#
e0dfe185 |
|
17-Jan-2024 |
Alexander Leidinger <netchild@FreeBSD.org> |
jail(8): add support for ZFS datasets Add zfs.dataset to jail(8) to add a list of ZFS datasets. Bump FreeBSD version for jail managers to switch to native dataset support. Datasets are attached to the jail after the jail creation and before the execution of any start command. Unlike current implementations in jail managers which attach datasets after the start command, this allows the zfs rc.d script to mount the datasets on start. Discussed with: jamie
|
#
4d65a7c6 |
|
24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
usr.sbin: Automated cleanup of cdefs and other formatting Apply the following automated changes to try to eliminate no-longer-needed sys/cdefs.h includes as well as now-empty blank lines in a row. Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/ Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/ Remove /\n+#if.*\n#endif.*\n+/ Remove /^#if.*\n#endif.*\n/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/ Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/ Sponsored by: Netflix
|
#
1d386b48 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
#
e82a6294 |
|
06-Jun-2023 |
Jamie Gritton <jamie@FreeBSD.org> |
jail: add ".include" directive to jail.conf Jail config files can now include literal filenames and file globs. They can not (yet) include files based on variables/parameters.
|
#
086e0149 |
|
03-Jun-2023 |
Jamie Gritton <jamie@FreeBSD.org> |
jail: Use re-entrant versions of lex & yacc, and lex's yylineno
|
#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
5bf6dca2 |
|
18-Jun-2021 |
Jamie Gritton <jamie@FreeBSD.org> |
jail: Don't allow substitution of valueless jail parameters. PR: 256544 Reported by: cryptogranny at gmail.com
|
#
0eb6603f |
|
27-Aug-2020 |
Jamie Gritton <jamie@FreeBSD.org> |
Disregard jails in jail.conf that have bad parameters (parameter/variable clash, or redefining name/jid). The current behvaior, of merely warning and moving on, can lead to unexpected behavior when a jail is created without the offending parameter defined at all.
|
#
bb4ec289 |
|
26-Aug-2020 |
Jamie Gritton <jamie@FreeBSD.org> |
Don't allow jail.conf variables to have the same names as jail parameters. It was already not allowed in many cases, but crashed instead of giving an error. PR: 248444
|
#
48c376a6 |
|
26-Aug-2020 |
Jamie Gritton <jamie@FreeBSD.org> |
Back out r364791 to unbreak jails. Lesson learned: "compile and test" means running the test on the same executable that you just compiled. PR: 248444 Pointy hat to: jamie
|
#
177b077e |
|
25-Aug-2020 |
Jamie Gritton <jamie@FreeBSD.org> |
Handle jail.conf variables that have the same names as parameters. PR: 248444 Submitted by: Akos Somfai Reported by: Markus Stoff
|
#
66005c45 |
|
14-May-2020 |
Ryan Moeller <freqlabs@FreeBSD.org> |
jail: Add exec.prepare and exec.release command hooks This change introduces new jail command hooks that run before and after any other actions. The exec.prepare hook can be used for example to invoke a script that checks if the jail's root exists, creating it if it does not. Since arbitrary variables in jail.conf can be passed to the command, it can be pretty useful for templating jails. An example use case for exec.release would be to remove the filesystem of an ephemeral jail. The names "prepare" and "release" are borrowed from the names of similar hooks in libvirt. Reviewed by: jamie, manpages, mmacy Approved by: mmacy (mentor) MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D24829
|
#
3a142cd1 |
|
01-Apr-2020 |
Andrew Turner <andrew@FreeBSD.org> |
Use memmove to copy within a buffer jail(8) would try to use strcpy to remove the interface from the start of an IP address. This is undefined, and on arm64 will result in unexpected IPv6 addresses. Fix this by using memmove top move the string. PR: 245102 Reported by: sbruno MFC after: 2 weeks Sponsored by: Innovate UK
|
#
07ebf3dd |
|
16-Aug-2018 |
Jamie Gritton <jamie@FreeBSD.org> |
security.jail.enforce_statfs is handled by jail_set(2), so handling it in userspace jail(8) is redundant. Differential Revision: D14791
|
#
f6c0e63b |
|
15-Aug-2018 |
Alexander Leidinger <netchild@FreeBSD.org> |
- Add exec hook "exec.created". This is called when the jail is created and before exec.start is called. [1] - Bump __FreeBSD_version. This allows to attach ZFS datasets and various other things to be done before any command/service/rc-script is started in the new jail. PR: 228066 [1] Reviewed by: jamie [1] Submitted by: Stefan Grönke <stefan@gronke.net> [1] Differential Revision: https://reviews.freebsd.org/D15330 [1]
|
#
1de7b4b8 |
|
27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
various: general adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. No functional change intended.
|
#
5160b6a7 |
|
16-Jan-2016 |
Jamie Gritton <jamie@FreeBSD.org> |
Don't bother checking an ip[46].addr netmask/prefixlen. This is already handled by ifconfig, and it was doing it wrong when the paramater included extra ifconfig options. PR: 205926 MFC after: 5 days
|
#
64bb8a38 |
|
08-Jul-2015 |
Hiroki Sato <hrs@FreeBSD.org> |
Implement PF_IMMUTABLE flag and apply it to "name" and "jid" in jail.conf parameters. This flag disallows redefinition of the parameter. "name" and/or "jid" are automatically defined in jail.conf by using the jail names at the front of jail parameter definitions. However, one could override them by using a variable with the same name like $name = "foo". This confused the parser and could end up with SIGSEGV. Note that this change also affects a case when all of parameters are defined in the command line arguments, not in jail.conf. Specifically, "jail -c name=j1 name=j2" no longer works. This should be harmless. PR: 196574 Reviewed by: jamie Differential Revision: https://reviews.freebsd.org/D3017
|
#
882efc9a |
|
07-Jul-2015 |
Hiroki Sato <hrs@FreeBSD.org> |
Fix offset calculation in variable substitution in jail.conf. The following did not work correctly: A="A_${B}_C_${D}" B="BBBBB" D="DDDD_${E}_FFFFF" E="EEEEE" PR: 189139 Reviewed by: jamie Differential Revision: https://reviews.freebsd.org/D3018
|
#
07a7869f |
|
06-Feb-2015 |
Jamie Gritton <jamie@FreeBSD.org> |
Add mount.procfs jail parameter, so procfs can be mounted when a prison's root is in its fstab. Also fix a typo while I'm at it. PR: 197237 197066 MFC after: 3 days
|
#
b22b6abd |
|
04-Aug-2014 |
Steven Hartland <smh@FreeBSD.org> |
Added support for extra ifconfig args to jail ip4.addr & ip6.addr params This allows for CARP interfaces to be used in jails e.g. ip4.addr = "em0|10.10.1.20/32 vhid 1 pass MyPass advskew 100" Before this change using exec.prestart to configure a CARP address would result in the wrong MAC being broadcast on startup as jail creates IP aliases to support ip[4|6].addr before exec.prestart is executed. PR: 191832 Reviewed by: jamie MFC after: 1 week X-MFC-With: r269340 Phabric: D528 Sponsored by: Multiplay
|
#
fbd868c9 |
|
12-Oct-2013 |
Hiroki Sato <hrs@FreeBSD.org> |
- Add mount.fdescfs parameter to jail(8). This is similar to mount.devfs but mounts fdescfs. The mount happens just after mount.devfs. - rc.d/jail now displays whole error message from jail(8) when a jail fails to start. Approved by: re (gjb)
|
#
bea2eefc |
|
28-Mar-2013 |
Jamie Gritton <jamie@FreeBSD.org> |
Reverse the order of some implicit commands (FS mounts and ifconfigs) when stopping jails. This matters particularly for nested filesystem mounts. PR: kern/177325 Submitted by: Harald Schmalzbauer MFC after: 3 days
|
#
01591cd5 |
|
04-Oct-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Move properly to the next parameter when jailparam_init fails (i.e. on an unknown parameter), to avoid freeing bogus pointers.
|
#
e9322de8 |
|
23-Aug-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Partially roll back r239601 - keep parameter strings both length-delimited and null-terminated at the same time, because they're later passed to libjail as null-terminated. That means I also need to add a nul byte when comma-combining array parameters. MFC after: 6 days
|
#
2b4f1090 |
|
22-Aug-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Remember that I'm using length-defined strings in parameters: Remove a bogus null terminator when stripping the netmask from IP addresses. This was causing later addresses in a comma-separated string to disappear. Use memcpy instead of strcpy. This could just cause Bad Things. PR: 170832 MFC after: 1 week
|
#
5e2a209a |
|
22-May-2012 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Fix world after byacc import: - old yacc(1) use to magicially append stdlib.h, while new one don't - new yacc(1) do declare yyparse by itself, fix redundant declaration of 'yyparse' Approved by: des (mentor)
|
#
6fcbac3c |
|
03-May-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Add a meta-parameter IP__NULL to enum intparam, instead of mixing enum values and zeroes. This keeps clang happy (and is just good form). Submitted by: dim
|
#
0c4d49e9 |
|
27-Feb-2012 |
Jamie Gritton <jamie@FreeBSD.org> |
Use the defvs_ruleset paramater when mounting a jail's /dev, instead of a mount.devfs.ruleset pseudo-parameter.
|
#
5fb611c2 |
|
20-Jun-2011 |
Jamie Gritton <jamie@FreeBSD.org> |
Following r222465: Check for IPv4 or IPv6 to be available by the kernel to not provoke errors trying to query options not available. Make it possible to compile out INET or INET6 only parts.
|
#
e16fb8fb |
|
20-Jun-2011 |
Jamie Gritton <jamie@FreeBSD.org> |
Linty stuff.
|
#
d8352076 |
|
17-Jun-2011 |
Jamie Gritton <jamie@FreeBSD.org> |
Update copyright dates and other whitespacey stuff.
|
#
3b40332c |
|
17-Jun-2011 |
Jamie Gritton <jamie@FreeBSD.org> |
Split run_command up into an outer function (next_command) that chooses a single command string to run, and an inner function (run_command) that runs that single string. Move the list of start/stop commands to run from a switch statement into an array, with a new placeholder parameter IP__OP for actually creating or removing the jail. When jail creation fails, revert all non-exec commands in reverse order.
|
#
2a194551 |
|
17-Jun-2011 |
Jamie Gritton <jamie@FreeBSD.org> |
Change cfstrings from an STAILQ into a TAILQ to allow commands to be traversed in reverse order.
|
#
52a49622 |
|
04-Nov-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Reads the mount.fstab file, and put its lines separately into the IP__MOUNT_FROM_FSTAB internal parameter.
|
#
e3c69673 |
|
01-Nov-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Combine check_intparams() and ip_params(), JF_CHECKINT and JF_IPPARAMS.
|
#
47fdec17 |
|
27-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Use a little more "ifdef INET6".
|
#
55530438 |
|
27-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Keep all internal/known parameter names in one place, and use enum constants everywhere else.
|
#
2671ee73 |
|
20-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
Initial work on the new jail(8). There are more features to add, and some cleaning up to do on existing features, but this is pretty much what the final product will look like.
|