From nobody Tue Nov 19 21:18:49 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XtHRY4v2yz5fSRV; Tue, 19 Nov 2024 21:18:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XtHRY244Cz4m8N; Tue, 19 Nov 2024 21:18:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732051129; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=loE8prmi8e+1oaSVE6eCR9WQ+pABnVojEVTCWuvzKmw=; b=amfRN8Kda28f48HnFTt58i0OcCz4vh9tmjy8bgeJC2PKXNOewgWrm0yHL0fHvFuy2Hdnik l9hVFspgQfS3tcOVsDbZSdwXEm9Ki5EUvhbWxFvJ+Ckidp8cy6bpK/NnxhLEonX53Ui9v0 GVRkwldwRhQ4YXuiaTmjHAfVYuFx4/EYRgURQKSvdiZ1wetXO/6t2VXmoApJ/i99Mrtb3Z cqE7C9EvAHV1pZF02Fj5WZiVQD7PT3MEBD4EyfphEvn0WsaGsxYdGw21RRMIgDUMRUoTfv OLzUvOiwh/W7t6x5XkCjxKe5gvPQ8EKFAhEUDEynPYSYDQe24gft9MSa8+FFKA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1732051129; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=loE8prmi8e+1oaSVE6eCR9WQ+pABnVojEVTCWuvzKmw=; b=jS9++AB58H/3+StOF5FlEOJtXgtJc5sPu7+kkokrrq/59G1qwb1EQ7dKjELJX/3Ztzhjj+ yYFEJHrBwTOaZ2FYPgIrC459RS3lVsz/awCa0wjd0i24hZNIpxL5AxtDGI42CdZXsih1Ue aQbk8oPq7NMchG1qNhl8aqgxRxph931M2fb3xtmY0qcvVj11EaB1dEXeXMwh+w81+D4rEv dxJjGIc71iTgLIEm24Sf59zncv4p1uLh/4ju/kT5Mo7rDtWU+Ko4fxPHtat34KNMSzRbBT y8iA1PkdHLpJAjs3szNAjb5stwehO55AQ29cIw5SWePs8edw4mApY2cIV75Viw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1732051129; a=rsa-sha256; cv=none; b=EPPwSeixjdpoxU0jbmG3zniyTkDaBHNcOOodr7wS2rarwPKoPQAXcVALp7rNQuMHoH78/C +rEsbxo1oQ0iWZdtlx1qxepSVqwxnEI0nINuNyF2ApIK5Rmhnef1W2Fvw8a0GYDoq7KSB9 ji/3p+qdvA06atXBWerjp5hpJfCKqwHrA/o/wGPFdIAFmsYOzCjZEYZuE1rNW6dAcNqnq3 /QT15BCPgmU0nxYuIucAK5Sdfz8GX7yKBYy+dOlu5ZyP/F4XwbQzNGBrFyzw9dcWW/XZUU WA9cfIwws9yinSCxFhMVkkROuDkcnJSVCDnUoWJH49cPnKYssTxsZf9VhuYmDQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XtHRY1g1qzR8H; Tue, 19 Nov 2024 21:18:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4AJLInUw093087; Tue, 19 Nov 2024 21:18:49 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4AJLInLm093084; Tue, 19 Nov 2024 21:18:49 GMT (envelope-from git) Date: Tue, 19 Nov 2024 21:18:49 GMT Message-Id: <202411192118.4AJLInLm093084@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mark Johnston Subject: git: 48c738b038ac - main - jail: Let a couple of parameter types be specified as lists List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: markj X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 48c738b038ac84f3334b20b9a0f56fa3d9b7f6d1 Auto-Submitted: auto-generated The branch main has been updated by markj: URL: https://cgit.FreeBSD.org/src/commit/?id=48c738b038ac84f3334b20b9a0f56fa3d9b7f6d1 commit 48c738b038ac84f3334b20b9a0f56fa3d9b7f6d1 Author: Mark Johnston AuthorDate: 2024-11-19 21:05:24 +0000 Commit: Mark Johnston CommitDate: 2024-11-19 21:05:24 +0000 jail: Let a couple of parameter types be specified as lists vnet.interface and zfs.dataset can be used to specify multiple interfaces/datasets in jail.conf, but not on the command-line, which is a bit surprising. Extend the handling of ip(4|6).addr to those parameters, update the description of vnet.interface in jail.8, and add a rudimentary regression test. Reviewed by: zlei, jamie MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D47651 --- usr.sbin/jail/jail.8 | 12 ++++++-- usr.sbin/jail/jail.c | 52 ++++++++++++++++++++++------------ usr.sbin/jail/tests/jail_basic_test.sh | 35 +++++++++++++++++++++-- 3 files changed, 75 insertions(+), 24 deletions(-) diff --git a/usr.sbin/jail/jail.8 b/usr.sbin/jail/jail.8 index 67f325d15a93..aa540a50a725 100644 --- a/usr.sbin/jail/jail.8 +++ b/usr.sbin/jail/jail.8 @@ -285,11 +285,17 @@ They can also be given the values and .Dq false . Other parameters may have more than one value, specified as a -comma-separated list or with +comma-separated list, or with .Dq += in the configuration file (see .Xr jail.conf 5 for details). +List-based parameters may also be specified multiple times on the command +line, i.e., +.Dq name=value1,value2 +and +.Dq name=value1 name=value2 +are equivalent for such parameters. .Pp The .Nm @@ -944,8 +950,8 @@ an interface, prefix and additional parameters (as supported by may also be specified, in the form .Dq Ar interface Ns | Ns Ar ip-address Ns / Ns Ar prefix param ... . .It Va vnet.interface -A network interface to give to a vnet-enabled jail after is it created. -The interface will automatically be released when the jail is removed. +A list of network interfaces to give to a vnet-enabled jail after is it created. +The interfaces will automatically be released when the jail is removed. .It Va zfs.dataset A list of ZFS datasets to be attached to the jail. This requires diff --git a/usr.sbin/jail/jail.c b/usr.sbin/jail/jail.c index 53e05870ff26..27769cc14958 100644 --- a/usr.sbin/jail/jail.c +++ b/usr.sbin/jail/jail.c @@ -146,6 +146,20 @@ static const enum intparam cleancommands[] = { IP__NULL }; +static const struct { + const char *name; + enum intparam param; +} listparams[] = { +#ifdef INET + { "ip4.addr", KP_IP4_ADDR }, +#endif +#ifdef INET6 + { "ip6.addr", KP_IP6_ADDR }, +#endif + { "vnet.interface", IP_VNET_INTERFACE }, + { "zfs.dataset", IP_ZFS_DATASET }, +}; + int main(int argc, char **argv) { @@ -330,6 +344,8 @@ main(int argc, char **argv) usage(); docf = 0; for (i = 0; i < argc; i++) { + size_t l; + if (!strncmp(argv[i], "command", 7) && (argv[i][7] == '\0' || argv[i][7] == '=')) { if (argv[i][7] == '=') @@ -338,32 +354,32 @@ main(int argc, char **argv) for (i++; i < argc; i++) add_param(NULL, NULL, IP_COMMAND, argv[i]); + continue; } -#ifdef INET - else if (!strncmp(argv[i], "ip4.addr=", 9)) { - for (cs = argv[i] + 9;; cs = ncs + 1) { - ncs = strchr(cs, ','); - if (ncs) - *ncs = '\0'; - add_param(NULL, NULL, KP_IP4_ADDR, cs); - if (!ncs) - break; - } - } -#endif -#ifdef INET6 - else if (!strncmp(argv[i], "ip6.addr=", 9)) { - for (cs = argv[i] + 9;; cs = ncs + 1) { + + /* + * Is this parameter a list? + */ + for (l = 0; l < nitems(listparams); l++) { + size_t len; + + len = strlen(listparams[l].name); + if (strncmp(argv[i], listparams[l].name, len) || + argv[i][len] != '=') + continue; + + for (cs = argv[i] + len + 1;; cs = ncs + 1) { ncs = strchr(cs, ','); if (ncs) *ncs = '\0'; - add_param(NULL, NULL, KP_IP6_ADDR, cs); + add_param(NULL, NULL, + listparams[l].param, cs); if (!ncs) break; } + break; } -#endif - else + if (l == nitems(listparams)) add_param(NULL, NULL, 0, argv[i]); } } else { diff --git a/usr.sbin/jail/tests/jail_basic_test.sh b/usr.sbin/jail/tests/jail_basic_test.sh index a907e713ab9a..5d67f42c2d56 100755 --- a/usr.sbin/jail/tests/jail_basic_test.sh +++ b/usr.sbin/jail/tests/jail_basic_test.sh @@ -25,9 +25,6 @@ # SUCH DAMAGE. atf_test_case "basic" "cleanup" -atf_test_case "nested" "cleanup" -atf_test_case "commands" "cleanup" - basic_head() { atf_set descr 'Basic jail test' @@ -58,6 +55,36 @@ basic_cleanup() jail -r basejail } +atf_test_case "list" "cleanup" +list_head() +{ + atf_set descr 'Specify some jail parameters as lists' + atf_set require.user root +} + +list_body() +{ + if [ "$(sysctl -qn kern.features.vimage)" -ne 1 ]; then + atf_skip "cannot create VNET jails" + fi + atf_check -o save:epair ifconfig epair create + + epair=$(cat epair) + atf_check jail -c name=basejail vnet persist vnet.interface=${epair},${epair%a}b + + atf_check -o ignore jexec basejail ifconfig ${epair} + atf_check -o ignore jexec basejail ifconfig ${epair%a}b +} + +list_cleanup() +{ + jail -r basejail + if [ -f epair ]; then + ifconfig $(cat epair) destroy + fi +} + +atf_test_case "nested" "cleanup" nested_head() { atf_set descr 'Hierarchical jails test' @@ -97,6 +124,7 @@ nested_cleanup() jail -r basejail_nochild } +atf_test_case "commands" "cleanup" commands_head() { atf_set descr 'Commands jail test' @@ -129,6 +157,7 @@ commands_cleanup() atf_init_test_cases() { atf_add_test_case "basic" + atf_add_test_case "list" atf_add_test_case "nested" atf_add_test_case "commands" }