Page MenuHomeFreeBSD
Files F146595107

D48618.id150094.diff
No OneTemporary
Actions

D48618.id150094.diff
View Options

diff --git a/sbin/sysctl/Makefile b/sbin/sysctl/Makefile
--- a/sbin/sysctl/Makefile
+++ b/sbin/sysctl/Makefile
@@ -6,6 +6,11 @@
WARNS?= 3
MAN= sysctl.8
+.if ${MK_JAIL} != "no" && !defined(RESCUE)
+CFLAGS+= -DJAIL
+LIBADD+= jail
+.endif
+
HAS_TESTS=
SUBDIR.${MK_TESTS}+= tests
diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -28,7 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd January 23, 2025
+.Dd January 29, 2025
.Dt SYSCTL 8
.Os
.Sh NAME
@@ -36,12 +36,14 @@
.Nd get or set kernel state
.Sh SYNOPSIS
.Nm
+.Op Fl j Ar jail
.Op Fl bdeFhiJlNnoqTtVWx
.Op Fl B Ar bufsize
.Op Fl f Ar filename
.Ar name Ns Op = Ns Ar value Ns Op , Ns Ar value
.Ar ...
.Nm
+.Op Fl j Ar jail
.Op Fl bdeFhJlNnoqTtVWx
.Op Fl B Ar bufsize
.Fl a
@@ -102,7 +104,8 @@
Specify a file which contains a pair of name and value in each line.
.Nm
reads and processes the specified file first and then processes the name
-and value pairs in the command line argument.
+and value pairs in the command line argument. Note that the file will be read
+before attaching to a jail and then be processed inside the jail.
.It Fl h
Format output for human, rather than machine, readability.
.It Fl i
@@ -113,6 +116,10 @@
are necessarily running exactly the same software) easier.
.It Fl J
Display only jail prision sysctl variables (CTLFLAG_PRISON).
+.It Fl j Ar jail
+Perform the actions inside the
+.Ar jail
+(by jail id or jail name).
.It Fl l
Show the length of variables along with their values.
This option cannot be combined with the
diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c
--- a/sbin/sysctl/sysctl.c
+++ b/sbin/sysctl/sysctl.c
@@ -33,6 +33,9 @@
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/stat.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
#include <sys/sysctl.h>
#include <sys/vmmeter.h>
#include <dev/evdev/input.h>
@@ -51,6 +54,9 @@
#include <err.h>
#include <errno.h>
#include <inttypes.h>
+#ifdef JAIL
+#include <jail.h>
+#endif
#include <locale.h>
#include <stdbool.h>
#include <stdio.h>
@@ -59,12 +65,16 @@
#include <sysexits.h>
#include <unistd.h>
+#ifdef JAIL
+static const char *jailname;
+#endif
static const char *conffile;
static int aflag, bflag, Bflag, dflag, eflag, hflag, iflag;
static int Nflag, nflag, oflag, qflag, tflag, Tflag, Wflag, xflag;
static bool Fflag, Jflag, lflag, Vflag;
+static void attach_jail(void);
static int oidfmt(int *, int, char *, u_int *);
static int parsefile(const char *);
static int parse(const char *, int);
@@ -121,8 +131,8 @@
{
(void)fprintf(stderr, "%s\n%s\n",
- "usage: sysctl [-bdeFhiJlNnoqTtVWx] [ -B <bufsize> ] [-f filename] name[=value] ...",
- " sysctl [-bdeFhJlNnoqTtVWx] [ -B <bufsize> ] -a");
+ "usage: sysctl [-j jail] [-bdeFhiJlNnoqTtVWx] [ -B <bufsize> ] [-f filename] name[=value] ...",
+ " sysctl [-j jail] [-bdeFhJlNnoqTtVWx] [ -B <bufsize> ] -a");
exit(1);
}
@@ -136,7 +146,7 @@
setbuf(stdout,0);
setbuf(stderr,0);
- while ((ch = getopt(argc, argv, "AaB:bdeFf:hiJlNnoqTtVWwXx")) != -1) {
+ while ((ch = getopt(argc, argv, "AaB:bdeFf:hiJj:lNnoqTtVWwXx")) != -1) {
switch (ch) {
case 'A':
/* compatibility */
@@ -172,6 +182,14 @@
case 'J':
Jflag = true;
break;
+ case 'j':
+#ifdef JAIL
+ if ((jailname = optarg) == NULL)
+ usage();
+#else
+ errx(1, "not built with jail support");
+#endif
+ break;
case 'l':
lflag = true;
break;
@@ -221,13 +239,17 @@
/* TODO: few other combinations do not make sense but come back later */
if (Nflag && (lflag || nflag))
usage();
- if (aflag && argc == 0)
+ if (aflag && argc == 0) {
+ attach_jail();
exit(sysctl_all(NULL, 0));
+ }
if (argc == 0 && conffile == NULL)
usage();
if (conffile != NULL)
warncount += parsefile(conffile);
+ else
+ attach_jail();
while (argc-- > 0)
warncount += parse(*argv++, 0);
@@ -235,6 +257,23 @@
return (warncount);
}
+static void
+attach_jail(void)
+{
+#ifdef JAIL
+ int jid;
+
+ if (jailname == NULL)
+ return;
+
+ jid = jail_getid(jailname);
+ if (jid == -1)
+ errx(1, "jail not found");
+ if (jail_attach(jid) != 0)
+ errx(1, "cannot attach to jail");
+#endif
+}
+
/*
* Parse a single numeric value, append it to 'newbuf', and update
* 'newsize'. Returns true if the value was parsed and false if the
@@ -577,6 +616,8 @@
file = fopen(filename, "r");
if (file == NULL)
err(EX_NOINPUT, "%s", filename);
+
+ attach_jail();
while (fgets(line, sizeof(line), file) != NULL) {
lineno++;
p = line;

File Metadata

Mime Type
text/plain
Expires
Wed, Mar 4, 11:05 PM (2 h, 15 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29259910
Default Alt Text
D48618.id150094.diff (4 KB)

Event Timeline