2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2018 Kyle Evans <kevans@FreeBSD.org>
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
20 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
21 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
22 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
23 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 #include <sys/cdefs.h>
29 __FBSDID("$FreeBSD$");
31 #include <sys/param.h>
33 #include <sys/mount.h>
46 static void jailparam_grow(void);
47 static void jailparam_add(const char *name, const char *val);
48 static int jailparam_del(const char *name);
49 static bool jailparam_addarg(char *arg);
50 static int jailparam_delarg(char *arg);
52 static int bectl_search_jail_paths(const char *mnt);
53 static int bectl_locate_jail(const char *ident);
55 /* We'll start with 8 parameters initially and grow as needed. */
56 #define INIT_PARAMCOUNT 8
58 static struct jailparam *jp;
61 static char mnt_loc[BE_MAXPATHLEN];
68 jp = realloc(jp, jpcnt * sizeof(*jp));
74 jailparam_add(const char *name, const char *val)
78 for (i = 0; i < jpused; ++i) {
79 if (strcmp(name, jp[i].jp_name) == 0)
84 jailparam_free(&jp[i], 1);
85 else if (jpused == jpcnt)
86 /* The next slot isn't allocated yet */
89 if (jailparam_init(&jp[i], name) != 0)
91 if (jailparam_import(&jp[i], val) != 0)
97 jailparam_del(const char *name)
102 for (i = 0; i < jpused; ++i) {
103 if (strcmp(name, jp[i].jp_name) == 0)
110 for (; i < jpused - 1; ++i) {
111 val = jailparam_export(&jp[i + 1]);
113 jailparam_free(&jp[i], 1);
115 * Given the context, the following will really only fail if
116 * they can't allocate the copy of the name or value.
118 if (jailparam_init(&jp[i], jp[i + 1].jp_name) != 0) {
122 if (jailparam_import(&jp[i], val) != 0) {
123 jailparam_free(&jp[i], 1);
130 jailparam_free(&jp[i], 1);
136 jailparam_addarg(char *arg)
143 if ((val = strchr(arg, '=')) == NULL) {
144 fprintf(stderr, "bectl jail: malformed jail option '%s'\n",
150 if (strcmp(name, "path") == 0) {
151 if (strlen(val) >= BE_MAXPATHLEN) {
153 "bectl jail: skipping too long path assignment '%s' (max length = %d)\n",
157 strlcpy(mnt_loc, val, sizeof(mnt_loc));
159 jailparam_add(name, val);
164 jailparam_delarg(char *arg)
171 if ((val = strchr(name, '=')) != NULL)
174 if (strcmp(name, "path") == 0)
176 return (jailparam_del(name));
180 bectl_cmd_jail(int argc, char *argv[])
182 char *bootenv, *mountpoint;
183 int jid, mntflags, opt, ret;
184 bool default_hostname, interactive, unjail;
187 /* XXX TODO: Allow shallow */
188 mntflags = BE_MNT_DEEP;
189 default_hostname = interactive = unjail = true;
190 jpcnt = INIT_PARAMCOUNT;
191 jp = malloc(jpcnt * sizeof(*jp));
195 jailparam_add("persist", "true");
196 jailparam_add("allow.mount", "true");
197 jailparam_add("allow.mount.devfs", "true");
198 jailparam_add("enforce_statfs", "1");
200 while ((opt = getopt(argc, argv, "bo:Uu:")) != -1) {
206 if (jailparam_addarg(optarg)) {
208 * optarg has been modified to null terminate
209 * at the assignment operator.
211 if (strcmp(optarg, "host.hostname") == 0)
212 default_hostname = false;
219 if ((ret = jailparam_delarg(optarg)) == 0) {
220 if (strcmp(optarg, "host.hostname") == 0)
221 default_hostname = true;
222 } else if (ret != ENOENT) {
224 "bectl jail: error unsetting \"%s\"\n",
230 fprintf(stderr, "bectl jail: unknown option '-%c'\n",
232 return (usage(false));
239 /* struct jail be_jail = { 0 }; */
241 fprintf(stderr, "bectl jail: missing boot environment name\n");
242 return (usage(false));
248 * XXX TODO: if its already mounted, perhaps there should be a flag to
249 * indicate its okay to proceed??
251 if (*mnt_loc == '\0')
254 mountpoint = mnt_loc;
255 if (be_mount(be, bootenv, mountpoint, mntflags, mnt_loc) != BE_ERR_SUCCESS) {
256 fprintf(stderr, "could not mount bootenv\n");
260 if (default_hostname)
261 jailparam_add("host.hostname", bootenv);
264 * This is our indicator that path was not set by the user, so we'll use
265 * the path that libbe generated for us.
267 if (mountpoint == NULL)
268 jailparam_add("path", mnt_loc);
269 /* Create the jail for now, attach later as-needed */
270 jid = jailparam_set(jp, jpused, JAIL_CREATE);
272 fprintf(stderr, "unable to create jail. error: %d\n", errno);
276 jailparam_free(jp, jpused);
279 /* We're not interactive, nothing more to do here. */
290 /* We're attached within the jail... good bye! */
293 execve(argv[1], &argv[1], NULL);
295 execl("/bin/sh", "/bin/sh", NULL);
296 fprintf(stderr, "bectl jail: failed to execute %s\n",
297 (argc > 1 ? argv[1] : "/bin/sh"));
300 /* Wait for the child to get back, see if we need to unjail */
301 waitpid(pid, NULL, 0);
306 be_unmount(be, bootenv, 0);
313 bectl_search_jail_paths(const char *mnt)
317 char jailpath[MAXPATHLEN];
319 /* jail_getv expects name/value strings */
320 snprintf(lastjid, sizeof(lastjid), "%d", 0);
323 while ((jid = jail_getv(0, "lastjid", lastjid, "path", &jailpath,
326 /* the jail we've been looking for */
327 if (strcmp(jailpath, mnt) == 0)
330 /* update lastjid and keep on looking */
331 snprintf(lastjid, sizeof(lastjid), "%d", jid);
338 * Locate a jail based on an arbitrary identifier. This may be either a name,
339 * a jid, or a BE name. Returns the jid or -1 on failure.
342 bectl_locate_jail(const char *ident)
344 nvlist_t *belist, *props;
348 /* Try the easy-match first */
349 jid = jail_getid(ident);
353 /* Attempt to try it as a BE name, first */
354 if (be_prop_list_alloc(&belist) != 0)
357 if (be_get_bootenv_props(be, belist) != 0)
360 if (nvlist_lookup_nvlist(belist, ident, &props) == 0) {
362 /* path where a boot environment is mounted */
363 if (nvlist_lookup_string(props, "mounted", &mnt) == 0) {
365 /* looking for a jail that matches our bootenv path */
366 jid = bectl_search_jail_paths(mnt);
367 be_prop_list_free(belist);
371 be_prop_list_free(belist);
378 bectl_cmd_unjail(int argc, char *argv[])
380 char path[MAXPATHLEN];
381 char *cmd, *name, *target;
384 /* Store alias used */
388 fprintf(stderr, "bectl %s: wrong number of arguments\n", cmd);
389 return (usage(false));
394 /* Locate the jail */
395 if ((jid = bectl_locate_jail(target)) == -1) {
396 fprintf(stderr, "bectl %s: failed to locate BE by '%s'\n", cmd,
401 bzero(&path, MAXPATHLEN);
402 name = jail_getname(jid);
403 if (jail_getv(0, "name", name, "path", path, NULL) != jid) {
406 "bectl %s: failed to get path for jail requested by '%s'\n",
413 if (be_mounted_at(be, path, NULL) != 0) {
414 fprintf(stderr, "bectl %s: jail requested by '%s' not a BE\n",
420 be_unmount(be, target, 0);