From nobody Sun Jun 04 00:46:25 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QYdN167HNz4ZJts; Sun, 4 Jun 2023 00:46:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QYdN154rJz3KMl; Sun, 4 Jun 2023 00:46:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685839585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2Doa2M+3KMSMyx9FDan6WJh6lcD3rLUJN2e9IE6pB3A=; b=ZGCBI4hqooFkoOHLOVR/HD2+7shw4pz7Nq6z2ksJ9i4PThrkLPRpaYRJTYEN9DqbDDlsfC PC/LGUTxHAW9of/U5U1UUcoyuxn0ZHb6niqbe1X0QRA0kgUZv3CwF57JXhhcYoyjsYMf+v 9qVm67KxcIcMhG4fPH6QQk+JyMt1nUbL5zHcFN61GkNM5TWqwEMR1HwoEV2/uLzELWbadi xxlYSwWmNZUITn1Z0mjdWQ/udaSMiWia6tbUD5GylGvMowQBPy1R+qvmQQsPMN82MgUfe/ J54ZgXOE7dcluSEFKqmkM8ybvI6u5EeoLXWNSGFEQ7WYGCMQOmNGahRZfx6oVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1685839585; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=2Doa2M+3KMSMyx9FDan6WJh6lcD3rLUJN2e9IE6pB3A=; b=WOp0NlnAndQJIzdugAbxc4XJlzT4rPmVfyt+OsaFdVouLdu8WNK+TMC3i6DZUNEVVK4cMY BMylUR+3XXCGZ5QCJQnsu2Q6Iyc8czO/u3UG979OuseMbjZgq1ycI0GGR/MljozrQPzAkU nsnUzCalwUZ5WT2JwWgSUIdILxvKEoozf5zWD4MkLga4uxYttuAP68mXhiftDsosr1q7vN zKiiH5WyG6tkbr90pWJS3zkzLYm07r9L9jxB437+fTZ9hqyPnrf/FI3dTt5PLT7kkrfvBt EFStkHvH2dcETKzhcqIsXZmflLgKAEe55kr/4VecI9w1/XIfA8X1bKra2DEsWA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1685839585; a=rsa-sha256; cv=none; b=n/aEsHLVOyWMJEXqiB2pvQn6oB7ohbOQfMqqVv/RLIQMrHFpi5hE6BWA8P2S0OAfn6+nSU 4+8m1efEdLfxyjalLjaZYwoe2WlxwfTdE5fyhrLwcHA726P6pV3jCS7skNglrx4brYPL+X 9utoH2HVxXMzA4Npdaj+rrtoe96qHW206thYkQoSPGs/Z2lEzPSI3L+BA17IyONfai/oPU YOYwmb2pczAEJXN3dU1svP+12eYFUBI7Y7OLB/3OUvNT1guTCj3TbCLaQ2ZR+NnAgB7EOK G6oCcM4Y2aeW3RVE95KnUVGLmjixJh0RzebWPD2/qD6haiBn6Q+6cFtL384esg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QYdN1400rzmmk; Sun, 4 Jun 2023 00:46:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3540kPwG077838; Sun, 4 Jun 2023 00:46:25 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3540kPit077837; Sun, 4 Jun 2023 00:46:25 GMT (envelope-from git) Date: Sun, 4 Jun 2023 00:46:25 GMT Message-Id: <202306040046.3540kPit077837@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jamie Gritton Subject: git: 097db30a8e03 - main - jail: Allow nested jail definitions. List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jamie X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 097db30a8e0310ac28075787fb92ea40dad8b27b Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jamie: URL: https://cgit.FreeBSD.org/src/commit/?id=097db30a8e0310ac28075787fb92ea40dad8b27b commit 097db30a8e0310ac28075787fb92ea40dad8b27b Author: Jamie Gritton AuthorDate: 2023-06-04 00:45:54 +0000 Commit: Jamie Gritton CommitDate: 2023-06-04 00:45:54 +0000 jail: Allow nested jail definitions. Make the jail.conf specification recursive, with jail definitions allowed within a jail's parameter list, just as they are allowed at the top level. Such inner jails are part of the outer jail's hierarchy, as if they were specified with hierarchical names. --- usr.sbin/jail/jailp.h | 1 + usr.sbin/jail/jailparse.y | 65 +++++++++++++++++++++++++---------------------- 2 files changed, 36 insertions(+), 30 deletions(-) diff --git a/usr.sbin/jail/jailp.h b/usr.sbin/jail/jailp.h index 00865185fbd1..0325c2a101a4 100644 --- a/usr.sbin/jail/jailp.h +++ b/usr.sbin/jail/jailp.h @@ -176,6 +176,7 @@ struct cfjail { struct cfparams params; struct cfdepends dep[2]; struct cfjails *queue; + struct cfjail *cfparent; struct cfparam *intparams[IP_NPARAM]; struct cfstring *comstring; struct jailparam *jp; diff --git a/usr.sbin/jail/jailparse.y b/usr.sbin/jail/jailparse.y index 9426444f0d09..44e2aacb457e 100644 --- a/usr.sbin/jail/jailparse.y +++ b/usr.sbin/jail/jailparse.y @@ -38,11 +38,12 @@ __FBSDID("$FreeBSD$"); #ifdef DEBUG #define YYDEBUG 1 #endif + +static struct cfjail *current_jail; +static struct cfjail *global_jail; %} %union { - struct cfjail *j; - struct cfparams *pp; struct cfparam *p; struct cfstrings *ss; struct cfstring *s; @@ -52,8 +53,6 @@ __FBSDID("$FreeBSD$"); %token PLEQ %token STR STR1 VAR VAR1 -%type jail -%type param_l %type

param name %type value %type string @@ -61,46 +60,54 @@ __FBSDID("$FreeBSD$"); %% /* - * A config file is a series of jails (containing parameters) and jail-less - * parameters which really belong to a global pseudo-jail. + * A config file is a list of jails and parameters. Parameters are + * added to the current jail, otherwise to a global pesudo-jail. */ conf : - ; | conf jail - ; | conf param ';' { - struct cfjail *j; + struct cfjail *j = current_jail; - j = TAILQ_LAST(&cfjails, cfjails); - if (!j || strcmp(j->name, "*")) { - j = add_jail(); - j->name = estrdup("*"); + if (j == NULL) { + if (global_jail == NULL) { + global_jail = add_jail(); + global_jail->name = estrdup("*"); + } + j = global_jail; } TAILQ_INSERT_TAIL(&j->params, $2, tq); } | conf ';' + ; -jail : STR '{' param_l '}' +jail : jail_name '{' conf '}' { - $$ = add_jail(); - $$->name = $1; - TAILQ_CONCAT(&$$->params, $3, tq); - free($3); + current_jail = current_jail->cfparent; } ; -param_l : - { - $$ = emalloc(sizeof(struct cfparams)); - TAILQ_INIT($$); - } - | param_l param ';' - { - $$ = $1; - TAILQ_INSERT_TAIL($$, $2, tq); +jail_name : STR + { + struct cfjail *j = add_jail(); + + if (current_jail == NULL) + j->name = $1; + else { + /* + * A nested jail definition becomes + * a hierarchically-named sub-jail. + */ + size_t parentlen = strlen(current_jail->name); + j->name = emalloc(parentlen + strlen($1) + 2); + strcpy(j->name, current_jail->name); + j->name[parentlen++] = '.'; + strcpy(j->name + parentlen, $1); + free($1); + } + j->cfparent = current_jail; + current_jail = j; } - | param_l ';' ; /* @@ -131,8 +138,6 @@ param : name free($2); } | error - { - } ; /*