History log of /freebsd-head/usr.sbin/jail/jailp.h
Revision Date Author Comments
7e81b085554811b11b372bec13d045335562364c 10-Nov-2018 eugen <eugen@FreeBSD.org> jail(8): introduce new command option -e to exhibit
a list of configured non-wildcard jails with their parameters,
no matter running or not.

The option -e takes separator argument that is used
to separate printed parameters. It will be used with following
additions to system periodic scripts to differentiate parts
of directory tree belonging jails as opposed to host's.

MFC after: 1 month
b5bdd5a3db74eb50e728be9d87cf31854ed11e91 16-Aug-2018 jamie <jamie@FreeBSD.org> security.jail.enforce_statfs is handled by jail_set(2), so handling it in
userspace jail(8) is redundant.

Differential Revision: D14791
42ccecb54bc6d2fd91950ba895e4ac88c7a08efd 15-Aug-2018 netchild <netchild@FreeBSD.org> - Add exec hook "exec.created". This is called when the jail is
created and before exec.start is called. [1]
- Bump __FreeBSD_version.

This allows to attach ZFS datasets and various other things to be
done before any command/service/rc-script is started in the new
jail.

PR: 228066 [1]
Reviewed by: jamie [1]
Submitted by: Stefan Grönke <stefan@gronke.net> [1]
Differential Revision: https://reviews.freebsd.org/D15330 [1]
7551d83c353e040b32c6ac205e577dbc5f2c8955 27-Nov-2017 pfg <pfg@FreeBSD.org> various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.
20a9e2385387eac2880c92072cc3507c169a0f59 17-Jul-2016 jamie <jamie@FreeBSD.org> MFC r302856:

Fix up the order in which jail creation processes are run, to preserve
the config file's order in the non-parallel-start case.

PR: 209112
0e8a4f4181ebe5a68743f390d0f98b3e7f773710 14-Jul-2016 jamie <jamie@FreeBSD.org> Fix up the order in which jail creation processes are run, to preserve
the config file's order in the non-parallel-start case.

PR: 209112
MFC after: 3 days
00d578928eca75be320b36d37543a7e2a4f9fbdb 27-May-2016 grehan <grehan@FreeBSD.org> Create branch for bhyve graphics import.
dc83b58bbee523b7400472f573a44887cbd0642a 07-Jan-2016 bdrewery <bdrewery@FreeBSD.org> MFC r289677:

Fix a ton of speelling errors
21a3003f8f5c49c0acbcb49462e5b221076076d0 21-Oct-2015 eadler <eadler@FreeBSD.org> Fix a ton of speelling errors

arc lint is helpful

Reviewed By: allanjude, wblock, #manpages, chris@bsdjunk.com
Differential Revision: https://reviews.freebsd.org/D3337
979a1cd315a9f7ff11c9f6fcf2b41562a5148425 23-Jul-2015 hrs <hrs@FreeBSD.org> MFC r285261, r285279:

- Fix offset calculation in variable substitution
in jail.conf. The following did not work correctly:

A="A_${B}_C_${D}"
B="BBBBB"
D="DDDD_${E}_FFFFF"
E="EEEEE"

- Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in
jail.conf parameters. This flag disallows redefinition of the parameter.

"name" and/or "jid" are automatically defined in jail.conf by using
the jail names at the front of jail parameter definitions. However,
one could override them by using a variable with the same name like
$name = "foo". This confused the parser and could end up with SIGSEGV.

Note that this change also affects a case when all of parameters are
defined in the command line arguments, not in jail.conf. Specifically,
"jail -c name=j1 name=j2" no longer works. This should be harmless.

Approved by: re (gjb)
6a6f4266c7bdb95f45b0f4822b0f7e176a775549 08-Jul-2015 hrs <hrs@FreeBSD.org> Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in
jail.conf parameters. This flag disallows redefinition of the parameter.

"name" and/or "jid" are automatically defined in jail.conf by using
the jail names at the front of jail parameter definitions. However,
one could override them by using a variable with the same name like
$name = "foo". This confused the parser and could end up with SIGSEGV.

Note that this change also affects a case when all of parameters are
defined in the command line arguments, not in jail.conf. Specifically,
"jail -c name=j1 name=j2" no longer works. This should be harmless.

PR: 196574
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D3017
f8ff07ebef14d8d87007863c4b3bfcf35f6b515f 10-Feb-2015 jamie <jamie@FreeBSD.org> MFC r278323:

Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.

Also fix a typo while I'm at it.

PR: 197237 197066
6064614ca50b8b6311bd60d1f85c0dcba8ef8954 06-Feb-2015 jamie <jamie@FreeBSD.org> Add mount.procfs jail parameter, so procfs can be mounted when a prison's
root is in its fstab.

Also fix a typo while I'm at it.

PR: 197237 197066
MFC after: 3 days
eb1a5f8de9f7ea602c373a710f531abbf81141c4 21-Feb-2014 gjb <gjb@FreeBSD.org> Move ^/user/gjb/hacking/release-embedded up one directory, and remove
^/user/gjb/hacking since this is likely to be merged to head/ soon.

Sponsored by: The FreeBSD Foundation
6b01bbf146ab195243a8e7d43bb11f8835c76af8 27-Dec-2013 gjb <gjb@FreeBSD.org> Copy head@r259933 -> user/gjb/hacking/release-embedded for initial
inclusion of (at least) arm builds with the release.

Sponsored by: The FreeBSD Foundation
2a6361507410ac1bd935b61f13d48c2512bb6cc3 12-Oct-2013 hrs <hrs@FreeBSD.org> MFC 256385:

- Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs. The mount happens just after
mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
fails to start.

Approved by: re (gjb)
513bdd96d7234f6f561d60a5f7956c040564278b 12-Oct-2013 hrs <hrs@FreeBSD.org> - Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs. The mount happens just after
mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
fails to start.

Approved by: re (gjb)
82d58114889a20fcd15b9f51da2e60600642ed77 28-Mar-2013 jamie <jamie@FreeBSD.org> Reverse the order of some implicit commands (FS mounts and ifconfigs)
when stopping jails. This matters particularly for nested filesystem
mounts.

PR: kern/177325
Submitted by: Harald Schmalzbauer
MFC after: 3 days
5ddbe53eac495d89b4eb26531ed3c615434c0146 28-May-2012 jamie <jamie@FreeBSD.org> When writing the jid via the -i flag, do it right when the jail is created,
before any commands run. /etc/rc.d/jail depends on this.
310ab6d7ff9b6ca4c8c1159bdd4eafd63aaf34ba 22-May-2012 bapt <bapt@FreeBSD.org> Fix world after byacc import:
- old yacc(1) use to magicially append stdlib.h, while new one don't
- new yacc(1) do declare yyparse by itself, fix redundant declaration of
'yyparse'

Approved by: des (mentor)
18b00ce05256ac1bef00083a0ce9a34fcb4c49a9 03-May-2012 jamie <jamie@FreeBSD.org> Add a meta-parameter IP__NULL to enum intparam, instead of mixing
enum values and zeroes. This keeps clang happy (and is just good form).

Submitted by: dim
6fe59c6c06d9b42a052d1fb76fdbd3237ffba98e 27-Feb-2012 jamie <jamie@FreeBSD.org> Use the defvs_ruleset paramater when mounting a jail's /dev,
instead of a mount.devfs.ruleset pseudo-parameter.
a85d762796e36a664734574599d8854c54db7479 08-Feb-2012 jamie <jamie@FreeBSD.org> Improvements in error messages:

Some errors printed the jail name for unnamed (command line) jails.

Attempting to create an already-existing jail from the command line
returned with no error (even for non-root) due to bad logic in
start_state.

Ignore kvm_proc errors, which are typically caused by permission
problems. Instead, stop ignoring permission errors when removing
a jail (but continue to silently ignore other errors, i.e. the
jail no longer existing). This makes non-root attempts at removing
a jail give a clearer error message.
6811668a5f8d31f9754803ba22ad926b39c67e0c 20-Jun-2011 jamie <jamie@FreeBSD.org> Following r222465:

Check for IPv4 or IPv6 to be available by the kernel to not
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.
b3870a12d7efae3649e1a6c7496069c521524a0b 18-Jun-2011 jamie <jamie@FreeBSD.org> Move the actual create/remove (IP__OP) handling into run_command,
and the cost of an ugly single-use global variable.
8d425bfde2c0af68087f5784ac994ac5d316a375 17-Jun-2011 jamie <jamie@FreeBSD.org> Update copyright dates and other whitespacey stuff.
bf5da8413e8633aec301ea33b6698aa264e91927 17-Jun-2011 jamie <jamie@FreeBSD.org> Split run_command up into an outer function (next_command) that chooses
a single command string to run, and an inner function (run_command) that
runs that single string.
Move the list of start/stop commands to run from a switch statement into
an array, with a new placeholder parameter IP__OP for actually creating
or removing the jail.
When jail creation fails, revert all non-exec commands in reverse order.
0e5ec9dce0b4f9791252ba22064fb407dc733ff9 17-Jun-2011 jamie <jamie@FreeBSD.org> Change cfstrings from an STAILQ into a TAILQ to allow commands to be
traversed in reverse order.
3a156b82bb5985e9c61a72da436b8f7ccc2c9b24 10-Dec-2010 jamie <jamie@FreeBSD.org> run_command (mostly) cleanup:

Make the parallelism limit a global instead of always passing it
to run_command and finish_command.
In the case of an empty command string, try to run any other strings
the command may have.
Replace JF_BACKGROUND with its sort-of opposite JF_SLEEPQ.
Change j->comstring earlier to render JF_RUNQ unncessary.
Change the if-else series to a more readable switch statement.
Treat IP_STOP_TIMEOUT like a command, calling run_command which then
calls term_procs.
When the IP_STOP_TIMEOUT "command" finishes, it shouldn't mess with
the parallelism limit.
Make sufficient checks in finish_command and run_command so that
the nonintuitive j->comstring null check isn't necessary to run them.
Rename the "waiting" queue to "depend", because the "sleeping" and
"runnable" queues are also used to wait for something.
85767896da1c52300de322e3fc4f29fe9b7e4413 04-Nov-2010 jamie <jamie@FreeBSD.org> Reads the mount.fstab file, and put its lines separately into the
IP__MOUNT_FROM_FSTAB internal parameter.
94aa5f72213aae7248f78420b16afc320dd93e4b 01-Nov-2010 jamie <jamie@FreeBSD.org> Combine check_intparams() and ip_params(), JF_CHECKINT and JF_IPPARAMS.
235aefe21957ecc7c526a419943418bbb1248f11 27-Oct-2010 jamie <jamie@FreeBSD.org> Keep all internal/known parameter names in one place, and use
enum constants everywhere else.
3b31921eb1179730750d3f91afe80cd48a49aa95 20-Oct-2010 jamie <jamie@FreeBSD.org> Initial work on the new jail(8). There are more features to add, and some
cleaning up to do on existing features, but this is pretty much what the
final product will look like.