Copy stable/10@r272459 to releng/10.1 as part of
the 10.1-RELEASE process.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

MFC r269522

Added support for extra ifconfig args to jail ip4.addr & ip6.addr params

This allows for CARP interfaces to be used in jails e.g.
ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100"

r269340 will not be MFC'ed as mentioned due to the slim window and the
amount of additional commits required to support it.

Sponsored by: Multiplay

MFC 256385:

- Add mount.fdescfs parameter to jail(8). This is similar to
mount.devfs but mounts fdescfs. The mount happens just after
mount.devfs.

- rc.d/jail now displays whole error message from jail(8) when a jail
fails to start.

Approved by: re (gjb)

Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Reverse the order of some implicit commands (FS mounts and ifconfigs)
when stopping jails. This matters particularly for nested filesystem
mounts.

PR: kern/177325
Submitted by: Harald Schmalzbauer
MFC after: 3 days

Handle (ignore) when a process disappears before it can be tracked.

When writing the jid via the -i flag, do it right when the jail is created,
before any commands run. /etc/rc.d/jail depends on this.

Don't try to set a null TERM environment.

Submitted by: Mateusz Guzik <mjguzik gmail.com>

Add a meta-parameter IP__NULL to enum intparam, instead of mixing
enum values and zeroes. This keeps clang happy (and is just good form).

Submitted by: dim

A new jail(8) with a configuration file, ultimately to replace the work
currently done by /etc/rc.d/jail.

MFC after: 3 months

Use the defvs_ruleset paramater when mounting a jail's /dev,
instead of a mount.devfs.ruleset pseudo-parameter.

Improvements in error messages:

Some errors printed the jail name for unnamed (command line) jails.

Attempting to create an already-existing jail from the command line
returned with no error (even for non-root) due to bad logic in
start_state.

Ignore kvm_proc errors, which are typically caused by permission
problems. Instead, stop ignoring permission errors when removing
a jail (but continue to silently ignore other errors, i.e. the
jail no longer existing). This makes non-root attempts at removing
a jail give a clearer error message.

Don't report errors for the exit status of processes that are killed
as part of jail removal (IP_STOP_TIMEOUT).

Note a jail as "removed" even if it wasn't jail_remove() that did
the deed, e.g. if it already went away because all its processes
were killed.

Advance to the next command before running anything, so errors found in
finish_command can be processed properly.
Call failed() once in next_command() instead of multiple times in
run_command().
Continue processing commands when a no-wait operation (IP__OP or background
command) succeeds.

Fix a couple of NULL dereferences.

Following r222465:

Check for IPv4 or IPv6 to be available by the kernel to not
provoke errors trying to query options not available.
Make it possible to compile out INET or INET6 only parts.

Linty stuff.

Move the actual create/remove (IP__OP) handling into run_command,
and the cost of an ugly single-use global variable.

Update copyright dates and other whitespacey stuff.

Split run_command up into an outer function (next_command) that chooses
a single command string to run, and an inner function (run_command) that
runs that single string.
Move the list of start/stop commands to run from a switch statement into
an array, with a new placeholder parameter IP__OP for actually creating
or removing the jail.
When jail creation fails, revert all non-exec commands in reverse order.

Change cfstrings from an STAILQ into a TAILQ to allow commands to be
traversed in reverse order.

run_command (mostly) cleanup:

Make the parallelism limit a global instead of always passing it
to run_command and finish_command.
In the case of an empty command string, try to run any other strings
the command may have.
Replace JF_BACKGROUND with its sort-of opposite JF_SLEEPQ.
Change j->comstring earlier to render JF_RUNQ unncessary.
Change the if-else series to a more readable switch statement.
Treat IP_STOP_TIMEOUT like a command, calling run_command which then
calls term_procs.
When the IP_STOP_TIMEOUT "command" finishes, it shouldn't mess with
the parallelism limit.
Make sufficient checks in finish_command and run_command so that
the nonintuitive j->comstring null check isn't necessary to run them.
Rename the "waiting" queue to "depend", because the "sleeping" and
"runnable" queues are also used to wait for something.

Check unmounts for a mount point of the right FS type.

Check paths for security:
path must be absolute.
mount paths must exist and have no symlinks beyond the jail's path itself.
consolelog must exist (apart from the final component) and have no
symlinks beyond the jail's path itself.

Reads the mount.fstab file, and put its lines separately into the
IP__MOUNT_FROM_FSTAB internal parameter.

Initial work on the new jail(8). There are more features to add, and some
cleaning up to do on existing features, but this is pretty much what the
final product will look like.