Page MenuHomeFreeBSD

D48618.diff
No OneTemporary

D48618.diff

diff --git a/sbin/sysctl/Makefile b/sbin/sysctl/Makefile
--- a/sbin/sysctl/Makefile
+++ b/sbin/sysctl/Makefile
@@ -6,6 +6,11 @@
WARNS?= 3
MAN= sysctl.8
+.if ${MK_JAIL} != "no" && !defined(RESCUE)
+CFLAGS+= -DJAIL
+LIBADD+= jail
+.endif
+
HAS_TESTS=
SUBDIR.${MK_TESTS}+= tests
diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8
--- a/sbin/sysctl/sysctl.8
+++ b/sbin/sysctl/sysctl.8
@@ -28,7 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd January 23, 2025
+.Dd January 31, 2025
.Dt SYSCTL 8
.Os
.Sh NAME
@@ -36,12 +36,14 @@
.Nd get or set kernel state
.Sh SYNOPSIS
.Nm
+.Op Fl j Ar jail
.Op Fl bdeFhiJlNnoqTtVWx
.Op Fl B Ar bufsize
.Op Fl f Ar filename
.Ar name Ns Op = Ns Ar value Ns Op , Ns Ar value
.Ar ...
.Nm
+.Op Fl j Ar jail
.Op Fl bdeFhJlNnoqTtVWx
.Op Fl B Ar bufsize
.Fl a
@@ -103,6 +105,10 @@
.Nm
reads and processes the specified file first and then processes the name
and value pairs in the command line argument.
+Note that when the
+.Fl j Ar jail
+option is specified, the file will be opened before attaching to the jail and
+then be processed inside the jail.
.It Fl h
Format output for human, rather than machine, readability.
.It Fl i
@@ -113,6 +119,10 @@
are necessarily running exactly the same software) easier.
.It Fl J
Display only jail prision sysctl variables (CTLFLAG_PRISON).
+.It Fl j Ar jail
+Perform the actions inside the
+.Ar jail
+(by jail id or jail name).
.It Fl l
Show the length of variables along with their values.
This option cannot be combined with the
diff --git a/sbin/sysctl/sysctl.c b/sbin/sysctl/sysctl.c
--- a/sbin/sysctl/sysctl.c
+++ b/sbin/sysctl/sysctl.c
@@ -33,6 +33,9 @@
#include <sys/time.h>
#include <sys/resource.h>
#include <sys/stat.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
#include <sys/sysctl.h>
#include <sys/vmmeter.h>
#include <dev/evdev/input.h>
@@ -51,6 +54,9 @@
#include <err.h>
#include <errno.h>
#include <inttypes.h>
+#ifdef JAIL
+#include <jail.h>
+#endif
#include <locale.h>
#include <stdbool.h>
#include <stdio.h>
@@ -59,12 +65,16 @@
#include <sysexits.h>
#include <unistd.h>
+#ifdef JAIL
+static const char *jailname;
+#endif
static const char *conffile;
static int aflag, bflag, Bflag, dflag, eflag, hflag, iflag;
static int Nflag, nflag, oflag, qflag, tflag, Tflag, Wflag, xflag;
static bool Fflag, Jflag, lflag, Vflag;
+static void attach_jail(void);
static int oidfmt(int *, int, char *, u_int *);
static int parsefile(FILE *);
static int parse(const char *, int);
@@ -121,8 +131,8 @@
{
(void)fprintf(stderr, "%s\n%s\n",
- "usage: sysctl [-bdeFhiJlNnoqTtVWx] [ -B <bufsize> ] [-f filename] name[=value] ...",
- " sysctl [-bdeFhJlNnoqTtVWx] [ -B <bufsize> ] -a");
+ "usage: sysctl [-j jail] [-bdeFhiJlNnoqTtVWx] [ -B <bufsize> ] [-f filename] name[=value] ...",
+ " sysctl [-j jail] [-bdeFhJlNnoqTtVWx] [ -B <bufsize> ] -a");
exit(1);
}
@@ -137,7 +147,7 @@
setbuf(stdout,0);
setbuf(stderr,0);
- while ((ch = getopt(argc, argv, "AaB:bdeFf:hiJlNnoqTtVWwXx")) != -1) {
+ while ((ch = getopt(argc, argv, "AaB:bdeFf:hiJj:lNnoqTtVWwXx")) != -1) {
switch (ch) {
case 'A':
/* compatibility */
@@ -173,6 +183,14 @@
case 'J':
Jflag = true;
break;
+ case 'j':
+#ifdef JAIL
+ if ((jailname = optarg) == NULL)
+ usage();
+#else
+ errx(1, "not built with jail support");
+#endif
+ break;
case 'l':
lflag = true;
break;
@@ -222,8 +240,10 @@
/* TODO: few other combinations do not make sense but come back later */
if (Nflag && (lflag || nflag))
usage();
- if (aflag && argc == 0)
+ if (aflag && argc == 0) {
+ attach_jail();
exit(sysctl_all(NULL, 0));
+ }
if (argc == 0 && conffile == NULL)
usage();
@@ -231,6 +251,9 @@
file = fopen(conffile, "r");
if (file == NULL)
err(EX_NOINPUT, "%s", conffile);
+ }
+ attach_jail();
+ if (file != NULL) {
warncount += parsefile(file);
fclose(file);
}
@@ -241,6 +264,23 @@
return (warncount);
}
+static void
+attach_jail(void)
+{
+#ifdef JAIL
+ int jid;
+
+ if (jailname == NULL)
+ return;
+
+ jid = jail_getid(jailname);
+ if (jid == -1)
+ errx(1, "jail not found");
+ if (jail_attach(jid) != 0)
+ errx(1, "cannot attach to jail");
+#endif
+}
+
/*
* Parse a single numeric value, append it to 'newbuf', and update
* 'newsize'. Returns true if the value was parsed and false if the

File Metadata

Mime Type
text/plain
Expires
Thu, Jul 2, 7:15 AM (7 h, 47 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
34589495
Default Alt Text
D48618.diff (4 KB)

Event Timeline