git: 3af770071046 - stable/13 - ifconfig(8): Teach ifconfig to attach and run itself in a jail

From: Doug Rabson <dfr_at_FreeBSD.org>
Date: Wed, 16 Aug 2023 12:32:13 UTC 
The branch stable/13 has been updated by dfr:

URL: https://cgit.FreeBSD.org/src/commit/?id=3af7700710466b330e54307ff5bc5ea6bb91fec4

commit 3af7700710466b330e54307ff5bc5ea6bb91fec4
Author:     Yan Ka Chiu <nyan@myuji.xyz>
AuthorDate: 2023-05-23 20:39:22 +0000
Commit:     Doug Rabson <dfr@FreeBSD.org>
CommitDate: 2023-08-16 12:25:57 +0000

    ifconfig(8): Teach ifconfig to attach and run itself in a jail
    
    Add -j <jail> flag to ifconfig to allow ifconfig to attach and run inside a
    jail. This allow parent to configure network interfaces of its children
    even if ifconfig is not available in child's tree (e.g. Linux Jails)
    
    Reviewed by:    emaste, khng, melifaro
    Event:          Kitchener-Waterloo Hackathon 202305
    MFC after:      1 week
    Differential Revision:  https://reviews.freebsd.org/D40213
    
    (cherry picked from commit 7e49aa86a2824e76e9d9becf61db12066bc0d79d)
---
 sbin/ifconfig/ifconfig.8 | 22 ++++++++++++++++++++++
 sbin/ifconfig/ifconfig.c | 40 ++++++++++++++++++++++++++++++++++------
 2 files changed, 56 insertions(+), 6 deletions(-)

diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8
index e7d41da45bec..651d64fb31df 100644
--- a/sbin/ifconfig/ifconfig.8
+++ b/sbin/ifconfig/ifconfig.8
@@ -36,6 +36,7 @@
 .Nd configure network interface parameters
 .Sh SYNOPSIS
 .Nm
+.Op Fl j Ar jail
 .Op Fl kLmn
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Ar interface
@@ -49,9 +50,11 @@
 .Oc
 .Op Ar parameters
 .Nm
+.Op Fl j Ar jail
 .Ar interface
 .Cm destroy
 .Nm
+.Op Fl j Ar jail
 .Fl a
 .Op Fl dkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
@@ -61,13 +64,16 @@
 .Nm
 .Fl C
 .Nm
+.Op Fl j Ar jail
 .Fl g Ar groupname
 .Nm
+.Op Fl j Ar jail
 .Fl l
 .Op Fl du
 .Op Fl g Ar groupname
 .Op Ar address_family
 .Nm
+.Op Fl j Ar jail
 .Op Fl dkLmuv
 .Op Fl f Ar type Ns Cm \&: Ns Ar format
 .Sh DESCRIPTION
@@ -233,6 +239,22 @@ Setting
 to
 .Cm all
 selects all interfaces.
+.It Fl j Ar jail
+Perform the actions inside the
+.Ar jail .
+.Pp
+The
+.Cm ifconfig
+will first attach to the
+.Ar jail
+(by jail id or jail name) before performing the effects.
+.Pp
+This allow network interfaces of
+.Ar jail
+to be configured even if the
+.Cm ifconfig
+binary is not available in
+.Ar jail .
 .It Fl k
 Print keying information for the
 .Ar interface ,
diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c
index 6deeebba9f01..f93a97572a78 100644
--- a/sbin/ifconfig/ifconfig.c
+++ b/sbin/ifconfig/ifconfig.c
@@ -42,6 +42,9 @@ static const char rcsid[] =
 
 #include <sys/param.h>
 #include <sys/ioctl.h>
+#ifdef JAIL
+#include <sys/jail.h>
+#endif
 #include <sys/module.h>
 #include <sys/linker.h>
 #include <sys/queue.h>
@@ -189,12 +192,12 @@ usage(void)
 	}
 
 	fprintf(stderr,
-	"usage: ifconfig [-f type:format] %sinterface address_family\n"
+	"usage: ifconfig [-j jail] [-f type:format] %sinterface address_family\n"
 	"                [address [dest_address]] [parameters]\n"
-	"       ifconfig interface create\n"
-	"       ifconfig -a %s[-d] [-m] [-u] [-v] [address_family]\n"
-	"       ifconfig -l [-d] [-u] [address_family]\n"
-	"       ifconfig %s[-d] [-m] [-u] [-v]\n",
+	"       ifconfig [-j jail] interface create\n"
+	"       ifconfig [-j jail] -a %s[-d] [-m] [-u] [-v] [address_family]\n"
+	"       ifconfig [-j jail] -l [-d] [-u] [address_family]\n"
+	"       ifconfig [-j jail] %s[-d] [-m] [-u] [-v]\n",
 		options, options, options);
 	exit(1);
 }
@@ -412,12 +415,18 @@ main(int argc, char *argv[])
 	struct ifreq paifr;
 	const struct sockaddr_dl *sdl;
 	char options[1024], *cp, *envformat, *namecp = NULL;
+#ifdef JAIL
+	char *jail_name = NULL;
+#endif
 	struct ifa_queue q = TAILQ_HEAD_INITIALIZER(q);
 	struct ifa_order_elt *cur, *tmp;
 	const char *ifname, *matchgroup, *nogroup;
 	struct option *p;
 	size_t iflen;
 	int flags;
+#ifdef JAIL
+        int jid;
+#endif
 
 	all = downonly = uponly = namesonly = noload = verbose = 0;
 	f_inet = f_inet6 = f_ether = f_addr = NULL;
@@ -438,7 +447,7 @@ main(int argc, char *argv[])
 	atexit(printifnamemaybe);
 
 	/* Parse leading line options */
-	strlcpy(options, "G:adf:klmnuv", sizeof(options));
+	strlcpy(options, "G:adf:j:klmnuv", sizeof(options));
 	for (p = opts; p != NULL; p = p->next)
 		strlcat(options, p->opt, sizeof(options));
 	while ((c = getopt(argc, argv, options)) != -1) {
@@ -459,6 +468,15 @@ main(int argc, char *argv[])
 				usage();
 			nogroup = optarg;
 			break;
+		case 'j':
+#ifdef JAIL
+			if (optarg == NULL)
+				usage();
+			jail_name = optarg;
+#else
+			Perror("not built with jail support");
+#endif
+			break;
 		case 'k':
 			printkeys++;
 			break;
@@ -511,6 +529,16 @@ main(int argc, char *argv[])
 	if (!namesonly && argc < 1)
 		all = 1;
 
+#ifdef JAIL
+	if (jail_name) {
+		jid = jail_getid(jail_name);
+		if (jid == -1)
+			Perror("jail not found");
+		if (jail_attach(jid) != 0)
+			Perror("cannot attach to jail");
+	}
+#endif
+
 	/* -a and -l allow an address family arg to limit the output */
 	if (all || namesonly) {
 		if (argc > 1)