D16047.id44578.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D16047.id44578.diff
View Options

	Index: lib/libugidfw/ugidfw.c
	===================================================================
	--- lib/libugidfw/ugidfw.c
	+++ lib/libugidfw/ugidfw.c
	@@ -34,9 +34,11 @@
	*/
	#include <sys/param.h>
	#include <sys/errno.h>
	+#include <sys/jail.h>
	#include <sys/time.h>
	#include <sys/sysctl.h>
	#include <sys/ucred.h>
	+#include <sys/uio.h>
	#include <sys/mount.h>

	#include <security/mac_bsdextended/mac_bsdextended.h>
	@@ -600,16 +602,45 @@
	}

	static int
	+bsde_get_jailid(const char name, size_t buflen, char errstr)
	+{
	+ char *ep;
	+ int jid;
	+ struct iovec jiov[4];
	+
	+ /* Copy jail_getid(3) instead of messing with library dependancies */
	+ jid = strtoul(name, &ep, 10);
	+ if (name && !ep)
	+ return jid;
	+ jiov[0].iov_base = __DECONST(char *, "name");
	+ jiov[0].iov_len = sizeof("name");
	+ jiov[1].iov_len = strlen(name) + 1;
	+ jiov[1].iov_base = alloca(jiov[1].iov_len);
	+ strcpy(jiov[1].iov_base, name);
	+ if (errstr && buflen) {
	+ jiov[2].iov_base = __DECONST(char *, "errmsg");
	+ jiov[2].iov_len = sizeof("errmsg");
	+ jiov[3].iov_base = errstr;
	+ jiov[3].iov_len = buflen;
	+ errstr[0] = 0;
	+ jid = jail_get(jiov, 4, 0);
	+ if (jid < 0 && !errstr[0])
	+ snprintf(errstr, buflen, "jail_get: %s",
	+ strerror(errno));
	+ } else
	+ jid = jail_get(jiov, 2, 0);
	+ return jid;
	+}
	+
	+static int
	bsde_parse_subject(int argc, char *argv[],
	struct mac_bsdextended_subject subject, size_t buflen, char errstr)
	{
	int not_seen, flags;
	int current, neg, nextnot;
	- char *endp;
	uid_t uid_min, uid_max;
	gid_t gid_min, gid_max;
	int jid = 0;
	- long value;

	current = 0;
	flags = 0;
	@@ -668,13 +699,9 @@
	snprintf(errstr, buflen, "one jail only");
	return (-1);
	}
	- value = strtol(argv[current+1], &endp, 10);
	- if (*endp != '\0') {
	- snprintf(errstr, buflen, "invalid jid: '%s'",
	- argv[current+1]);
	+ jid = bsde_get_jailid(argv[current+1], buflen, errstr);
	+ if (jid < 0)
	return (-1);
	- }
	- jid = value;
	flags \|= MBS_PRISON_DEFINED;
	if (nextnot) {
	neg ^= MBS_PRISON_DEFINED;
	Index: sbin/ipfw/Makefile
	===================================================================
	--- sbin/ipfw/Makefile
	+++ sbin/ipfw/Makefile
	@@ -13,7 +13,7 @@
	CFLAGS+=-DPF
	.endif

	-LIBADD= util
	+LIBADD= jail util
	MAN= ipfw.8

	.include <bsd.prog.mk>
	Index: sbin/ipfw/ipfw.8
	===================================================================
	--- sbin/ipfw/ipfw.8
	+++ sbin/ipfw/ipfw.8
	@@ -1,7 +1,7 @@
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd May 9, 2018
	+.Dd June 26, 2018
	.Dt IPFW 8
	.Os
	.Sh NAME
	@@ -1535,10 +1535,10 @@
	A
	.Ar group
	may be specified by name or number.
	-.It Cm jail Ar prisonID
	+.It Cm jail Ar prison
	Matches all TCP or UDP packets sent by or received for the
	-jail whos prison ID is
	-.Ar prisonID .
	+jail whos prison ID or name is
	+.Ar prison .
	.It Cm icmptypes Ar types
	Matches ICMP packets whose ICMP type is in the list
	.Ar types .
	Index: sbin/ipfw/ipfw2.c
	===================================================================
	--- sbin/ipfw/ipfw2.c
	+++ sbin/ipfw/ipfw2.c
	@@ -32,6 +32,7 @@
	#include <err.h>
	#include <errno.h>
	#include <grp.h>
	+#include <jail.h>
	#include <netdb.h>
	#include <pwd.h>
	#include <stdio.h>
	@@ -4581,13 +4582,12 @@
	case TOK_JAIL:
	NEED1("jail requires argument");
	{
	- char *end;
	int jid;

	cmd->opcode = O_JAIL;
	- jid = (int)strtol(*av, &end, 0);
	- if (jid < 0 \|\| *end != '\0')
	- errx(EX_DATAERR, "jail requires prison ID");
	+ jid = jail_getid(*av);
	+ if (jid < 0)
	+ errx(EX_DATAERR, "%s", jail_errmsg);
	cmd32->d[0] = (uint32_t)jid;
	cmd->len \|= F_INSN_SIZE(ipfw_insn_u32);
	av++;
	Index: usr.bin/cpuset/Makefile
	===================================================================
	--- usr.bin/cpuset/Makefile
	+++ usr.bin/cpuset/Makefile
	@@ -2,4 +2,6 @@

	PROG= cpuset

	+LIBADD= jail
	+
	.include <bsd.prog.mk>
	Index: usr.bin/cpuset/cpuset.1
	===================================================================
	--- usr.bin/cpuset/cpuset.1
	+++ usr.bin/cpuset/cpuset.1
	@@ -25,7 +25,7 @@
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd February 26, 2018
	+.Dd June 26, 2018
	.Dt CPUSET 1
	.Os
	.Sh NAME
	@@ -56,7 +56,7 @@
	.Nm
	.Fl g
	.Op Fl cir
	-.Op Fl d Ar domain \| Fl j Ar jailid \| Fl p Ar pid \| Fl t Ar tid \| Fl s Ar setid \| Fl x Ar irq
	+.Op Fl d Ar domain \| Fl j Ar jail \| Fl p Ar pid \| Fl t Ar tid \| Fl s Ar setid \| Fl x Ar irq
	.Sh DESCRIPTION
	The
	.Nm
	@@ -68,7 +68,7 @@
	.Nm
	requires a target to modify or query.
	The target may be specified as a command, process id, thread id, a
	-cpuset id, an irq, a jail id, or a NUMA domain.
	+cpuset id, an irq, a jail, or a NUMA domain.
	Using
	.Fl g
	the target's set id or mask may be queried.
	@@ -136,8 +136,8 @@
	When used with the
	.Fl g
	option print the id rather than the valid mask of the target.
	-.It Fl j Ar jailid
	-Specifies a jail id as the target of the operation.
	+.It Fl j Ar jail
	+Specifies a jail id or name as the target of the operation.
	.It Fl l Ar cpu-list
	Specifies a list of CPUs to apply to a target.
	Specification may include
	Index: usr.bin/cpuset/cpuset.c
	===================================================================
	--- usr.bin/cpuset/cpuset.c
	+++ usr.bin/cpuset/cpuset.c
	@@ -42,6 +42,7 @@
	#include <ctype.h>
	#include <err.h>
	#include <errno.h>
	+#include <jail.h>
	#include <limits.h>
	#include <stdio.h>
	#include <stdlib.h>
	@@ -320,7 +321,9 @@
	case 'j':
	jflag = 1;
	which = CPU_WHICH_JAIL;
	- id = atoi(optarg);
	+ id = jail_getid(optarg);
	+ if (id < 0)
	+ errx(EXIT_FAILURE, "%s", jail_errmsg);
	break;
	case 'l':
	lflag = 1;
	Index: usr.bin/sockstat/Makefile
	===================================================================
	--- usr.bin/sockstat/Makefile
	+++ usr.bin/sockstat/Makefile
	@@ -2,4 +2,6 @@

	PROG= sockstat

	+LIBADD= jail
	+
	.include <bsd.prog.mk>
	Index: usr.bin/sockstat/sockstat.1
	===================================================================
	--- usr.bin/sockstat/sockstat.1
	+++ usr.bin/sockstat/sockstat.1
	@@ -27,7 +27,7 @@
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd January 23, 2018
	+.Dd June 26, 2018
	.Dt SOCKSTAT 1
	.Os
	.Sh NAME
	@@ -58,8 +58,8 @@
	(IPv6) sockets.
	.It Fl c
	Show connected sockets.
	-.It Fl j Ar jid
	-Show only sockets belonging to the specified jail ID.
	+.It Fl j Ar jail
	+Show only sockets belonging to the specified jail ID or name.
	.It Fl L
	Only show Internet sockets if the local and foreign addresses are not
	in the loopback network prefix
	Index: usr.bin/sockstat/sockstat.c
	===================================================================
	--- usr.bin/sockstat/sockstat.c
	+++ usr.bin/sockstat/sockstat.c
	@@ -57,6 +57,7 @@
	#include <ctype.h>
	#include <err.h>
	#include <errno.h>
	+#include <jail.h>
	#include <netdb.h>
	#include <pwd.h>
	#include <stdarg.h>
	@@ -1263,7 +1264,9 @@
	opt_c = 1;
	break;
	case 'j':
	- opt_j = atoi(optarg);
	+ opt_j = jail_getid(optarg);
	+ if (opt_j < 0)
	+ errx(1, "%s", jail_errmsg);
	break;
	case 'L':
	opt_L = 1;

File Metadata

Mime Type: text/plain
Expires: Tue, Mar 17, 5:12 PM (15 h, 35 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 29836087
Default Alt Text: D16047.id44578.diff (6 KB)

D16047.id44578.diffNo OneTemporaryActions

D16047.id44578.diffView Options

File Metadata

Event Timeline

D16047.id44578.diff
No OneTemporary
Actions

D16047.id44578.diff
View Options