c +++ b/usr.sbin/ngctl/main.c @@ -55,6 +55,10 @@ #include #include #endif +#ifdef JAIL +#include +#include +#endif #include @@ -137,16 +141,17 @@ int main(int ac, char *av[]) { - char name[NG_NODESIZ]; - int interactive = isatty(0) && isatty(1); - FILE *fp = NULL; - int ch, rtn = 0; + char name[NG_NODESIZ]; + int interactive = isatty(0) && isatty(1); + FILE *fp = NULL; + const char *jail_name = NULL; + int ch, rtn = 0; /* Set default node name */ snprintf(name, sizeof(name), "ngctl%d", getpid()); /* Parse command line */ - while ((ch = getopt(ac, av, "df:n:")) != -1) { + while ((ch = getopt(ac, av, "df:j:n:")) != -1) { switch (ch) { case 'd': NgSetDebug(NgSetDebug(-1) + 1); @@ -157,18 +162,37 @@ else if ((fp = fopen(optarg, "r")) == NULL) err(EX_NOINPUT, "%s", optarg); break; + case 'j': +#ifdef JAIL + if ((jail_name = optarg) == NULL) + Usage(NULL); +#else + errx(EX_UNAVAILABLE, "not built with jail support"); +#endif + break; case 'n': snprintf(name, sizeof(name), "%s", optarg); break; case '?': default: - Usage((char *)NULL); + Usage(NULL); break; } } ac -= optind; av += optind; + if (jail_name != NULL) { + int jid = jail_getid(jail_name); + + if (jid == -1) + errx((errno == EPERM) ? EX_NOPERM : EX_NOHOST, + "%s", jail_errmsg); + if (jail_attach(jid) != 0) + errx((errno == EPERM) ? EX_NOPERM : EX_OSERR, + "cannot attach to jail"); + } + /* Create a new socket node */ if (NgMkSockNode(name, &csock, &dsock) < 0) err(EX_OSERR, "can't create node"); @@ -657,6 +681,7 @@ if (msg) warnx("%s", msg); fprintf(stderr, - "usage: ngctl [-d] [-f file] [-n name] [command ...]\n"); + "usage: ngctl [-j jail] [-d] [-f filename] [-n nodename] " + "[command [argument ...]]\n"); exit(EX_USAGE); } diff --git a/usr.sbin/ngctl/ngctl.8 b/usr.sbin/ngctl/ngctl.8 --- a/usr.sbin/ngctl/ngctl.8 +++ b/usr.sbin/ngctl/ngctl.8 @@ -39,10 +39,11 @@ .Nd netgraph control utility .Sh SYNOPSIS .Nm +.Op Fl j Ar jail .Op Fl d .Op Fl f Ar filename .Op Fl n Ar nodename -.Op Ar command ... +.Op Ar command Op Ns Ar argument ... .Sh DESCRIPTION The .Nm @@ -73,12 +74,32 @@ .Pp The options are as follows: .Bl -tag -width indent -.It Fl f Ar nodeinfo +.It Fl f Ar filename Read commands from the named file. A single dash represents the standard input. Blank lines and lines starting with a .Dq # are ignored. +Note that when the +.Fl j Ar jail +option is specified, the file will be opened before attaching to the jail and +then be processed inside the jail. +.It Fl j Ar jail +Perform the actions inside the +.Ar jail . +.Pp +The +.Cm ngctl +will first attach to the +.Ar jail +(by jail id or jail name) before performing the effects. +.Pp +This allows netgraph nodes of +.Ar jail +to be created, modified, and destroyed even if the +.Cm ngctl +binary is not available in +.Ar jail . .It Fl n Ar nodename Assign .Em nodename